How should the system_info from a Cisco router look like?

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

How should the system_info from a Cisco router look like?

Juan Carlos Castro Y Castro

Right now, our product, modSIC, is returning this:

 

<system_info>

<os_name>IOS</os_name>

<os_version>11.0(16)</os_version>

<architecture>68030</architecture>

<primary_host_name>rj16</primary_host_name>

<interfaces/>

</system_info>

 

All of that is parsed from the output of “show version”, which is shown below. Is the above OK? (Yes, I know, the interfaces list is missing; I’ll get to that shortly.)

 

Cisco Internetwork Operating System Software

IOS (tm) 3000 Software (IGS-I-L), Version 11.0(16), RELEASE SOFTWARE (fc1)

Copyright (c) 1986-1997 by cisco Systems, Inc.

Compiled Tue 24-Jun-97 12:20 by jaturner

Image text-base: 0x0301E644, data-base: 0x00001000

 

ROM: System Bootstrap, Version 11.0(10c), SOFTWARE

ROM: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWARE (fc1)

 

rj16 uptime is 8 weeks, 2 days, 6 hours, 13 minutes

System restarted by power-on

System image file is "flash:igs-i-l.110-16", booted via flash

 

cisco 2511 (68030) processor (revision M) with 2048K/2048K bytes of memory.

Processor board ID 07886698, with hardware revision 00000000

Bridging software.

X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.

1 Ethernet/IEEE 802.3 interface.

2 Serial network interfaces.

16 terminal lines.

32K bytes of non-volatile configuration memory.

8192K bytes of processor board System flash (Read ONLY)

 

Configuration register is 0x2102

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: How should the system_info from a Cisco router look like?

Luis Nunez
Juan,
it looks good for capturing basic information.  Additionally on the
newer IOS versions there is a feature to uniquely identify a system.
It is called Unique Device Identifier (UDI) that could be used for
asset identification.

Link to UDI for further information
http://www.cisco.com/en/US/products/products_identification_standard.html

Also link to sample IOS 15.x "show version" output (look for the UDI info).
http://c3isecurity.wordpress.com/2011/08/14/ios-definitions-schema/

hope this helps.

-ln

On Thu, Aug 18, 2011 at 9:09 PM, Juan Carlos Castro Y Castro
<[hidden email]> wrote:

> Right now, our product, modSIC, is returning this:
>
>
>
> <system_info>
>
> <os_name>IOS</os_name>
>
> <os_version>11.0(16)</os_version>
>
> <architecture>68030</architecture>
>
> <primary_host_name>rj16</primary_host_name>
>
> <interfaces/>
>
> </system_info>
>
>
>
> All of that is parsed from the output of “show version”, which is shown
> below. Is the above OK? (Yes, I know, the interfaces list is missing; I’ll
> get to that shortly.)
>
>
>
> Cisco Internetwork Operating System Software
>
> IOS (tm) 3000 Software (IGS-I-L), Version 11.0(16), RELEASE SOFTWARE (fc1)
>
> Copyright (c) 1986-1997 by cisco Systems, Inc.
>
> Compiled Tue 24-Jun-97 12:20 by jaturner
>
> Image text-base: 0x0301E644, data-base: 0x00001000
>
>
>
> ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
>
> ROM: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE
> SOFTWARE (fc1)
>
>
>
> rj16 uptime is 8 weeks, 2 days, 6 hours, 13 minutes
>
> System restarted by power-on
>
> System image file is "flash:igs-i-l.110-16", booted via flash
>
>
>
> cisco 2511 (68030) processor (revision M) with 2048K/2048K bytes of memory.
>
> Processor board ID 07886698, with hardware revision 00000000
>
> Bridging software.
>
> X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
>
> 1 Ethernet/IEEE 802.3 interface.
>
> 2 Serial network interfaces.
>
> 16 terminal lines.
>
> 32K bytes of non-volatile configuration memory.
>
> 8192K bytes of processor board System flash (Read ONLY)
>
>
>
> Configuration register is 0x2102
>
> To unsubscribe, send an email message to [hidden email] with
> SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have
> difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: How should the system_info from a Cisco router look like?

Juan Carlos Castro Y Castro
That's nice. I can see a change in the schema to include this, and it's a concept that can be valid for a large number of equipment types, not only Cisco gear. Consider that a suggestion.

Cheers,
Juan

-----Original Message-----
From: luis nunez [mailto:[hidden email]]
Sent: sexta-feira, 19 de agosto de 2011 11:30
To: [hidden email]
Subject: Re: [OVAL-DEVELOPER-LIST] How should the system_info from a Cisco router look like?

Juan,
it looks good for capturing basic information.  Additionally on the newer IOS versions there is a feature to uniquely identify a system.
It is called Unique Device Identifier (UDI) that could be used for asset identification.

Link to UDI for further information
http://www.cisco.com/en/US/products/products_identification_standard.html

Also link to sample IOS 15.x "show version" output (look for the UDI info).
http://c3isecurity.wordpress.com/2011/08/14/ios-definitions-schema/

hope this helps.

-ln

On Thu, Aug 18, 2011 at 9:09 PM, Juan Carlos Castro Y Castro <[hidden email]> wrote:

> Right now, our product, modSIC, is returning this:
>
>
>
> <system_info>
>
> <os_name>IOS</os_name>
>
> <os_version>11.0(16)</os_version>
>
> <architecture>68030</architecture>
>
> <primary_host_name>rj16</primary_host_name>
>
> <interfaces/>
>
> </system_info>
>
>
>
> All of that is parsed from the output of "show version", which is
> shown below. Is the above OK? (Yes, I know, the interfaces list is
> missing; I'll get to that shortly.)
>
>
>
> Cisco Internetwork Operating System Software
>
> IOS (tm) 3000 Software (IGS-I-L), Version 11.0(16), RELEASE SOFTWARE
> (fc1)
>
> Copyright (c) 1986-1997 by cisco Systems, Inc.
>
> Compiled Tue 24-Jun-97 12:20 by jaturner
>
> Image text-base: 0x0301E644, data-base: 0x00001000
>
>
>
> ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
>
> ROM: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE
> SOFTWARE (fc1)
>
>
>
> rj16 uptime is 8 weeks, 2 days, 6 hours, 13 minutes
>
> System restarted by power-on
>
> System image file is "flash:igs-i-l.110-16", booted via flash
>
>
>
> cisco 2511 (68030) processor (revision M) with 2048K/2048K bytes of memory.
>
> Processor board ID 07886698, with hardware revision 00000000
>
> Bridging software.
>
> X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
>
> 1 Ethernet/IEEE 802.3 interface.
>
> 2 Serial network interfaces.
>
> 16 terminal lines.
>
> 32K bytes of non-volatile configuration memory.
>
> 8192K bytes of processor board System flash (Read ONLY)
>
>
>
> Configuration register is 0x2102
>
> To unsubscribe, send an email message to [hidden email] with
> SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have
> difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message.  If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: How should the system_info from a Cisco router look like?

Jon Baker
Administrator
The Unique Device Identifier (UDI) could be captured in the oval-system-characteristics using the xsd:any tag that in included as part of the system info element. This tag was added for just this purpose.

Jon

============================================
Jonathan O. Baker
G022 - IA Industry Collaboration
The MITRE Corporation
Email: [hidden email]


>-----Original Message-----
>From: Juan Carlos Castro Y Castro [mailto:[hidden email]]
>Sent: Friday, August 19, 2011 1:21 PM
>To: oval-developer-list OVAL Developer List/Closed Public Discussion
>Subject: Re: [OVAL-DEVELOPER-LIST] How should the system_info from a Cisco
>router look like?
>
>That's nice. I can see a change in the schema to include this, and it's a concept
>that can be valid for a large number of equipment types, not only Cisco gear.
>Consider that a suggestion.
>
>Cheers,
>Juan
>
>-----Original Message-----
>From: luis nunez [mailto:[hidden email]]
>Sent: sexta-feira, 19 de agosto de 2011 11:30
>To: [hidden email]
>Subject: Re: [OVAL-DEVELOPER-LIST] How should the system_info from a Cisco
>router look like?
>
>Juan,
>it looks good for capturing basic information.  Additionally on the newer IOS
>versions there is a feature to uniquely identify a system.
>It is called Unique Device Identifier (UDI) that could be used for asset
>identification.
>
>Link to UDI for further information
>http://www.cisco.com/en/US/products/products_identification_standard.html
>
>Also link to sample IOS 15.x "show version" output (look for the UDI info).
>http://c3isecurity.wordpress.com/2011/08/14/ios-definitions-schema/
>
>hope this helps.
>
>-ln
>
>On Thu, Aug 18, 2011 at 9:09 PM, Juan Carlos Castro Y Castro
><[hidden email]> wrote:
>> Right now, our product, modSIC, is returning this:
>>
>>
>>
>> <system_info>
>>
>> <os_name>IOS</os_name>
>>
>> <os_version>11.0(16)</os_version>
>>
>> <architecture>68030</architecture>
>>
>> <primary_host_name>rj16</primary_host_name>
>>
>> <interfaces/>
>>
>> </system_info>
>>
>>
>>
>> All of that is parsed from the output of "show version", which is
>> shown below. Is the above OK? (Yes, I know, the interfaces list is
>> missing; I'll get to that shortly.)
>>
>>
>>
>> Cisco Internetwork Operating System Software
>>
>> IOS (tm) 3000 Software (IGS-I-L), Version 11.0(16), RELEASE SOFTWARE
>> (fc1)
>>
>> Copyright (c) 1986-1997 by cisco Systems, Inc.
>>
>> Compiled Tue 24-Jun-97 12:20 by jaturner
>>
>> Image text-base: 0x0301E644, data-base: 0x00001000
>>
>>
>>
>> ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
>>
>> ROM: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE
>> SOFTWARE (fc1)
>>
>>
>>
>> rj16 uptime is 8 weeks, 2 days, 6 hours, 13 minutes
>>
>> System restarted by power-on
>>
>> System image file is "flash:igs-i-l.110-16", booted via flash
>>
>>
>>
>> cisco 2511 (68030) processor (revision M) with 2048K/2048K bytes of
>memory.
>>
>> Processor board ID 07886698, with hardware revision 00000000
>>
>> Bridging software.
>>
>> X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
>>
>> 1 Ethernet/IEEE 802.3 interface.
>>
>> 2 Serial network interfaces.
>>
>> 16 terminal lines.
>>
>> 32K bytes of non-volatile configuration memory.
>>
>> 8192K bytes of processor board System flash (Read ONLY)
>>
>>
>>
>> Configuration register is 0x2102
>>
>> To unsubscribe, send an email message to [hidden email] with
>> SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have
>> difficulties, write to [hidden email].
>
>To unsubscribe, send an email message to [hidden email] with
>SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message.  If you have
>difficulties, write to [hidden email].
>
>To unsubscribe, send an email message to [hidden email] with
>SIGNOFF OVAL-DEVELOPER-LIST
>in the BODY of the message.  If you have difficulties, write to OVAL-
>[hidden email].

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: How should the system_info from a Cisco router look like?

joval
For the IOS system_info architecture, we're just putting in everything to the left of the CPU keyword (trimmed of whitespace), as I have an access point that returns the following line:

PowerPC405GP CPU at 196Mhz, revision number 0x0145

I'd love to see any test content for IOS.

Cheers,
--David

jOVAL.org: OVAL implemented in Java.
Scan any machine from any machine. For free!
Learn More | Features | Download



On 8/25/2011 2:53 PM, Baker, Jon wrote:
The Unique Device Identifier (UDI) could be captured in the oval-system-characteristics using the xsd:any tag that in included as part of the system info element. This tag was added for just this purpose.

Jon

============================================
Jonathan O. Baker
G022 - IA Industry Collaboration
The MITRE Corporation
Email: [hidden email]


-----Original Message-----
From: Juan Carlos Castro Y Castro [[hidden email]]
Sent: Friday, August 19, 2011 1:21 PM
To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: Re: [OVAL-DEVELOPER-LIST] How should the system_info from a Cisco
router look like?

That's nice. I can see a change in the schema to include this, and it's a concept
that can be valid for a large number of equipment types, not only Cisco gear.
Consider that a suggestion.

Cheers,
Juan

-----Original Message-----
From: luis nunez [[hidden email]]
Sent: sexta-feira, 19 de agosto de 2011 11:30
To: [hidden email]
Subject: Re: [OVAL-DEVELOPER-LIST] How should the system_info from a Cisco
router look like?

Juan,
it looks good for capturing basic information.  Additionally on the newer IOS
versions there is a feature to uniquely identify a system.
It is called Unique Device Identifier (UDI) that could be used for asset
identification.

Link to UDI for further information
http://www.cisco.com/en/US/products/products_identification_standard.html

Also link to sample IOS 15.x "show version" output (look for the UDI info).
http://c3isecurity.wordpress.com/2011/08/14/ios-definitions-schema/

hope this helps.

-ln

On Thu, Aug 18, 2011 at 9:09 PM, Juan Carlos Castro Y Castro
[hidden email] wrote:
Right now, our product, modSIC, is returning this:



<system_info>

<os_name>IOS</os_name>

<os_version>11.0(16)</os_version>

<architecture>68030</architecture>

<primary_host_name>rj16</primary_host_name>

<interfaces/>

</system_info>



All of that is parsed from the output of "show version", which is
shown below. Is the above OK? (Yes, I know, the interfaces list is
missing; I'll get to that shortly.)



Cisco Internetwork Operating System Software

IOS (tm) 3000 Software (IGS-I-L), Version 11.0(16), RELEASE SOFTWARE
(fc1)

Copyright (c) 1986-1997 by cisco Systems, Inc.

Compiled Tue 24-Jun-97 12:20 by jaturner

Image text-base: 0x0301E644, data-base: 0x00001000



ROM: System Bootstrap, Version 11.0(10c), SOFTWARE

ROM: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE
SOFTWARE (fc1)



rj16 uptime is 8 weeks, 2 days, 6 hours, 13 minutes

System restarted by power-on

System image file is "flash:igs-i-l.110-16", booted via flash



cisco 2511 (68030) processor (revision M) with 2048K/2048K bytes of
memory.
Processor board ID 07886698, with hardware revision 00000000

Bridging software.

X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.

1 Ethernet/IEEE 802.3 interface.

2 Serial network interfaces.

16 terminal lines.

32K bytes of non-volatile configuration memory.

8192K bytes of processor board System flash (Read ONLY)



Configuration register is 0x2102

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have
difficulties, write to [hidden email].
To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message.  If you have
difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to OVAL-
[hidden email].
To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].
To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

jOVAL.org: OVAL implemented in Java.
Scan any machine from any machine. For free!
Learn More | Features | Download

Reply | Threaded
Open this post in threaded view
|

Re: How should the system_info from a Cisco router look like?

Danny Haynes
Administrator

               Hi David,

 

               We currently do not have any test content for IOS, but, there is quite a bit of content in the OVAL Repository.

 

Thanks,

Danny

 

From: David Solin [mailto:[hidden email]]
Sent: Monday, August 29, 2011 8:10 PM
To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: Re: [OVAL-DEVELOPER-LIST] How should the system_info from a Cisco router look like?

 

For the IOS system_info architecture, we're just putting in everything to the left of the CPU keyword (trimmed of whitespace), as I have an access point that returns the following line:

PowerPC405GP CPU at 196Mhz, revision number 0x0145

I'd love to see any test content for IOS.

Cheers,
--David

jOVAL.org: OVAL implemented in Java.
Scan any machine from any machine. For free!
Learn More | Features | Download



On 8/25/2011 2:53 PM, Baker, Jon wrote:

The Unique Device Identifier (UDI) could be captured in the oval-system-characteristics using the xsd:any tag that in included as part of the system info element. This tag was added for just this purpose.
 
Jon
 
============================================
Jonathan O. Baker
G022 - IA Industry Collaboration
The MITRE Corporation
Email: [hidden email]
 
 
-----Original Message-----
From: Juan Carlos Castro Y Castro [[hidden email]]
Sent: Friday, August 19, 2011 1:21 PM
To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: Re: [OVAL-DEVELOPER-LIST] How should the system_info from a Cisco
router look like?
 
That's nice. I can see a change in the schema to include this, and it's a concept
that can be valid for a large number of equipment types, not only Cisco gear.
Consider that a suggestion.
 
Cheers,
Juan
 
-----Original Message-----
From: luis nunez [[hidden email]]
Sent: sexta-feira, 19 de agosto de 2011 11:30
To: [hidden email]
Subject: Re: [OVAL-DEVELOPER-LIST] How should the system_info from a Cisco
router look like?
 
Juan,
it looks good for capturing basic information.  Additionally on the newer IOS
versions there is a feature to uniquely identify a system.
It is called Unique Device Identifier (UDI) that could be used for asset
identification.
 
Link to UDI for further information
http://www.cisco.com/en/US/products/products_identification_standard.html
 
Also link to sample IOS 15.x "show version" output (look for the UDI info).
http://c3isecurity.wordpress.com/2011/08/14/ios-definitions-schema/
 
hope this helps.
 
-ln
 
On Thu, Aug 18, 2011 at 9:09 PM, Juan Carlos Castro Y Castro
[hidden email] wrote:
Right now, our product, modSIC, is returning this:
 
 
 
<system_info>
 
<os_name>IOS</os_name>
 
<os_version>11.0(16)</os_version>
 
<architecture>68030</architecture>
 
<primary_host_name>rj16</primary_host_name>
 
<interfaces/>
 
</system_info>
 
 
 
All of that is parsed from the output of "show version", which is
shown below. Is the above OK? (Yes, I know, the interfaces list is
missing; I'll get to that shortly.)
 
 
 
Cisco Internetwork Operating System Software
 
IOS (tm) 3000 Software (IGS-I-L), Version 11.0(16), RELEASE SOFTWARE
(fc1)
 
Copyright (c) 1986-1997 by cisco Systems, Inc.
 
Compiled Tue 24-Jun-97 12:20 by jaturner
 
Image text-base: 0x0301E644, data-base: 0x00001000
 
 
 
ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
 
ROM: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE
SOFTWARE (fc1)
 
 
 
rj16 uptime is 8 weeks, 2 days, 6 hours, 13 minutes
 
System restarted by power-on
 
System image file is "flash:igs-i-l.110-16", booted via flash
 
 
 
cisco 2511 (68030) processor (revision M) with 2048K/2048K bytes of
memory.
 
Processor board ID 07886698, with hardware revision 00000000
 
Bridging software.
 
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
 
1 Ethernet/IEEE 802.3 interface.
 
2 Serial network interfaces.
 
16 terminal lines.
 
32K bytes of non-volatile configuration memory.
 
8192K bytes of processor board System flash (Read ONLY)
 
 
 
Configuration register is 0x2102
 
To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have
difficulties, write to [hidden email].
 
To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message.  If you have
difficulties, write to [hidden email].
 
To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to OVAL-
[hidden email].
 
To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: How should the system_info from a Cisco router look like?

joval
Hi Danny,

Yes I've noticed that since my email and have actually run it -- I even added support for the legacy version_test because it's used in that content.  Of course, the nice thing about test content is that it gives you a hint about whether or not your scan has returned meaningful information, or information in the expected format!

Cheers,
--David

jOVAL.org: OVAL implemented in Java.
Scan any machine from any machine. For free!
Learn More | Features | Download



On 10/24/2011 3:04 PM, Haynes, Dan wrote:

               Hi David,

 

               We currently do not have any test content for IOS, but, there is quite a bit of content in the OVAL Repository.

 

Thanks,

Danny

 

From: David Solin [[hidden email]]
Sent: Monday, August 29, 2011 8:10 PM
To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: Re: [OVAL-DEVELOPER-LIST] How should the system_info from a Cisco router look like?

 

For the IOS system_info architecture, we're just putting in everything to the left of the CPU keyword (trimmed of whitespace), as I have an access point that returns the following line:

PowerPC405GP CPU at 196Mhz, revision number 0x0145

I'd love to see any test content for IOS.

Cheers,
--David

jOVAL.org: OVAL implemented in Java.
Scan any machine from any machine. For free!
Learn More | Features | Download



On 8/25/2011 2:53 PM, Baker, Jon wrote:

The Unique Device Identifier (UDI) could be captured in the oval-system-characteristics using the xsd:any tag that in included as part of the system info element. This tag was added for just this purpose.
 
Jon
 
============================================
Jonathan O. Baker
G022 - IA Industry Collaboration
The MITRE Corporation
Email: [hidden email]
 
 
-----Original Message-----
From: Juan Carlos Castro Y Castro [[hidden email]]
Sent: Friday, August 19, 2011 1:21 PM
To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: Re: [OVAL-DEVELOPER-LIST] How should the system_info from a Cisco
router look like?
 
That's nice. I can see a change in the schema to include this, and it's a concept
that can be valid for a large number of equipment types, not only Cisco gear.
Consider that a suggestion.
 
Cheers,
Juan
 
-----Original Message-----
From: luis nunez [[hidden email]]
Sent: sexta-feira, 19 de agosto de 2011 11:30
To: [hidden email]
Subject: Re: [OVAL-DEVELOPER-LIST] How should the system_info from a Cisco
router look like?
 
Juan,
it looks good for capturing basic information.  Additionally on the newer IOS
versions there is a feature to uniquely identify a system.
It is called Unique Device Identifier (UDI) that could be used for asset
identification.
 
Link to UDI for further information
http://www.cisco.com/en/US/products/products_identification_standard.html
 
Also link to sample IOS 15.x "show version" output (look for the UDI info).
http://c3isecurity.wordpress.com/2011/08/14/ios-definitions-schema/
 
hope this helps.
 
-ln
 
On Thu, Aug 18, 2011 at 9:09 PM, Juan Carlos Castro Y Castro
[hidden email] wrote:
Right now, our product, modSIC, is returning this:
 
 
 
<system_info>
 
<os_name>IOS</os_name>
 
<os_version>11.0(16)</os_version>
 
<architecture>68030</architecture>
 
<primary_host_name>rj16</primary_host_name>
 
<interfaces/>
 
</system_info>
 
 
 
All of that is parsed from the output of "show version", which is
shown below. Is the above OK? (Yes, I know, the interfaces list is
missing; I'll get to that shortly.)
 
 
 
Cisco Internetwork Operating System Software
 
IOS (tm) 3000 Software (IGS-I-L), Version 11.0(16), RELEASE SOFTWARE
(fc1)
 
Copyright (c) 1986-1997 by cisco Systems, Inc.
 
Compiled Tue 24-Jun-97 12:20 by jaturner
 
Image text-base: 0x0301E644, data-base: 0x00001000
 
 
 
ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
 
ROM: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE
SOFTWARE (fc1)
 
 
 
rj16 uptime is 8 weeks, 2 days, 6 hours, 13 minutes
 
System restarted by power-on
 
System image file is "flash:igs-i-l.110-16", booted via flash
 
 
 
cisco 2511 (68030) processor (revision M) with 2048K/2048K bytes of
memory.
 
Processor board ID 07886698, with hardware revision 00000000
 
Bridging software.
 
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
 
1 Ethernet/IEEE 802.3 interface.
 
2 Serial network interfaces.
 
16 terminal lines.
 
32K bytes of non-volatile configuration memory.
 
8192K bytes of processor board System flash (Read ONLY)
 
 
 
Configuration register is 0x2102
 
To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have
difficulties, write to [hidden email].
 
To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message.  If you have
difficulties, write to [hidden email].
 
To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to OVAL-
[hidden email].
 
To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

jOVAL.org: OVAL implemented in Java.
Scan any machine from any machine. For free!
Learn More | Features | Download