Description of problem:

Running OpenSCAP scans through Red Hat Satellite using the default SCAP security profile with no tailoring file applied. The resulting scan report shows 54 rules marked as failed, many of which appear to be incorrect or false positives upon manual verification.

How reproducible:

Consistently reproducible using the default SCAP profile via Red Hat Satellite, without any tailoring file.

Is this issue a regression from an earlier version:

Steps to Reproduce:

1. In Red Hat Satellite, create a new SCAP policy using the following:
2. Profile: CIS Red Hat Enterprise Linux 8 Benchmark for Level 1 - Server
3. SCAP Content: Red Hat rhel8 default content
4. Assign the policy to a registered host (no tailoring file applied).
5. Run the OpenSCAP scan from Satellite.
6. Review the scan results — observe that 54 rules are marked as failed.
7. Manually verify system configuration for some of the failed rules (e.g., “Set SSH Client Alive Count

Actual behavior:

1. OpenSCAP reports 54 failed rules when using the default SCAP profile with no tailoring file.
2. Many of these failed rules do not accurately reflect the system’s configuration.
3. For example, the rule “Set SSH Client Alive Count Max” was marked as failed, despite the correct configuration being present on the system.
4. Results appear to include false positives, leading to inaccurate compliance reporting.

Expected behavior:

1. The scan should accurately reflect the compliance state of the system.

1. Rules should only be marked as failed when there is a genuine non-compliance.

Business Impact / Additional info:

1. Inaccurate scan results reduce confidence in Satellite-generated compliance reports.

1. Manual verification is required, impacting audit readiness and compliance planning.

1. Centralized scanning through Satellite becomes unreliable without accurate rule evaluation.