Check for two nameservers [+Docs]

This patch adds tasks to verify that two or more nameservers
are configured on each server in `/etc/resolv.conf`. If not,
a warning is printed in a debug message.

Documentation is included.

Implements: blueprint security-rhel7-stig
Change-Id: I60a75be3fb3af031464f9a9defe8b2434dad7f56

doc/metadata/rhel7/RHEL-07-040320.rst

@@ -1,7 +1,8 @@
 ---
 id: RHEL-07-040320
-status: not implemented
+status: implemented
 tag: misc
 ---
 
-This STIG requirement is not yet implemented.
+If a server has fewer than two nameservers configured in ``/etc/resolv.conf``,
+a warning is printed in the Ansible output.

tasks/rhel7stig/misc.yml

@@ -170,3 +170,28 @@
     - medium
     - misc
     - RHEL-07-040250
+
+# Linting checks need to be skipped because this command doesn't create any
+# files.
+- name: Count nameserver entries in /etc/resolv.conf
+  command: grep nameserver /etc/resolv.conf
+  register: nameserver_check
+  check_mode: no
+  changed_when: False
+  failed_when: False
+  tags:
+    - always
+    - skip_ansible_lint
+
+- name: RHEL-07-040320 - For systems using DNS resolution, at least two name servers must be configured.
+  debug:
+    msg: |
+      Two or more nameservers must be configured in /etc/resolv.conf.
+      Nameservers found: {{ nameserver_check.stdout_lines | length }}
+  when:
+    - nameserver_check is defined
+    - nameserver_check.stdout_lines | length < 2
+  tags:
+    - low
+    - misc
+    - RHEL-07-040320