Benchmark URL #scap_org.open-scap_comp_ssg-fedora-xccdf.xml Benchmark ID xccdf_org.ssgproject.content_benchmark_FEDORA Benchmark version 0.1.68 Profile ID xccdf_org.ssgproject.content_profile_ospp Test system cpe:/a:redhat:openscap:1.3.8 xccdf_org.ssgproject.content_rule_service_rngd_enabled tries to enable and start rngd service without installing rng-tools if missing. Remediation shell script shows: ```bash # Remediation is applicable only in certain platforms if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then SYSTEMCTL_EXEC='/usr/bin/systemctl' "$SYSTEMCTL_EXEC" unmask 'rngd.service' "$SYSTEMCTL_EXEC" start 'rngd.service' "$SYSTEMCTL_EXEC" enable 'rngd.service' else >&2 echo 'Remediation is not applicable, nothing was done' fi ``` and it fails as `rngd.service` is missing. This is solvable by installing `rng-tools` package before enabling the service. I think this package installation should be part of the remediation. Reproducible: Always Steps to Reproduce: 1. ensure rng-tools is not installed 2. Run scap with `OSPP - Protection Profile for General Purpose Operating Systems` profile 3. Try to remediate xccdf_org.ssgproject.content_rule_service_rngd_enabled rule Actual Results: Remediation fails due to missing rng-tools package Expected Results: Remediation succeed.
This bug appears to have been reported against 'rawhide' during the Fedora Linux 39 development cycle. Changing version to 39.