This has been bugging me for a while. The default install location of SSG datastream is:
/usr/share/xml/scap/ssg/content/ssg-$PRODUCT-ds.xml
This is ridiculous! Why was this super long and complex path chosen? I can't find this mandated by any standard, it seems to be our own invention. [1]
Why not just /usr/share/scap/ssg ?
With /usr/share/scap being the standard location for any SCAP content?
If we decide to change this we'd have to symlink /usr/share/xml/scap/ssg/content/ -> /usr/share/scap/ssg for compatibility. This path is hardcoded in SCAP Workbench, Foreman SCAP integration and other tools.
I can change this quite easily right now because I am reimplementing the install support in cmake. Feedback welcome.
[1] https://www.google.com/search?q=usr%20share%20xml%20scap
On Friday, October 21, 2016 2:37:32 PM EDT Martin Preisler wrote:
This has been bugging me for a while. The default install location of SSG datastream is:
/usr/share/xml/scap/ssg/content/ssg-$PRODUCT-ds.xml
This is ridiculous! Why was this super long and complex path chosen? I can't find this mandated by any standard, it seems to be our own invention. [1]
Why not just /usr/share/scap/ssg ?
Doesn't the Linux FHS say xml data files belong in /usr/share/xml? Then presumably you want to differentiate with a directory under that.
-Steve
With /usr/share/scap being the standard location for any SCAP content?
If we decide to change this we'd have to symlink /usr/share/xml/scap/ssg/content/ -> /usr/share/scap/ssg for compatibility. This path is hardcoded in SCAP Workbench, Foreman SCAP integration and other tools.
I can change this quite easily right now because I am reimplementing the install support in cmake. Feedback welcome.
[1] https://www.google.com/search?q=usr%20share%20xml%20scap
----- Original Message -----
From: "Steve Grubb" sgrubb@redhat.com To: scap-security-guide@lists.fedorahosted.org Cc: "Martin Preisler" mpreisle@redhat.com Sent: Friday, October 21, 2016 3:02:35 PM Subject: Re: The default install location of SSG
On Friday, October 21, 2016 2:37:32 PM EDT Martin Preisler wrote:
This has been bugging me for a while. The default install location of SSG datastream is:
/usr/share/xml/scap/ssg/content/ssg-$PRODUCT-ds.xml
This is ridiculous! Why was this super long and complex path chosen? I can't find this mandated by any standard, it seems to be our own invention. [1]
Why not just /usr/share/scap/ssg ?
Doesn't the Linux FHS say xml data files belong in /usr/share/xml? Then presumably you want to differentiate with a directory under that.
That's an optional directive and nobody follows it. Check out:
find /usr/share -name *.xml
Differentiating files based on their format is not very useful. It makes more sense to differentiate based on their purpose. That's probably why almost nobody follows the XML rule in FHS.
On 10/21/16 2:15 PM, Martin Preisler wrote:
----- Original Message -----
From: "Steve Grubb" sgrubb@redhat.com To: scap-security-guide@lists.fedorahosted.org Cc: "Martin Preisler" mpreisle@redhat.com Sent: Friday, October 21, 2016 3:02:35 PM Subject: Re: The default install location of SSG
On Friday, October 21, 2016 2:37:32 PM EDT Martin Preisler wrote:
This has been bugging me for a while. The default install location of SSG datastream is:
/usr/share/xml/scap/ssg/content/ssg-$PRODUCT-ds.xml
This is ridiculous! Why was this super long and complex path chosen? I can't find this mandated by any standard, it seems to be our own invention. [1]
Why not just /usr/share/scap/ssg ?
Doesn't the Linux FHS say xml data files belong in /usr/share/xml? Then presumably you want to differentiate with a directory under that.
That's an optional directive and nobody follows it. Check out:
find /usr/share -name *.xml
Differentiating files based on their format is not very useful. It makes more sense to differentiate based on their purpose. That's probably why almost nobody follows the XML rule in FHS.
+1 to moving to something more sane. It looks like we're really the only provider of SCAP content -- other tools embed natively into their product, vs laying out on the filesystem (e.g. tripwire, BigFix, Nessus, etc).
/usr/share/scap is appealing.
+1 to this. Every time I have to hit scap content I hit /usr/share/sc<tab> and then do a search to remember that it was under 'xml'.
Trevor
On Sat, Oct 22, 2016 at 6:50 PM, Shawn Wells shawn@redhat.com wrote:
On 10/21/16 2:15 PM, Martin Preisler wrote:
----- Original Message -----
From: "Steve Grubb" sgrubb@redhat.com sgrubb@redhat.com> To: scap-security-guide@lists.fedorahosted.org> Cc: "Martin Preisler" mpreisle@redhat.com mpreisle@redhat.com> Sent: Friday, October 21, 2016 3:02:35 PM> Subject: Re: The default install location of SSG> > On Friday, October 21, 2016 2:37:32 PM EDT Martin Preisler wrote:
This has been bugging me for a while. The default install location of SSG> > datastream is:> > > > /usr/share/xml/scap/ssg/content/ssg-$PRODUCT-ds.xml> > > > This is ridiculous! Why was this super long and complex path chosen? I> > can't> > find this mandated by any standard, it seems to be our own invention. [1]> > > > Why not just> > /usr/share/scap/ssg ?
Doesn't the Linux FHS say xml data files belong in /usr/share/xml? Then> presumably you want to differentiate with a directory under that.
That's an optional directive and nobody follows it. Check out:
find /usr/share -name *.xml
Differentiating files based on their format is not very useful. It makes more sense to differentiate based on their purpose. That's probably why almost nobody follows the XML rule in FHS.
+1 to moving to something more sane. It looks like we're really the only provider of SCAP content -- other tools embed natively into their product, vs laying out on the filesystem (e.g. tripwire, BigFix, Nessus, etc).
/usr/share/scap is appealing.
scap-security-guide mailing list -- scap-security-guide@lists. fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@ lists.fedorahosted.org
scap-security-guide@lists.fedorahosted.org
-
Martin Preisler -
Shawn Wells -
Steve Grubb -
Trevor Vaughan