Nick could you add some more info to this bz wrt our discussion, you mentioned this potentially could be a bug with ssg. 

Basically this is a knock on affect from the previous scap bug fix #1493193

Right, so we use the remediation scripts provided by the scap-security-guide package to fix the failed rules.

So, we are running the remediation for this rule, but then a subsequent check for the rule still lists it as failed.

Investigating the files that the rule is checking seems to show that the rule was, indeed, fixed.

These things together seem to indicate some issue with the checker rather than our code around fixing the particular rule.

I will try to find some time to reproduce this in a more targeted way and open a bug against scap-security-guide for this particular failure.

This is an issue with a convenience script provided to check the scap rules, not the product itself.

As such I'm removing the regression keyword and blocker flag.

Nick, this sounds like a problem with the scap package itself, can you reach out to that team and find out if its already written.

Luke, is this still and issue for us?

Yes so on 5.9.0.16 the checker script still says that this rule has failed to be applied even though I can see the rules are applied correctly to the relevant files.

I'm going to close this as not a bug as the feature is working correctly, but the tool we're using to run tests is at fault.

If this continues to be an issue, please open a bug with the OpenScap team and see if they can help.