sysctl_net_ipv4_conf_all_forwarding fails on stig_gui using Ansible remediation

[comps]

Description of problem:

/hardening/ansible/with-gui/stig_gui/sysctl_net_ipv4_conf_all_forwarding

seems to reliably fail on RHEL-8 when using "Server with GUI" package set and Ansible remediation.

From the ARF XML, it seems that the issue is oscap finding oval:ssg-object_sysctl_net_ipv4_conf_all_forwarding_runtime:obj:1 with a value of 1 (as if forwarding was enabled). Manual oscap invocation on the system returned pass, so this may be related to some system startup race condition, or some late sysctl evaluation.

Doing systemd-analyze, systemd-sysctl.service runs for ~100ms very early during boot, so that's not the issue.

I was unable to quickly find out what causes the fail, but it is weird that it doesn't happen elsewhere (or with Bash remediation on the same system). Note that the test does a reboot between any remediation and scanning.

Honestly, the rule IMHO doesn't make much sense overall (when checking runtime interface conf directory) - the values will change during system runtime depending on which interfaces appear/disappear, the only reliable value is default, not all or eth0 or any of the interface names.

SCAP Security Guide Version:

master @ 6d67ad5

Operating System Version:

RHEL-8

Steps to Reproduce:

1. Run as --rhel 8.10 --arch x86_64 --test /hardening/ansible/with-gui/stig_gui

Additional Information/Debugging Steps:

• ARF XML from the scan: arf.xml.gz