Description of problem:
When scanning empty filesystem [via oscap-chroot utility], there is 54 rules passing. Even though these rules are usually checking existence of something inappropriate, and thus are successful in not finding it, I would like to make sure these rules does not contain holes.

Version-Release number of selected component (if applicable):
scap-security-guide-0.1.30-3.el7.noarch

How reproducible:
reliably

Steps to Reproduce:
1. mkdir ./empty_dir
2. oscap-chroot ./empty_dir oval eval /usr/share/xml/scap/ssg/content/ssg-rhel7-oval.xml
3. see output

Actual results:
Rules passing:
Definition oval:ssg-wireless_disable_interfaces:def:1: true
Definition oval:ssg-use_kerberos_security_all_exports:def:1: true
Definition oval:ssg-sysctl_kernel_exec_shield:def:1: true
Definition oval:ssg-sudo_remove_nopasswd:def:1: true
Definition oval:ssg-sudo_remove_no_authenticate:def:1: true
Definition oval:ssg-sshd_disable_rhosts:def:1: true
Definition oval:ssg-snmpd_use_newer_protocol:def:1: true
Definition oval:ssg-snmpd_not_default_password:def:1: true
Definition oval:ssg-service_telnet_disabled:def:1: true
Definition oval:ssg-securetty_root_login_console_only:def:1: true
Definition oval:ssg-rsyslog_nolisten:def:1: true
Definition oval:ssg-restrict_serial_port_logins:def:1: true
Definition oval:ssg-no_rsh_trust_files:def:1: true
Definition oval:ssg-no_netrc_files:def:1: true
Definition oval:ssg-no_insecure_locks_exports:def:1: true
Definition oval:ssg-no_files_unowned_by_user:def:1: true
Definition oval:ssg-no_empty_passwords:def:1: true
Definition oval:ssg-network_ipv6_disable_rpc:def:1: true
Definition oval:ssg-network_disable_ddns_interfaces:def:1: true
Definition oval:ssg-mount_option_smb_client_signing:def:1: true
Definition oval:ssg-mount_option_nosuid_removable_partitions:def:1: true
Definition oval:ssg-mount_option_nosuid_remote_filesystems:def:1: true
Definition oval:ssg-mount_option_noexec_removable_partitions:def:1: true
Definition oval:ssg-mount_option_nodev_removable_partitions:def:1: true
Definition oval:ssg-mount_option_nodev_remote_filesystems:def:1: true
Definition oval:ssg-mount_option_krb_sec_remote_filesystems:def:1: true
Definition oval:ssg-installed_OS_is_sl7:def:1: true
Definition oval:ssg-installed_OS_is_sl6:def:1: true
Definition oval:ssg-installed_OS_is_rhel7:def:1: true
Definition oval:ssg-installed_OS_is_rhel6:def:1: true
Definition oval:ssg-installed_OS_is_centos7:def:1: true
Definition oval:ssg-installed_OS_is_centos6:def:1: true
Definition oval:ssg-firewalld_sshd_disabled:def:1: true
Definition oval:ssg-file_permissions_var_log_audit:def:1: true
Definition oval:ssg-file_permissions_ungroupowned:def:1: true
Definition oval:ssg-file_permissions_unauthorized_world_writable:def:1: true
Definition oval:ssg-file_permissions_unauthorized_suid:def:1: true
Definition oval:ssg-file_permissions_unauthorized_sgid:def:1: true
Definition oval:ssg-file_permissions_library_dirs:def:1: true
Definition oval:ssg-file_permissions_home_dirs:def:1: true
Definition oval:ssg-file_permissions_binary_dirs:def:1: true
Definition oval:ssg-file_ownership_var_log_audit:def:1: true
Definition oval:ssg-file_ownership_library_dirs:def:1: true
Definition oval:ssg-file_ownership_binary_dirs:def:1: true
Definition oval:ssg-ensure_redhat_gpgkey_installed:def:1: true
Definition oval:ssg-ensure_gpgcheck_never_disabled:def:1: true
Definition oval:ssg-enable_selinux_bootloader:def:1: true
Definition oval:ssg-disable_host_auth:def:1: true
Definition oval:ssg-dir_perms_world_writable_system_owned:def:1: true
Definition oval:ssg-dir_perms_world_writable_sticky_bits:def:1: true
Definition oval:ssg-bootloader_uefi_password:def:1: true
Definition oval:ssg-bootloader_password:def:1: true
Definition oval:ssg-accounts_root_path_dirs_no_write:def:1: true
Definition oval:ssg-accounts_no_uid_except_zero:def:1: true


Expected results:
Only obvious rules are true, rest is not applicable

Additional info: