Benchmark URL #scap_org.open-scap_comp_ssg-fedora-xccdf.xml Benchmark ID xccdf_org.ssgproject.content_benchmark_FEDORA Benchmark version 0.1.68 Profile ID xccdf_org.ssgproject.content_profile_ospp Test system cpe:/a:redhat:openscap:1.3.8 xccdf_org.ssgproject.content_rule_service_rngd_enabled tries to enable and start rngd service without installing rng-tools if missing. Remediation shell script shows: ```bash # Remediation is applicable only in certain platforms if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then SYSTEMCTL_EXEC='/usr/bin/systemctl' "$SYSTEMCTL_EXEC" unmask 'rngd.service' "$SYSTEMCTL_EXEC" start 'rngd.service' "$SYSTEMCTL_EXEC" enable 'rngd.service' else >&2 echo 'Remediation is not applicable, nothing was done' fi ``` and it fails as `rngd.service` is missing. This is solvable by installing `rng-tools` package before enabling the service. I think this package installation should be part of the remediation. Reproducible: Always Steps to Reproduce: 1. ensure rng-tools is not installed 2. Run scap with `OSPP - Protection Profile for General Purpose Operating Systems` profile 3. Try to remediate xccdf_org.ssgproject.content_rule_service_rngd_enabled rule Actual Results: Remediation fails due to missing rng-tools package Expected Results: Remediation succeed.
This bug appears to have been reported against 'rawhide' during the Fedora Linux 39 development cycle. Changing version to 39.
Still there in Fedora 40
PR that should help: https://github.com/ComplianceAsCode/content/pull/12244
The linked PR has been merged and should be released with v0.1.74.
The package has been updated to 0.1.74-1.fc40 and that version should have a fix for this issue. Thanks for reporting this issue.