Description of problem:
the following rules is still failing:
Version-Release number of selected component (if applicable):
# rpm -qa | grep -i scap-security-guide
Steps to Reproduce:
1. install fresh RHEL7.6 machine
2. perform profile based remediations.
2. rules listed in description are still failing after remediation
2. rules listed in description are passing after remediation
The rule in question is a permanent finding and we cannot fix it now.
Currently Red Hat doesn't provide signed repository metadata.
Upstream issue: https://github.com/ComplianceAsCode/content/issues/1596
There is ongoing work on Satellite 6, if you are interested on functionality to sign the repositories it serves, follow: