Bug 1662182 - xccdf_org.ssgproject.content_rule_ensure_gpgcheck_repo_metadata after applying remediation scripts.
Summary: xccdf_org.ssgproject.content_rule_ensure_gpgcheck_repo_metadata after applyin...
Keywords:
Status: CLOSED CANTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: scap-security-guide
Version: 7.6
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: rc
: ---
Assignee: Watson Yuuma Sato
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-12-26 19:43 UTC by Jaskaran Singh Narula
Modified: 2019-01-08 12:23 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-01-08 12:23:21 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Jaskaran Singh Narula 2018-12-26 19:43:29 UTC
Description of problem:
In RHEL7.6,

the following rules is still failing:
xccdf_org.ssgproject.content_rule_ensure_gpgcheck_repo_metadata (Fails) 

Version-Release number of selected component (if applicable):
# rpm -qa | grep -i scap-security-guide
scap-security-guide-0.1.40-12.el7.noarch

How reproducible:
reliably

Steps to Reproduce:
1. install fresh RHEL7.6 machine
2. perform profile based remediations. 



Actual results:
2. rules listed  in description are still failing after remediation

Expected results:
2. rules listed in description are passing after remediation



Additional info:

Comment 2 Watson Yuuma Sato 2019-01-08 12:23:21 UTC
Hello Jaskaran,

The rule in question is a permanent finding and we cannot fix it now.
Currently Red Hat doesn't provide signed repository metadata.
Upstream issue: https://github.com/ComplianceAsCode/content/issues/1596

There is ongoing work on Satellite 6, if you are interested on functionality to sign the repositories it serves, follow:
    https://bugzilla.redhat.com/show_bug.cgi?id=1410638


Note You need to log in before you can comment on or make changes to this bug.