Bug 2218880

Summary: xccdf_org.ssgproject.content_rule_service_rngd_enabled broken remediation rule
Product: [Fedora] Fedora Reporter: Sandro Bonazzola <sbonazzo>
Component: scap-security-guideAssignee: Watson Yuuma Sato <wsato>
Status: NEW --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 39CC: evgenyz, jcerny, maburgha, matyc, mburket, mlysonek, mmarhefk, pvrabec, vpolasek, wsato
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sandro Bonazzola 2023-06-30 11:44:55 UTC 
Benchmark URL	#scap_org.open-scap_comp_ssg-fedora-xccdf.xml
Benchmark ID	xccdf_org.ssgproject.content_benchmark_FEDORA
Benchmark version	0.1.68
Profile ID	xccdf_org.ssgproject.content_profile_ospp
Test system	cpe:/a:redhat:openscap:1.3.8

xccdf_org.ssgproject.content_rule_service_rngd_enabled tries to enable and start rngd service without installing rng-tools if missing.

Remediation shell script shows:
```bash
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" unmask 'rngd.service'
"$SYSTEMCTL_EXEC" start 'rngd.service'
"$SYSTEMCTL_EXEC" enable 'rngd.service'

else
    >&2 echo 'Remediation is not applicable, nothing was done'
fi
```

and it fails as `rngd.service` is missing. This is solvable by installing `rng-tools` package before enabling the service.
I think this package installation should be part of the remediation.



Reproducible: Always

Steps to Reproduce:
1. ensure rng-tools is not installed
2. Run scap with `OSPP - Protection Profile for General Purpose Operating Systems` profile
3. Try to remediate xccdf_org.ssgproject.content_rule_service_rngd_enabled rule
Actual Results:  
Remediation fails due to missing rng-tools package

Expected Results:  
Remediation succeed.
Comment 1 Fedora Release Engineering 2023-08-16 08:11:38 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora Linux 39 development cycle.
Changing version to 39.