Description of problem:
>> Default RHEL 7 scap policy not working as expected.
>> Set Boot Loader Password for a host is not working as expected.
Shows as Items found violating "/boot/grub2/grub.cfg does not exists"
But the file seems to be present and with correct permissions.
Version-Release number of selected component (if applicable):
>> Create a new scap policy with profile:C2S for Red Hat Enterprise Linux 7.
Steps to Reproduce:
1.Create a new policy.
2.Assign to the host.
3.Run the compliance report.
>> It shows risk of high severity "xccdf_org.ssgproject.content".
It should not show the severity as the bootloader password is set.
Created attachment 1423971 [details]
Thank you for reporting this, however this is not a problem with Sat6 but rather how openscap evaluates the given rule. Therefore I will move this to a different component.
*** Bug 1576874 has been marked as a duplicate of this bug. ***
I see in SOS report that "superusers" in /boot/grub2/grub.cf is set to "root", and although Rule "bootloader_password" recommends to not use common names as superuser (i.e. root, admin, administrator), it is actually required that they are not root, nor admin nor administrator.
Please, try to set a different superuser account name, and scan again.
I'm closing this, if the problem persists, please reopen.