I agree with the above analysis. There is something else I have noticed... the openscap community consists of several components, one of them implements security-guides (scap content (checklists) to pass to oscap). xenial did not ship any security-guide component. However, bionic does. Bionic also includes the above mentioned changes.
In the past year the openscap community has made many improvements to the security-guides including creating a small checklist specifically for ubuntu-16.04. Bionic ships the security-guides in several packages, - ssg-debderived (contains ubuntu-16.04 checklist) - ssg-nondebian (contains rhel and sles checklists) - ssg-debian (contains debian checklist) It is possible ubuntu users will try several things using the ssg-debderived package - take the ubuntu-16.04 checklist file and try to run it on a xenial system However, there are systemd checks in this xccdf. It is possible a bugreport will be generated. - try to run the ubuntu-16.04 checklists file on bionic. This will fail because checklist file first looks to verify is a 16.04 system. A savvy user can modify the xccdf (checklist file) to recognize 18.04. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782031 Title: [SRU][xenial] Enable SCE option and systemd probe in libopenscap8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1782031/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs