Description of problem: When remediating with C2S or DISA STIG the xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands rule will not properly recognize the remediation. During a scan it will still show as vulnerable even after the remediation script is run. Version-Release number of selected component (if applicable): openscap-1.2.17-2.el7.x86_64 openscap-scanner-1.2.17-2.el7.x86_64 scap-security-guide-0.1.40-12.el7.noarch How reproducible: Always Steps to Reproduce: 1. Remediate/scan a system using openscap with C2S or DISA STIG Actual results: System shows fail for xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands even after running the remediation script Expected results: System will properly recognize that the audit rules were implemented by the STIG xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands Additional info:
This could actually be caused by the rule order in the benchmark. If any package with privileged command is installed after xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands will fail.
The fix affecting mentioned profiles is upstream at https://github.com/ComplianceAsCode/content/pull/5569
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:3909