[Open-scap] [Suspected Spam] Re: OSCAP Scanner Binaries
Šimon Lukašík
slukasik at redhat.com
Wed Apr 25 07:38:41 UTC 2018
On 04/24/2018 07:12 PM, Mohanraj, Bharath wrote:
> Thanks for the info…
>
>
>
> The first thing I want to avoid is my enduser machines hitting the
> internet for downloading packages… So, I prefer having them as RPM files
> locally and trigger installation of the same… But, in case the RPM
> installation fails for some reason, then just placing the files at
> required locations will be my fallback…
>
>
>
> Do you see any problems with this approach, that might affect oscap
> functionality?
>
Well the problem is that if you used the tools that are available you
could have more time for barbecue, philately, beach volleyball or even
civic engagement. [*]
I appreciate your point about some systems won't have yum and some
systems would prefer not to hit internet randomly. However, I would try
to analyze the situation more broadly to asses whether there could be
some other solution. Copying content of RPMS sound like too much work
for poor humans. Perhaps, there is not too many of non yum systems?
In the last two decades open source world tried to reinvent the software
deployment multiple times. Each iteration was different, brought
different sets of issues and solutions, but each moved us forward.
Forward towards more controlled and automated deployment, further away
from copying binaries to all systems by hand.
I don't know what would be the best for your particular use-case.
However, I believe there has to be better way than copying the contents
of RPMs (not one, but all the dependencies).
Very kind regards and good luck!
~š.
[*] I recommend philately. See this one:
https://www.sbiram.cz/soubory/produkty/3h-1k-serie-michane-typy-nr.33-47-razitkovane.jpg
>
>
> *From:*Gary Gapinski [mailto:gapinski at nasa.gov]
> *Sent:* Tuesday, April 24, 2018 10:38 PM
> *To:* Mohanraj, Bharath <bharath_mohanraj_tp at bmc.com>; Mike Harris
> <mharris at redhat.com>
> *Cc:* open-scap-list at redhat.com
> *Subject:* [Suspected Spam] Re: [Open-scap] OSCAP Scanner Binaries
>
>
>
> In addition to executable binaries (and libraries), there are ancillary
> files that must accompany the binaries.
>
> These could be extracted from an RPM and manually deployed.
>
> But: why not just use the rpm command to install the related RPMs?
>
> Regards,
>
> Gary
>
>
>
> On 04/24/2018 12:50 PM, Mohanraj, Bharath wrote:
>
> No… Let me try to give more details…
>
>
>
> In my environment, it is not guaranteed that all machines will have
> “yum” in them…
>
>
>
> So, I was thinking of an alternative for “yum”… something like, I
> get the files that will be deployed by yum as raw binaries, and just
> place them in a and trigger “oscap” scan command using the same…
>
>
>
> *From:*Mike Harris [mailto:mharris at redhat.com]
> *Sent:* Tuesday, April 24, 2018 9:38 PM
> *To:* Mohanraj, Bharath <bharath_mohanraj_tp at bmc.com>
> <mailto:bharath_mohanraj_tp at bmc.com>
> *Cc:* open-scap-list at redhat.com <mailto:open-scap-list at redhat.com>
> *Subject:* Re: [Open-scap] OSCAP Scanner Binaries
>
>
>
> I may be misunderstanding, BUT, are you talking about, using
> something like downloading rpms without installing
> them: https://access.redhat.com/solutions/10154
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_solutions_10154&d=DwMFaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=AUaowh4kDgwmfFF8B9dpIGVcrfeOZDaHu6Di1CZTnp4&m=b6vqHP4Ne5Px_3UwUd0m7Io_AQH0HVLDUfg9DpEeXRM&s=OXMzS9Y_OH89G7y-KrEv3I73w1Ji0ckiYeIwCx-TJCw&e=>
>
>
>
> On Tue, Apr 24, 2018 at 11:32 AM, Mohanraj, Bharath
> <bharath_mohanraj_tp at bmc.com <mailto:bharath_mohanraj_tp at bmc.com>>
> wrote:
>
> Hi All,
>
>
>
> I’m new to OpenSCAP and Unix world, but I’m very interested in
> trying out the Open SCAP solution…
>
>
>
> I have a RHEL 7 machine for testing this out… From
> documentation, I see the first step is to get the oscap scanner
> available in my machine. In order to get that, I need to run
> “*yum install openscap-scanner*”
>
>
>
> My question here is, though I understand that the scanner comes
> a rpm bundle here, is there a way I can just get the binaries
> directly rather than using “yum”… so that I can place the oscap
> binaries in a folder and run the commands by using the files in
> this folder.
>
>
>
> Is this possible? Any thoughts?
>
>
>
> Thanks in advance.
>
>
>
> Regards,
>
> Bharath M
>
>
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list at redhat.com <mailto:Open-scap-list at redhat.com>
> https://www.redhat.com/mailman/listinfo/open-scap-list
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.redhat.com_mailman_listinfo_open-2Dscap-2Dlist&d=DwMFaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=AUaowh4kDgwmfFF8B9dpIGVcrfeOZDaHu6Di1CZTnp4&m=b6vqHP4Ne5Px_3UwUd0m7Io_AQH0HVLDUfg9DpEeXRM&s=Ks_aSuKHqI4f2hiUitzoYaH75_oZToQMP-zTusAZ0Gs&e=>
>
>
>
>
>
> --
>
> *MIKE HARRIS*
>
> CONSULTANT, RHCE, CISSP
>
> Red Hat
>
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.redhat.com_&d=DwMFaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=AUaowh4kDgwmfFF8B9dpIGVcrfeOZDaHu6Di1CZTnp4&m=b6vqHP4Ne5Px_3UwUd0m7Io_AQH0HVLDUfg9DpEeXRM&s=DYtkcEYnPHNC0dmLIAmQmEkOql4z-2QrJxEo3pkJ9nE&e=>
>
> mharris at redhat.com <mailto:mharris at redhat.com> M: (702)518-7467
> <tel:%28702%29518-7467>
>
> gpg keyid: 4096R/48550583 gpg fingerprint: B358 9572 B772 ECF6 643D
> 3EF5 D10C 3012 4855 0583
>
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__red.ht_sig&d=DwMFaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=AUaowh4kDgwmfFF8B9dpIGVcrfeOZDaHu6Di1CZTnp4&m=b6vqHP4Ne5Px_3UwUd0m7Io_AQH0HVLDUfg9DpEeXRM&s=8fkpw8c0qM_EwDU1o0_tV3vSv1Q6OrycKWqSUUWEvCI&e=>
>
>
>
> *TRIED. TESTED. TRUSTED.*
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__redhat.com_trusted&d=DwMFaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=AUaowh4kDgwmfFF8B9dpIGVcrfeOZDaHu6Di1CZTnp4&m=b6vqHP4Ne5Px_3UwUd0m7Io_AQH0HVLDUfg9DpEeXRM&s=ukPE7IRncqrwA1sjyS7Pon6pNwJ60UpMop7k9Mi2TvI&e=>
>
> @redhatnews
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__twitter.com_redhatnews&d=DwMFaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=AUaowh4kDgwmfFF8B9dpIGVcrfeOZDaHu6Di1CZTnp4&m=b6vqHP4Ne5Px_3UwUd0m7Io_AQH0HVLDUfg9DpEeXRM&s=Bf4zzn5zAtQwIZG4AYMe2tHagNu5CwDeqs4iEqeDT7I&e=> Red
> Hat <https://www.linkedin.com/company/red-hat> Red Hat
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.facebook.com_RedHatInc&d=DwMFaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=AUaowh4kDgwmfFF8B9dpIGVcrfeOZDaHu6Di1CZTnp4&m=b6vqHP4Ne5Px_3UwUd0m7Io_AQH0HVLDUfg9DpEeXRM&s=XsPe3SllNPLJiMMyVM_TQiyc-GuFo8EvjP81kFwqoDI&e=>
>
>
>
>
> _______________________________________________
>
> Open-scap-list mailing list
>
> Open-scap-list at redhat.com <mailto:Open-scap-list at redhat.com>
>
> https://www.redhat.com/mailman/listinfo/open-scap-list
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.redhat.com_mailman_listinfo_open-2Dscap-2Dlist&d=DwMDaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=AUaowh4kDgwmfFF8B9dpIGVcrfeOZDaHu6Di1CZTnp4&m=vx135Kur5jhM3TPb0EloELNrExypUg9yps_npuNpXHk&s=Haa-5iYYtLkRqjuzjMMujWG2rYpf6MoxYf9PW4JaeO0&e=>
>
>
>
> --
>
> Gary Gapinski — DB Consulting Group
> ETADS
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__etads.nasa.gov_&d=DwMDaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=AUaowh4kDgwmfFF8B9dpIGVcrfeOZDaHu6Di1CZTnp4&m=vx135Kur5jhM3TPb0EloELNrExypUg9yps_npuNpXHk&s=vL5j5WDpNUe5JWBLyMPYFr6S5zn9kDcYwJqC6R-4jH0&e=>
> — Enterprise Technology Assessments & Digital Standards
> NASA Glenn Research Center
> ℡ +1 216 433 3959 <tel:+1%20216%20433%203959> — office
> ℡ +1 216 820 1849 <tel:+1%20216%20820%201849> — mobile
> gapinski at nasa.gov <mailto:gapinski at nasa.gov>
>
>
>
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list at redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list
>
~š.
More information about the Open-scap-list
mailing list