root_path_integrity triggers on missing directories, not just writable ones

[mikerenfro]

In manifests/rules/ensure_root_path_integrity.pp, the notify is triggered if the root_path.sh script returns any output.

Warning: /Stage[main]/Secure_linux_cis::Rules::Ensure_root_path_integrity/Notify[rp]/message: defined 'message' as 'Not in compliance with CIS  (Scored). There is a "." or other writable directory in the root executable path. Check the root_path fact for details'

# facter -p root_path
/root/bin is not a directory

It possibly should only trigger for writable paths, and not for missing paths. I'm pretty sure that the default settings on RHEL 7 include /root/bin in root's default path, but there's no /root/bin folder created.

[bjvrielink]

On older versions of the CIS-CAT Pro Assessor, this check was implemented without a separate script. I think a side effect of 'Root Path Directories Are Owned By UID 0 And Not Writable By Group Or Other' sub-check was that it also failed on non-existing directories.

Somewhere between versions 4.0.12 and 4.0.18 this check was changed to a separate script, sce/root_path.sh, which does not fail when a PATH component does not exist.

Given this change, I agree that this module should not fail on non-existing directories in $PATH.