Description of problem:

I have copied the the 30-pci-dss-v31.rules in the /etc/audit/rules.d/ and rebuild the audit rules.

The SCAP report for pci-dss fails on missing many audit rules.
For example the 2 rules below:

• xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr
• xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rmdir

For the OSPP the provided rules in /usr/share/audit/sample-rules where enough to Pass all the Audit check of the OSPP SCAP run.
I expected the same for PCI-DSS SCAP report, just copy the 30-pci-dss-v31.rules to the /etc/audit/rules.d/ and all Audit rules tests are getting Passed.

Version-Release number of selected component (if applicable):

How reproducible:

Always

Steps to Reproduce:

• Copy usr/share/audit/sample-rules/30-pci-dss-v31.rules and the surround boiler plate 10-base-config and 99-finalize to /etc/audit/rules.d

• Run augenrules

• Run scap for pcidss
  /usr/bin/oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_pci-dss -

-results-arf /var/tmp/compliance-report-pci-dss.xml /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
usr/bin/oscap xccdf generate report /var/tmp/compliance-report-pci-dss.xml

Results:

• Many failing SCAP tests on Audit

Expectation

• Audit tests in SCAP report are Passed

Additional info:
More info in case.