Hide Forgot
Description of problem: In RHEL7.6, the following rules is still failing: xccdf_org.ssgproject.content_rule_ensure_gpgcheck_repo_metadata (Fails) Version-Release number of selected component (if applicable): # rpm -qa | grep -i scap-security-guide scap-security-guide-0.1.40-12.el7.noarch How reproducible: reliably Steps to Reproduce: 1. install fresh RHEL7.6 machine 2. perform profile based remediations. Actual results: 2. rules listed in description are still failing after remediation Expected results: 2. rules listed in description are passing after remediation Additional info:
Hello Jaskaran, The rule in question is a permanent finding and we cannot fix it now. Currently Red Hat doesn't provide signed repository metadata. Upstream issue: https://github.com/ComplianceAsCode/content/issues/1596 There is ongoing work on Satellite 6, if you are interested on functionality to sign the repositories it serves, follow: https://bugzilla.redhat.com/show_bug.cgi?id=1410638