DRAFT HPUX 11.x schema, submitted by Jaime Spicciati <spicciati_jaime@bah.com>

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

DRAFT HPUX 11.x schema, submitted by Jaime Spicciati <spicciati_jaime@bah.com>

Matthew N. Wojcik
Jaime Spicciati of Booz Allen Hamilton has submitted a draft schema for
HPUX 11.x.  Below is the message he sent me.  (I standardized the text
format of the schema somewhat to match what I've been using, but otherwise
it's unchanged.)

--Woj                  Matthew N. Wojcik                  [hidden email]
OVAL Moderator                                   http://oval.mitre.org/

>From [hidden email] Thu Jul 17 16:03:12 2003
Date: Thu, 17 Jul 2003 11:40:37 -0400
From: Spicciati Jaime <[hidden email]>
To: Matthew N. Wojcik <[hidden email]>

Below is the proposed HPUX 11.x schema. As can be seen it is very similar to
the Solaris schema and already incorporates all of the proposed changes
which have been mentioned regarding the Solaris schema. Feel free to review
and comment on any portion of the proposed schema.

Thank you,
Jaime Spicciati
Booz Allen Hamilton

OVAL Schema: HP Unix 11.X

Version: 0
Status: DRAFT

HP_FileAttributes: File metadata
FilePath     -- Path to file.
FileType     -- Directory, named pipe, standard file, etc.
UID          -- File owner
GID          -- File group
ATime        -- Time of last file access in seconds since
             --   1970-01-01:00:00:00 UTC
CTime        -- Time of last file status change in seconds since
             --   1970-01-01:00:00:00 UTC
MTime        -- Time of last file data modification in seconds since
             --   1970-01-01:00:00:00 UTC
MD5          -- MD5 checksum
-- The following are the individual permission bits

HP_InetdConf: See manpage for inetd.conf(4) for column definitions

HP_Patches: From /usr/sbin/swlist -l patch PH*. See swlist(1M).
OSType        -- First Two letters of patch ['PH']
AreaPatched   -- Third and Fouth Digit of the PatchID ['CO']
PatchBase     -- Sixth - Tenth Digit of the PatchID ['14812']

HP_SwlistInfo: Output of /usr/sbin/swlist -v (with appropriate flags).
--------------   See swlist(1)
BundleInst   -- Bundle Abbreviation (-a tag)
Name         -- Full Name (-a title)
Category     -- System, application, etc (-a category_tag)
Version      -- Package version string (-a revision)
Vendor       -- Vendor name (-a vendor_tag)
Description  -- Full description (-a description)

HP_PSInfo: Output of /usr/bin/ps -ef
UID          -- UserID
PID          -- Process ID
PPID         -- Parent PID
STime        -- Start Time
TTY          -- TTY value
ExecTime     -- Cumulative time executing
Command      -- Command for process startup

HP_Uname: Output of /usr/sbin/uname -a command output. Examples in brackets.
OSName            -- first field ['HP_UX']
SystemName        -- second field ['hpux2']
OSRelease         -- third field ['11.00'] ('B.' is stripped from release)
OSVersion         -- fourth field ['A']
MachineClass      -- fifth field before slash ['9000']
ModelNum          -- fifth field after slash ['785']
MachineID         -- sixth field ['2014768799']
OSSystemLicense   -- seventh field ['two-user license']

HP_Users: /etc/passwd. See passwd(4)
Password     -- Encrypted password from /etc/passwd. If machine has
             --   been put in trusted mode (passwd='*') than password
             --   is stored in /tcb/files/auth/[First letter of name]/uname.
             --   If passwd='x' than use /etc/shadow file to get password.
UID          -- User id
GID          -- Primary group id
GCOS         -- AKA "real name" or "description" field
HomeDir      -- User's home directory
LoginShell   -- User's login shell

HP_Tcb: /tcb/files/auth/*. The '*' represents the first letter of the
-------   username. If machine is running in trusted mode than
-------   /tcb/files/auth will exist. See getprpwent().
UID           -- User ID ['u_id']
Password      -- Encrypted password. ['u_pwd']
AO            -- Account owner. ['u_owner']
BFlag         -- Boot flag: whether the user can boot to single user
              --   mode or not. ['u_booauth']
AID           -- Audit ID ['u_audid']
AFlag         -- Audit flag  ['u_auditflag']
PwdChgMin     -- Minimum time between password change. ['u_minchg']
PwdMaxLen     -- Password maximum length. ['u_maxlen']
PwdExp        -- Password expiration time, after which the password
              --   must be changed ['u_exp']
PwdLife       -- Password lifetime, after which the account is locked.
              --   ['u_life']
PwdChgUnSucc  -- Time of last successful password change. ['u_succhg']
PwdChgSucc    -- Time of last unsuccessful password change. ['u_unsucchg']
AccExpDate    -- Absolute time (date) when the account will
              --   expire. ['u_acct_expire']
ExpInact      -- Maximum time allowed between logins before the account is
              --   locked ['u_max_llogin']
ExpWarn       -- Number of days before expiration when a warning will
              --   appear. ['u_pw_expire_warning']
PwdGen        -- Whether passwords are user-generated or
              --   system-generated. ['u_pickpw']
PwdTrivChk    -- Whether a triviality check is performed on a
              --   user-generated password. ['u_restrict']
PwdGenChar    -- Allows users to control generated passwords ['u_genchars']
PwdNull       -- Whether null passwords are allowed for this account.
              --   ['u_nullpw']
PwdChanger    -- User ID of last person to change password, if not the
              --   account owner. ['u_pwchanger']
LoginHrs      -- Time periods when this account can be used for login.
              --   ['u_tod']
SucTTY        -- The terminal or remote host associated with the last
              --   successful login to the account. ['u_suctty']
UnSucTTY      -- The terminal or remote hosts associated with the last
              --   unsuccessful login to the account. ['u_unsuctty']