Firewalld-related remediation rules fail on first run but pass on second run in Rocky Linux 9

[ojasva-awasthi]

Description of problem:

While running the remediate command on a Rocky Linux 9 machine using the CIS Server Level 1 profile (xccdf_org.ssgproject.content_profile_cis_server_l1), the following rules fail during the first run:

xccdf_org.ssgproject.content_rule_service_firewalld_enabled

xccdf_org.ssgproject.content_rule_firewalld_loopback_traffic_restricted

xccdf_org.ssgproject.content_rule_firewalld_loopback_traffic_trusted

However, when the same remediation command is executed again, all these rules pass successfully.

SCAP Security Guide Version:

version : 0.1.78 Release : 1.el9.rocky.1.1

Operating System Version:

Rocky Linux 9.6

Steps to Reproduce:

1.Run the following command on a Rocky Linux 9 system:

scap xccdf eval --remediate --profile xccdf_org.ssgproject.content_profile_cis_server_l1 /home/azure_rocky_linux_9_level_1.xml

2.Observe that the three rules listed above fail during the first run.

3.Run the same command again.

4.Observe that the previously failed rules now pass

Actual Results:

Above mentioned rules are not getting passed in one run.

Expected Results:

Above mentioned rules should be passed in one run.

Additional Information/Debugging Steps:

It appears that the first remediation run may not fully start or reload the firewalld service before validation, causing the rule checks to fail initially. Running the command again seems to apply the missing configurations correctly.