OVAL Definition Tutorial

[Pages:44]OVAL Definition Tutorial

? 2007 The MITRE Corporation. All rights reserved

Agenda

Common XML Concepts

OVAL Definition Tutorial The Basics

Definition structure Hello World

Advanced Topics

OVAL Definitions document Extended Definitions Variables Complex objects Behaviors Nil

Known Issues

2

XML Namespaces

namespace vs prefix

xmlns:win-def=""

default namespace

xmlns=""

using namespace

5.0

3

schemaLocation

used to identify schema file to validate content

...

Which schema file is used to validate the element?

4

OVAL Language Namespaces

OVAL Common Schema xmlns:oval=""

OVAL Definition Schema xmlns:oval-def="" xmlns:apache-def="" xmlns:macos-def="" xmlns:win-def=""

OVAL System Characteristics Schema xmlns:oval-sc="" xmlns:unix-sc="" xmlns:ios-sc=""

OVAL Results Schema xmlns:oval-res=""

5

OVAL Definitions

? 2007 The MITRE Corporation. All rights reserved

Structure of an OVAL Definition

Definition

the machine is compliant with stated policy

Test

fred.dll has a version less than 3.1

Test

Test

registry key has a value of 10

object state fred.dll version < 3.1

object state

object state registry key value = 10

7

Hello World

write an OVAL Definition to test that the (hypothetical) Windows registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\oval\example' has a value equal to "Hello World".

Windows registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\oval\exampl

e' has a value equal to "Hello World".

HKEY_LOCAL_MACHINE\SOFTWARE\oval\example

value = "Hello World"

8

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download