Watson Yuuma Sato

This issue is another manifestation of remediate twice for rule to pass, closing. See https://github.com/OpenSCAP/openscap/issues/1880

I would make the check for `tmp.mount` service a new rule. If there is a second way to have `/tmp` in a separate partition. Which one would be the remediated...

> I tried to use the service enabled template, but `tmp.mount` is kind of a special service and doesn't fit with our existent template. Yeah, some different configuration is required...

Only rule for `try_first_pass` is needed, others are covered by: - accounts_password_pam_retry - accounts_password_pam_minlen - accounts_password_pam_minclass

What if we relied on `xccdf:requires` instead of `xccdf:platform` for these rules? With `xccdf:platform`, rules that configure a package that is not installed will evaluate to `notapplicable`. If the profile...

Well, I just realize that another approach is to remove `xccdf:platform` and not add anything. What would we lose or miss if `configure_usbguard_auditbackend` dropped its `platform: usbguard`?

It looks like there is demand for the behavior of "configure a package if it is installed, but ignore it otherwise": `Note: If the USBGuard daemon is not installed and...

Thanks @ggbecker!

Maybe `update-crypto-policyes --is-applied` could be used? After modifying the config manually, I get the following: ``` [root@localhost ~]# vim /etc/crypto-policies/config [root@localhost ~]# update-crypto-policies --is-applied The configured policy is NOT applied...

Alignment of RHEL-7 is also affected: https://stigs.mab879.com/products/rhel7/v3r8/RHEL-07-040420/