In general, it's probably more a documentation and marketing issue. More could be done to publish examples of SSG being used with other tools.
Most people are going to be installing SSG via YUM. If the documentation indicates installing both, that is probably fine. I agree with Paul that it is nice to install both and oscap is needed to test SSG content. With my newbie hat on, it's taken me some time to understand the difference between OpenSCAP and SSG. I've been wondering why. After all, I've understood the difference between a browser and html page; between Excel and a Excel file. I come back to the marketing piece. Greg On Tue, May 27, 2014 at 2:57 PM, Paul Tittle (Contractor) < [email protected]> wrote: > On 5/27/14 2:43 PM, Shawn Wells wrote: > > > On 5/26/14, 10:56 AM, Jan Lieskovsky wrote: > > > > 0002-RHEL-6-RHEL-7-Fedora-Drop-Requires-on-openscap-utils.patch > > > From 3c42c661b4f12d57fda35c3506bde1140a09a02f Mon Sep 17 00:00:00 2001 > From: Jan Lieskovsky<[email protected]> <[email protected]> > Date: Mon, 26 May 2014 16:26:08 +0200 > Subject: [PATCH 2/2] [RHEL/6, RHEL/7, Fedora] Drop Requires on > openscap-utils. > Add a note into manual pages regarding that. > > Signed-off-by: Jan Lieskovsky<[email protected]> <[email protected]> > --- > Fedora/input/auxiliary/scap-security-guide.8 | 7 +++++++ > Fedora/scap-security-guide.spec | 2 +- > RHEL/6/input/auxiliary/scap-security-guide.8 | 7 +++++++ > RHEL/7/input/auxiliary/scap-security-guide.8 | 7 +++++++ > scap-security-guide.spec | 2 +- > 5 files changed, 23 insertions(+), 2 deletions(-) > > diff --git a/Fedora/input/auxiliary/scap-security-guide.8 > b/Fedora/input/auxiliary/scap-security-guide.8 > index 7758f37..50235d9 100644 > --- a/Fedora/input/auxiliary/scap-security-guide.8 > +++ b/Fedora/input/auxiliary/scap-security-guide.8 > @@ -33,6 +33,13 @@ scanning of general-purpose Fedora systems. > .SH EXAMPLES > + > +.B "NOTE: " > +Example below assumes the openscap-utils package is installed on the > system. > +If that's not the case to install the openscap-utils package run the > +.I yum install openscap-utils > +command as the root user. > + > To scan your system utilizing the OpenSCAP utility against the > common profile, run: > diff --git a/Fedora/scap-security-guide.spec > b/Fedora/scap-security-guide.spec > index c5a8911..adf92a5 100644 > --- a/Fedora/scap-security-guide.spec > +++ b/Fedora/scap-security-guide.spec > @@ -23,7 +23,7 @@ Source0: > http://fedorapeople.org/~jlieskov/%{name}-%{version}.tar.gz > > Source1: > http://repos.ssgproject.org/sources/%{name}-%{rhelssgversion}.tar.gz > > BuildArch: noarch > BuildRequires: libxslt, expat, python, openscap-utils >= 0.9.1, > python-lxml > -Requires: xml-common, openscap-utils >= 0.9.1 > +Requires: xml-common > Obsoletes: openscap-content < 0:0.9.13 > Provides: openscap-content > diff --git a/RHEL/6/input/auxiliary/scap-security-guide.8 > b/RHEL/6/input/auxiliary/scap-security-guide.8 > index 44ae1ab..e676d35 100644 > --- a/RHEL/6/input/auxiliary/scap-security-guide.8 > +++ b/RHEL/6/input/auxiliary/scap-security-guide.8 > @@ -68,6 +68,13 @@ webpage athttp://usgcb.nist.gov/usgcb_content.html. > .SH EXAMPLES > + > +.B "NOTE: " > +Example below assumes the openscap-utils package is installed on the > system. > +If that's not the case to install the openscap-utils package run the > +.I yum install openscap-utils > +command as the root user. > + > To scan your system utilizing the OpenSCAP utility against the > stig-rhel6-server-upstream profile: > diff --git a/RHEL/7/input/auxiliary/scap-security-guide.8 > b/RHEL/7/input/auxiliary/scap-security-guide.8 > index 97c4aec..7625fdd 100644 > --- a/RHEL/7/input/auxiliary/scap-security-guide.8 > +++ b/RHEL/7/input/auxiliary/scap-security-guide.8 > @@ -58,6 +58,13 @@ webpage athttp://usgcb.nist.gov/usgcb_content.html. > .SH EXAMPLES > + > +.B "NOTE: " > +Example below assumes the openscap-utils package is installed on the > system. > +If that's not the case to install the openscap-utils package run the > +.I yum install openscap-utils > +command as the root user. > + > To scan your system utilizing the OpenSCAP utility against the > stig-rhel6-server profile: > diff --git a/scap-security-guide.spec b/scap-security-guide.spec > index fad1c6f..c23be44 100644 > --- a/scap-security-guide.spec > +++ b/scap-security-guide.spec > @@ -15,7 +15,7 @@ Source0: > http://repos.ssgproject.org/sources/%{name}-%{version}.tar.gz > > BuildArch: noarch > BuildRequires: libxslt, expat, python, openscap-utils >= 0.9.1, > python-lxml > -Requires: xml-common, openscap-utils >= 0.9.1 > +Requires: xml-common > %description > The scap-security-guide project provides a guide for configuration of > the > -- 1.8.3.1 > > > > > I'd like to open this up to the community..... Is it beneficial for > OpenSCAP to simultaneously installed with SSG? > > On one side the inclusion means you get tools+content with one command, > which is particularly useful for those new to SCAP. On the other hand it's > been mentioned that this drives users to believing SSG only works with > OpenSCAP. There's no intention of "forcing" OpenSCAP on people. > > So, to the user community, is auto inclusion of OpenSCAP annoying or > useful? > > > > I think it's useful to require OpenSCAP to be installed simultaneously. > It's used to test SSG content, for one. > > There have been some patches recently which were made in response to the > latest build of OpenSCAP, such as the world_writeable_files patch. > recurse_file_system="local" does something different in the latest OpenSCAP > build, which potentially breaks the test for some environments (it broke > for mine). This tells me that SSG's tests are somewhat reliant on the SCAP > tools that are used with the content. > > If all SCAP tools behaved the same way for all input, I would say that > OpenSCAP shouldn't be a requirement for SSG. But they probably don't, so my > vote is for requiring OpenSCAP. > > > _______________________________________________ > scap-security-guide mailing > [email protected]https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > > > > > > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > >
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
