How to assign conditional value to local variables?

classic Classic list List threaded Threaded
20 messages Options
Reply | Threaded
Open this post in threaded view
|

How to assign conditional value to local variables?

gauravphoenix
 As per my understanding, a local variable can refer to
 object_component, variable_component and literal_component. How do I
 assign value based on a condition? For example, some Linux distributions
 use /etc/php5/apache2/php.ini for default PHP.INI location whereas some
 use /etc/php.ini ; I would like to create a local variable which first
 evaluates which disto is being used and based upon evaluation, I would
 like to assign appropriate value.

 Thanks,
 Gaurav

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: How to assign conditional value to local variables?

Igor Prata
Hello Gaurav.

For this scenario I usually use external variables in my Baselines.
Our Interpreter (modSIC) offers a form field for each external variable in an OVAL Definition file during execution. I only fill with the correct path for this kind of configuration files. Works fine in heterogenic Unix environment.

Otherwise, it will be too much rules to predict different OSs.






Igor Prata
Projetc modSIC - Risk Manager 7

Tel: (21) 9678-7885 | Fax: (21) 2123-4601
 
 
 

 
As informações existentes nessa mensagem e nos arquivos anexados são para uso restrito, sendo seu sigilo protegido por lei. Caso não seja destinatário, saiba que leitura, divulgação ou cópia são proibidas. Favor apagar as informações e notificar o remetente. O uso impróprio será tratado conforme as normas da empresa e a legislação em vigor.

This message and the files attached contain confidential information and their confidentiality is protected by law. They are intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient, you are not authorized to disclose, distribute or copy this information. Please notify the sender immediately by e-mail if you have received this message by mistake and delete it from your system. Improper use of this information will be treated according to the company's internal rules and the applicable legislation.
 



-----Original Message-----
From: Gaurav Kumar [mailto:[hidden email]]
Sent: quinta-feira, 8 de dezembro de 2011 18:26
To: [hidden email]
Subject: [OVAL-DEVELOPER-LIST] How to assign conditional value to local variables?

 As per my understanding, a local variable can refer to  object_component, variable_component and literal_component. How do I  assign value based on a condition? For example, some Linux distributions  use /etc/php5/apache2/php.ini for default PHP.INI location whereas some  use /etc/php.ini ; I would like to create a local variable which first  evaluates which disto is being used and based upon evaluation, I would  like to assign appropriate value.

 Thanks,
 Gaurav

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message.  If you have difficulties, write to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: How to assign conditional value to local variables?

gauravphoenix
 Do you mean to say that I should assign values (/etc/php.ini ,
 /etc/php/apache2/php.ini etc) to external variable and then interpreter
 will enumerate values at run time? If so, interpreter will need to
 perform evaluation on each value, right?

 Thanks,
 ---
 Gaurav Kumar

 On Fri, 9 Dec 2011 13:24:44 +0000, Igor Devulsky Prata wrote:

> Hello Gaurav.
>
> For this scenario I usually use external variables in my Baselines.
> Our Interpreter (modSIC) offers a form field for each external
> variable in an OVAL Definition file during execution. I only fill
> with
> the correct path for this kind of configuration files. Works fine in
> heterogenic Unix environment.
>
> Otherwise, it will be too much rules to predict different OSs.
>
>
>
>
>
>
> Igor Prata
> Projetc modSIC - Risk Manager 7
>
> Tel: (21) 9678-7885 | Fax: (21) 2123-4601
>  
>  
>  
>
>  
> As informações existentes nessa mensagem e nos arquivos anexados são
> para uso restrito, sendo seu sigilo protegido por lei. Caso não seja
> destinatário, saiba que leitura, divulgação ou cópia são proibidas.
> Favor apagar as informações e notificar o remetente. O uso impróprio
> será tratado conforme as normas da empresa e a legislação em vigor.
>
> This message and the files attached contain confidential information
> and their confidentiality is protected by law. They are intended
> solely for the use of the individual or entity to whom they are
> addressed. If you are not the intended recipient, you are not
> authorized to disclose, distribute or copy this information. Please
> notify the sender immediately by e-mail if you have received this
> message by mistake and delete it from your system. Improper use of
> this information will be treated according to the company's internal
> rules and the applicable legislation.
>  
>
>
>
> -----Original Message-----
> From: Gaurav Kumar [mailto:[hidden email]]
> Sent: quinta-feira, 8 de dezembro de 2011 18:26
> To: [hidden email]
> Subject: [OVAL-DEVELOPER-LIST] How to assign conditional value to
> local variables?
>
>  As per my understanding, a local variable can refer to
> object_component, variable_component and literal_component. How do I
> assign value based on a condition? For example, some Linux
> distributions  use /etc/php5/apache2/php.ini for default PHP.INI
> location whereas some  use /etc/php.ini ; I would like to create a
> local variable which first  evaluates which disto is being used and
> based upon evaluation, I would  like to assign appropriate value.
>
>  Thanks,
>  Gaurav
>
> To unsubscribe, send an email message to [hidden email]
> with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message.  If you
> have difficulties, write to
> [hidden email].

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: How to assign conditional value to local variables?

Jon Baker
Administrator
Using the external variable approach you could allow the user to pick the location choosing one of the two values listed in your message below or perhaps even supply their own value.

If we know that the file will exist in one location but not the other then we could simply use a constant_variable with two values to specify the full filepath. If you then used an existence check of at least one your definition should work. Feel free to share your draft definition and we might be able to give you additional guidance.

Regards,

Jon

============================================
Jonathan O. Baker
G022 - IA Industry Collaboration
The MITRE Corporation
Email: [hidden email]


>-----Original Message-----
>From: Gaurav Kumar [mailto:[hidden email]]
>Sent: Friday, December 09, 2011 10:37 AM
>To: oval-developer-list OVAL Developer List/Closed Public Discussion
>Subject: Re: [OVAL-DEVELOPER-LIST] How to assign conditional value to local
>variables?
>
> Do you mean to say that I should assign values (/etc/php.ini ,
> /etc/php/apache2/php.ini etc) to external variable and then interpreter
> will enumerate values at run time? If so, interpreter will need to
> perform evaluation on each value, right?
>
> Thanks,
> ---
> Gaurav Kumar
>
> On Fri, 9 Dec 2011 13:24:44 +0000, Igor Devulsky Prata wrote:
>> Hello Gaurav.
>>
>> For this scenario I usually use external variables in my Baselines.
>> Our Interpreter (modSIC) offers a form field for each external
>> variable in an OVAL Definition file during execution. I only fill
>> with
>> the correct path for this kind of configuration files. Works fine in
>> heterogenic Unix environment.
>>
>> Otherwise, it will be too much rules to predict different OSs.
>>
>>
>>
>>
>>
>>
>> Igor Prata
>> Projetc modSIC - Risk Manager 7
>>
>> Tel: (21) 9678-7885 | Fax: (21) 2123-4601
>>
>>
>>
>>
>>
>> As informações existentes nessa mensagem e nos arquivos anexados são
>> para uso restrito, sendo seu sigilo protegido por lei. Caso não seja
>> destinatário, saiba que leitura, divulgação ou cópia são proibidas.
>> Favor apagar as informações e notificar o remetente. O uso impróprio
>> será tratado conforme as normas da empresa e a legislação em vigor.
>>
>> This message and the files attached contain confidential information
>> and their confidentiality is protected by law. They are intended
>> solely for the use of the individual or entity to whom they are
>> addressed. If you are not the intended recipient, you are not
>> authorized to disclose, distribute or copy this information. Please
>> notify the sender immediately by e-mail if you have received this
>> message by mistake and delete it from your system. Improper use of
>> this information will be treated according to the company's internal
>> rules and the applicable legislation.
>>
>>
>>
>>
>> -----Original Message-----
>> From: Gaurav Kumar [mailto:[hidden email]]
>> Sent: quinta-feira, 8 de dezembro de 2011 18:26
>> To: [hidden email]
>> Subject: [OVAL-DEVELOPER-LIST] How to assign conditional value to
>> local variables?
>>
>>  As per my understanding, a local variable can refer to
>> object_component, variable_component and literal_component. How do I
>> assign value based on a condition? For example, some Linux
>> distributions  use /etc/php5/apache2/php.ini for default PHP.INI
>> location whereas some  use /etc/php.ini ; I would like to create a
>> local variable which first  evaluates which disto is being used and
>> based upon evaluation, I would  like to assign appropriate value.
>>
>>  Thanks,
>>  Gaurav
>>
>> To unsubscribe, send an email message to [hidden email]
>> with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message.  If you
>> have difficulties, write to
>> [hidden email].
>
>To unsubscribe, send an email message to [hidden email] with
>SIGNOFF OVAL-DEVELOPER-LIST
>in the BODY of the message.  If you have difficulties, write to OVAL-
>[hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: How to assign conditional value to local variables?

gauravphoenix
Hi all, 
While I am now able to use external variables, I am wondering if someone can comment on related question -  http://making-security-measurable.1364806.n2.nabble.com/How-to-test-for-Apache-modules-td7073428.html 

Essentially, I am looking for an elegant way to finding out which all modules have been loaded by Apache. One way to achieve this could be to use "process58_object", grep'ing "apache2" and then run lsof -p "process id of apache2" and then grep'ing for php. 

Can we do it with current schema? 


On Fri, Dec 16, 2011 at 7:10 AM, Baker, Jon <[hidden email]> wrote:
Using the external variable approach you could allow the user to pick the location choosing one of the two values listed in your message below or perhaps even supply their own value.

If we know that the file will exist in one location but not the other then we could simply use a constant_variable with two values to specify the full filepath. If you then used an existence check of at least one your definition should work. Feel free to share your draft definition and we might be able to give you additional guidance.

Regards,

Jon

============================================
Jonathan O. Baker
G022 - IA Industry Collaboration
The MITRE Corporation
Email: [hidden email]


>-----Original Message-----
>From: Gaurav Kumar [mailto:[hidden email]]
>Sent: Friday, December 09, 2011 10:37 AM
>To: oval-developer-list OVAL Developer List/Closed Public Discussion
>Subject: Re: [OVAL-DEVELOPER-LIST] How to assign conditional value to local
>variables?
>
> Do you mean to say that I should assign values (/etc/php.ini ,
> /etc/php/apache2/php.ini etc) to external variable and then interpreter
> will enumerate values at run time? If so, interpreter will need to
> perform evaluation on each value, right?
>
> Thanks,
> ---
> Gaurav Kumar
>
> On Fri, 9 Dec 2011 13:24:44 +0000, Igor Devulsky Prata wrote:
>> Hello Gaurav.
>>
>> For this scenario I usually use external variables in my Baselines.
>> Our Interpreter (modSIC) offers a form field for each external
>> variable in an OVAL Definition file during execution. I only fill
>> with
>> the correct path for this kind of configuration files. Works fine in
>> heterogenic Unix environment.
>>
>> Otherwise, it will be too much rules to predict different OSs.
>>
>>
>>
>>
>>
>>
>> Igor Prata
>> Projetc modSIC - Risk Manager 7
>>
>> Tel: <a href="tel:%2821%29%209678-7885" value="+12196787885">(21) 9678-7885 | Fax: (21) 2123-4601
>>
>>
>>
>>
>>
>> As informações existentes nessa mensagem e nos arquivos anexados são
>> para uso restrito, sendo seu sigilo protegido por lei. Caso não seja
>> destinatário, saiba que leitura, divulgação ou cópia são proibidas.
>> Favor apagar as informações e notificar o remetente. O uso impróprio
>> será tratado conforme as normas da empresa e a legislação em vigor.
>>
>> This message and the files attached contain confidential information
>> and their confidentiality is protected by law. They are intended
>> solely for the use of the individual or entity to whom they are
>> addressed. If you are not the intended recipient, you are not
>> authorized to disclose, distribute or copy this information. Please
>> notify the sender immediately by e-mail if you have received this
>> message by mistake and delete it from your system. Improper use of
>> this information will be treated according to the company's internal
>> rules and the applicable legislation.
>>
>>
>>
>>
>> -----Original Message-----
>> From: Gaurav Kumar [mailto:[hidden email]]
>> Sent: quinta-feira, 8 de dezembro de 2011 18:26
>> To: [hidden email]
>> Subject: [OVAL-DEVELOPER-LIST] How to assign conditional value to
>> local variables?
>>
>>  As per my understanding, a local variable can refer to
>> object_component, variable_component and literal_component. How do I
>> assign value based on a condition? For example, some Linux
>> distributions  use /etc/php5/apache2/php.ini for default PHP.INI
>> location whereas some  use /etc/php.ini ; I would like to create a
>> local variable which first  evaluates which disto is being used and
>> based upon evaluation, I would  like to assign appropriate value.
>>
>>  Thanks,
>>  Gaurav
>>
>> To unsubscribe, send an email message to [hidden email]
>> with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message.  If you
>> have difficulties, write to
>> [hidden email].
>
>To unsubscribe, send an email message to [hidden email] with
>SIGNOFF OVAL-DEVELOPER-LIST
>in the BODY of the message.  If you have difficulties, write to OVAL-
>[hidden email].



--
Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:(425)686-9695 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: How to assign conditional value to local variables?

Danny Haynes
Administrator

Hi  Gaurav,


I do not believe there is a way to check the open files of a process in the current version of the OVAL Language.  If such a capability is needed, I can open a tracker so that we make sure to consider it for the next release.

 

Thanks,

Danny

 

From: Gaurav Kumar [mailto:[hidden email]]
Sent: Wednesday, December 21, 2011 5:48 AM
To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: Re: [OVAL-DEVELOPER-LIST] How to assign conditional value to local variables?

 

Hi all, 

While I am now able to use external variables, I am wondering if someone can comment on related question -  http://making-security-measurable.1364806.n2.nabble.com/How-to-test-for-Apache-modules-td7073428.html 

 

Essentially, I am looking for an elegant way to finding out which all modules have been loaded by Apache. One way to achieve this could be to use "process58_object", grep'ing "apache2" and then run lsof -p "process id of apache2" and then grep'ing for php. 

 

Can we do it with current schema? 

 

On Fri, Dec 16, 2011 at 7:10 AM, Baker, Jon <[hidden email]> wrote:

Using the external variable approach you could allow the user to pick the location choosing one of the two values listed in your message below or perhaps even supply their own value.

If we know that the file will exist in one location but not the other then we could simply use a constant_variable with two values to specify the full filepath. If you then used an existence check of at least one your definition should work. Feel free to share your draft definition and we might be able to give you additional guidance.

Regards,

Jon

============================================
Jonathan O. Baker
G022 - IA Industry Collaboration
The MITRE Corporation
Email: [hidden email]



>-----Original Message-----
>From: Gaurav Kumar [mailto:[hidden email]]

>Sent: Friday, December 09, 2011 10:37 AM
>To: oval-developer-list OVAL Developer List/Closed Public Discussion
>Subject: Re: [OVAL-DEVELOPER-LIST] How to assign conditional value to local
>variables?
>
> Do you mean to say that I should assign values (/etc/php.ini ,
> /etc/php/apache2/php.ini etc) to external variable and then interpreter
> will enumerate values at run time? If so, interpreter will need to
> perform evaluation on each value, right?
>
> Thanks,
> ---
> Gaurav Kumar
>
> On Fri, 9 Dec 2011 13:24:44 +0000, Igor Devulsky Prata wrote:
>> Hello Gaurav.
>>
>> For this scenario I usually use external variables in my Baselines.
>> Our Interpreter (modSIC) offers a form field for each external
>> variable in an OVAL Definition file during execution. I only fill
>> with
>> the correct path for this kind of configuration files. Works fine in
>> heterogenic Unix environment.
>>
>> Otherwise, it will be too much rules to predict different OSs.
>>
>>
>>
>>
>>
>>
>> Igor Prata
>> Projetc modSIC - Risk Manager 7
>>
>> Tel: <a href="tel:%2821%29%209678-7885">(21) 9678-7885 | Fax: (21) 2123-4601
>>
>>
>>
>>
>>
>> As informações existentes nessa mensagem e nos arquivos anexados são
>> para uso restrito, sendo seu sigilo protegido por lei. Caso não seja
>> destinatário, saiba que leitura, divulgação ou cópia são proibidas.
>> Favor apagar as informações e notificar o remetente. O uso impróprio
>> será tratado conforme as normas da empresa e a legislação em vigor.
>>
>> This message and the files attached contain confidential information
>> and their confidentiality is protected by law. They are intended
>> solely for the use of the individual or entity to whom they are
>> addressed. If you are not the intended recipient, you are not
>> authorized to disclose, distribute or copy this information. Please
>> notify the sender immediately by e-mail if you have received this
>> message by mistake and delete it from your system. Improper use of
>> this information will be treated according to the company's internal
>> rules and the applicable legislation.
>>
>>
>>
>>
>> -----Original Message-----
>> From: Gaurav Kumar [mailto:[hidden email]]
>> Sent: quinta-feira, 8 de dezembro de 2011 18:26
>> To: [hidden email]
>> Subject: [OVAL-DEVELOPER-LIST] How to assign conditional value to
>> local variables?
>>
>>  As per my understanding, a local variable can refer to
>> object_component, variable_component and literal_component. How do I
>> assign value based on a condition? For example, some Linux
>> distributions  use /etc/php5/apache2/php.ini for default PHP.INI
>> location whereas some  use /etc/php.ini ; I would like to create a
>> local variable which first  evaluates which disto is being used and
>> based upon evaluation, I would  like to assign appropriate value.
>>
>>  Thanks,
>>  Gaurav
>>
>> To unsubscribe, send an email message to [hidden email]
>> with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message.  If you
>> have difficulties, write to
>> [hidden email].
>
>To unsubscribe, send an email message to [hidden email] with
>SIGNOFF OVAL-DEVELOPER-LIST
>in the BODY of the message.  If you have difficulties, write to OVAL-
>[hidden email].


 

--

Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:(425)686-9695 

 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: How to assign conditional value to local variables?

Steve Grubb
On Wednesday, December 21, 2011 06:57:12 AM Haynes, Dan wrote:
> I do not believe there is a way to check the open files of a process in the
> current version of the OVAL Language.  If such a capability is needed, I
> can open a tracker so that we make sure to consider it for the next
> release.

Modules get loaded into memory. At least on Linux you can get to it like this:

# service httpd status
httpd (pid  2855) is running...
# cat /proc/2855/maps | awk '/modules/ {print $6}' | sort | uniq
/usr/lib64/httpd/modules/libphp5.so
/usr/lib64/httpd/modules/mod_actions.so
/usr/lib64/httpd/modules/mod_alias.so
/usr/lib64/httpd/modules/mod_auth_basic.so
/usr/lib64/httpd/modules/mod_auth_digest.so
/usr/lib64/httpd/modules/mod_authn_alias.so
/usr/lib64/httpd/modules/mod_authn_anon.so
/usr/lib64/httpd/modules/mod_authn_dbm.so
/usr/lib64/httpd/modules/mod_authn_default.so
/usr/lib64/httpd/modules/mod_authn_file.so
/usr/lib64/httpd/modules/mod_authnz_ldap.so
/usr/lib64/httpd/modules/mod_authz_dbm.so
/usr/lib64/httpd/modules/mod_authz_default.so
/usr/lib64/httpd/modules/mod_authz_groupfile.so
/usr/lib64/httpd/modules/mod_authz_host.so
/usr/lib64/httpd/modules/mod_authz_owner.so
/usr/lib64/httpd/modules/mod_authz_user.so
/usr/lib64/httpd/modules/mod_autoindex.so
/usr/lib64/httpd/modules/mod_cache.so

....

-Steve

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: How to assign conditional value to local variables?

gauravphoenix
Thanks Steve and Danny!
It will be interesting to have this functionality in OVAL. Danny, can you please add a tracker for it?


On Wed, Dec 21, 2011 at 9:08 AM, Steve Grubb <[hidden email]> wrote:
On Wednesday, December 21, 2011 06:57:12 AM Haynes, Dan wrote:
> I do not believe there is a way to check the open files of a process in the
> current version of the OVAL Language.  If such a capability is needed, I
> can open a tracker so that we make sure to consider it for the next
> release.

Modules get loaded into memory. At least on Linux you can get to it like this:

# service httpd status
httpd (pid  2855) is running...
# cat /proc/2855/maps | awk '/modules/ {print $6}' | sort | uniq
/usr/lib64/httpd/modules/libphp5.so
/usr/lib64/httpd/modules/mod_actions.so
/usr/lib64/httpd/modules/mod_alias.so
/usr/lib64/httpd/modules/mod_auth_basic.so
/usr/lib64/httpd/modules/mod_auth_digest.so
/usr/lib64/httpd/modules/mod_authn_alias.so
/usr/lib64/httpd/modules/mod_authn_anon.so
/usr/lib64/httpd/modules/mod_authn_dbm.so
/usr/lib64/httpd/modules/mod_authn_default.so
/usr/lib64/httpd/modules/mod_authn_file.so
/usr/lib64/httpd/modules/mod_authnz_ldap.so
/usr/lib64/httpd/modules/mod_authz_dbm.so
/usr/lib64/httpd/modules/mod_authz_default.so
/usr/lib64/httpd/modules/mod_authz_groupfile.so
/usr/lib64/httpd/modules/mod_authz_host.so
/usr/lib64/httpd/modules/mod_authz_owner.so
/usr/lib64/httpd/modules/mod_authz_user.so
/usr/lib64/httpd/modules/mod_autoindex.so
/usr/lib64/httpd/modules/mod_cache.so

....

-Steve

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].



--
Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:(425)686-9695 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: How to assign conditional value to local variables?

Danny Haynes
Administrator

Hi Gaurav,

It has been added and its tracker #32717 for future reference. 

 

Also, since the information can be retrieved from proc, it may be worth trying to use the textfilecontent54_test to parse the contents of maps.  Of course, you would need to dynamically build the path in proc using the pid that you find with the process58_object.

 

Thanks,

Danny

 

From: Gaurav Kumar [mailto:[hidden email]]
Sent: Wednesday, December 21, 2011 3:28 PM
To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: Re: [OVAL-DEVELOPER-LIST] How to assign conditional value to local variables?

 

Thanks Steve and Danny!

It will be interesting to have this functionality in OVAL. Danny, can you please add a tracker for it?

 

 

On Wed, Dec 21, 2011 at 9:08 AM, Steve Grubb <[hidden email]> wrote:

On Wednesday, December 21, 2011 06:57:12 AM Haynes, Dan wrote:
> I do not believe there is a way to check the open files of a process in the
> current version of the OVAL Language.  If such a capability is needed, I
> can open a tracker so that we make sure to consider it for the next
> release.

Modules get loaded into memory. At least on Linux you can get to it like this:

# service httpd status
httpd (pid  2855) is running...
# cat /proc/2855/maps | awk '/modules/ {print $6}' | sort | uniq
/usr/lib64/httpd/modules/libphp5.so
/usr/lib64/httpd/modules/mod_actions.so
/usr/lib64/httpd/modules/mod_alias.so
/usr/lib64/httpd/modules/mod_auth_basic.so
/usr/lib64/httpd/modules/mod_auth_digest.so
/usr/lib64/httpd/modules/mod_authn_alias.so
/usr/lib64/httpd/modules/mod_authn_anon.so
/usr/lib64/httpd/modules/mod_authn_dbm.so
/usr/lib64/httpd/modules/mod_authn_default.so
/usr/lib64/httpd/modules/mod_authn_file.so
/usr/lib64/httpd/modules/mod_authnz_ldap.so
/usr/lib64/httpd/modules/mod_authz_dbm.so
/usr/lib64/httpd/modules/mod_authz_default.so
/usr/lib64/httpd/modules/mod_authz_groupfile.so
/usr/lib64/httpd/modules/mod_authz_host.so
/usr/lib64/httpd/modules/mod_authz_owner.so
/usr/lib64/httpd/modules/mod_authz_user.so
/usr/lib64/httpd/modules/mod_autoindex.so
/usr/lib64/httpd/modules/mod_cache.so

....

-Steve


To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].



 

--

Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:(425)686-9695 

 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: How to assign conditional value to local variables?

gauravphoenix
Hi Danny, 
I was able to successfully implement the idea you suggested below. Thank you! 

Please find attached my submission which has two inventory definitions - 1) Check to see if apache2 is running and 2) Check (if apache2 is running) PHP5 module has been loaded into by it. 

One thing I noticed is that process58_object is creating lot of elements (due to usage of if pid is greater than 0) as apache2 spawns multiple processes to handle requests. This can make system-characteristics.xml quite large on a busy web server. 

Is there a way we can limit number of elements returned by process58_object? Similar to "instance"? 

Thanks,

On Wed, Dec 21, 2011 at 3:52 PM, Haynes, Dan <[hidden email]> wrote:

Hi Gaurav,

It has been added and its tracker #32717 for future reference. 

 

Also, since the information can be retrieved from proc, it may be worth trying to use the textfilecontent54_test to parse the contents of maps.  Of course, you would need to dynamically build the path in proc using the pid that you find with the process58_object.

 

Thanks,

Danny

 

From: Gaurav Kumar [mailto:[hidden email]]
Sent: Wednesday, December 21, 2011 3:28 PM


To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: Re: [OVAL-DEVELOPER-LIST] How to assign conditional value to local variables?

 

Thanks Steve and Danny!

It will be interesting to have this functionality in OVAL. Danny, can you please add a tracker for it?

 

 

On Wed, Dec 21, 2011 at 9:08 AM, Steve Grubb <[hidden email]> wrote:

On Wednesday, December 21, 2011 06:57:12 AM Haynes, Dan wrote:
> I do not believe there is a way to check the open files of a process in the
> current version of the OVAL Language.  If such a capability is needed, I
> can open a tracker so that we make sure to consider it for the next
> release.

Modules get loaded into memory. At least on Linux you can get to it like this:

# service httpd status
httpd (pid  2855) is running...
# cat /proc/2855/maps | awk '/modules/ {print $6}' | sort | uniq
/usr/lib64/httpd/modules/libphp5.so
/usr/lib64/httpd/modules/mod_actions.so
/usr/lib64/httpd/modules/mod_alias.so
/usr/lib64/httpd/modules/mod_auth_basic.so
/usr/lib64/httpd/modules/mod_auth_digest.so
/usr/lib64/httpd/modules/mod_authn_alias.so
/usr/lib64/httpd/modules/mod_authn_anon.so
/usr/lib64/httpd/modules/mod_authn_dbm.so
/usr/lib64/httpd/modules/mod_authn_default.so
/usr/lib64/httpd/modules/mod_authn_file.so
/usr/lib64/httpd/modules/mod_authnz_ldap.so
/usr/lib64/httpd/modules/mod_authz_dbm.so
/usr/lib64/httpd/modules/mod_authz_default.so
/usr/lib64/httpd/modules/mod_authz_groupfile.so
/usr/lib64/httpd/modules/mod_authz_host.so
/usr/lib64/httpd/modules/mod_authz_owner.so
/usr/lib64/httpd/modules/mod_authz_user.so
/usr/lib64/httpd/modules/mod_autoindex.so
/usr/lib64/httpd/modules/mod_cache.so

....

-Steve


To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].



 

--

Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:<a href="tel:%28425%29686-9695" value="+14256869695" target="_blank">(425)686-9695 

 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].



--
Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:(425)686-9695 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

lib.xml (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: How to assign conditional value to local variables?

Danny Haynes
Administrator

Hi Gaurav,


If there is an entity in the process58_item that will distinguish between the items that you actually want to collect and all of the items that were collected, you could use an object filter to restrict what items are collected.

 

Thanks,

Danny

 

From: Gaurav Kumar [mailto:[hidden email]]
Sent: Sunday, December 25, 2011 3:06 AM
To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: Re: [OVAL-DEVELOPER-LIST] How to assign conditional value to local variables?

 

Hi Danny, 

I was able to successfully implement the idea you suggested below. Thank you! 

 

Please find attached my submission which has two inventory definitions - 1) Check to see if apache2 is running and 2) Check (if apache2 is running) PHP5 module has been loaded into by it. 

 

One thing I noticed is that process58_object is creating lot of elements (due to usage of if pid is greater than 0) as apache2 spawns multiple processes to handle requests. This can make system-characteristics.xml quite large on a busy web server. 

 

Is there a way we can limit number of elements returned by process58_object? Similar to "instance"? 

 

Thanks,

 

On Wed, Dec 21, 2011 at 3:52 PM, Haynes, Dan <[hidden email]> wrote:

Hi Gaurav,

It has been added and its tracker #32717 for future reference. 

 

Also, since the information can be retrieved from proc, it may be worth trying to use the textfilecontent54_test to parse the contents of maps.  Of course, you would need to dynamically build the path in proc using the pid that you find with the process58_object.

 

Thanks,

Danny

 

From: Gaurav Kumar [mailto:[hidden email]]
Sent: Wednesday, December 21, 2011 3:28 PM


To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: Re: [OVAL-DEVELOPER-LIST] How to assign conditional value to local variables?

 

Thanks Steve and Danny!

It will be interesting to have this functionality in OVAL. Danny, can you please add a tracker for it?

 

 

On Wed, Dec 21, 2011 at 9:08 AM, Steve Grubb <[hidden email]> wrote:

On Wednesday, December 21, 2011 06:57:12 AM Haynes, Dan wrote:
> I do not believe there is a way to check the open files of a process in the
> current version of the OVAL Language.  If such a capability is needed, I
> can open a tracker so that we make sure to consider it for the next
> release.

Modules get loaded into memory. At least on Linux you can get to it like this:

# service httpd status
httpd (pid  2855) is running...
# cat /proc/2855/maps | awk '/modules/ {print $6}' | sort | uniq
/usr/lib64/httpd/modules/libphp5.so
/usr/lib64/httpd/modules/mod_actions.so
/usr/lib64/httpd/modules/mod_alias.so
/usr/lib64/httpd/modules/mod_auth_basic.so
/usr/lib64/httpd/modules/mod_auth_digest.so
/usr/lib64/httpd/modules/mod_authn_alias.so
/usr/lib64/httpd/modules/mod_authn_anon.so
/usr/lib64/httpd/modules/mod_authn_dbm.so
/usr/lib64/httpd/modules/mod_authn_default.so
/usr/lib64/httpd/modules/mod_authn_file.so
/usr/lib64/httpd/modules/mod_authnz_ldap.so
/usr/lib64/httpd/modules/mod_authz_dbm.so
/usr/lib64/httpd/modules/mod_authz_default.so
/usr/lib64/httpd/modules/mod_authz_groupfile.so
/usr/lib64/httpd/modules/mod_authz_host.so
/usr/lib64/httpd/modules/mod_authz_owner.so
/usr/lib64/httpd/modules/mod_authz_user.so
/usr/lib64/httpd/modules/mod_autoindex.so
/usr/lib64/httpd/modules/mod_cache.so

....

-Steve


To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].



 

--

Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:<a href="tel:%28425%29686-9695" target="_blank">(425)686-9695 

 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].



 

--

Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:(425)686-9695 

 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: How to assign conditional value to local variables?

gauravphoenix
Hi Danny, 
My object looks like this- 

<process58_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:org.owasp.oval:obj:1" version="0" comment="Object holds apache2 process info">
      <command_line operation="pattern match">.*apache2 .*|.*httpd .* </command_line>
      <pid datatype="int" operation="greater than">0</pid>
<oval-def:filter action="include">oval:org.owasp.oval:ste:2</oval-def:filter>

and the state - 

<process_state id="oval:org.owasp.oval:ste:2" version="0" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix">
<pid operation="greater than" datatype="int">0</pid>
</process_state>

Since the filter action says "include" I was hoping that system-characteristics.xml file will contain only the PID information, but I can still see all other info being collected. 

Please advise. 

Thanks,


On Tue, Dec 27, 2011 at 9:11 AM, Haynes, Dan <[hidden email]> wrote:

Hi Gaurav,


If there is an entity in the process58_item that will distinguish between the items that you actually want to collect and all of the items that were collected, you could use an object filter to restrict what items are collected.

 

Thanks,

Danny

 

From: Gaurav Kumar [mailto:[hidden email]]
Sent: Sunday, December 25, 2011 3:06 AM


To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: Re: [OVAL-DEVELOPER-LIST] How to assign conditional value to local variables?

 

Hi Danny, 

I was able to successfully implement the idea you suggested below. Thank you! 

 

Please find attached my submission which has two inventory definitions - 1) Check to see if apache2 is running and 2) Check (if apache2 is running) PHP5 module has been loaded into by it. 

 

One thing I noticed is that process58_object is creating lot of elements (due to usage of if pid is greater than 0) as apache2 spawns multiple processes to handle requests. This can make system-characteristics.xml quite large on a busy web server. 

 

Is there a way we can limit number of elements returned by process58_object? Similar to "instance"? 

 

Thanks,

 

On Wed, Dec 21, 2011 at 3:52 PM, Haynes, Dan <[hidden email]> wrote:

Hi Gaurav,

It has been added and its tracker #32717 for future reference. 

 

Also, since the information can be retrieved from proc, it may be worth trying to use the textfilecontent54_test to parse the contents of maps.  Of course, you would need to dynamically build the path in proc using the pid that you find with the process58_object.

 

Thanks,

Danny

 

From: Gaurav Kumar [mailto:[hidden email]]
Sent: Wednesday, December 21, 2011 3:28 PM


To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: Re: [OVAL-DEVELOPER-LIST] How to assign conditional value to local variables?

 

Thanks Steve and Danny!

It will be interesting to have this functionality in OVAL. Danny, can you please add a tracker for it?

 

 

On Wed, Dec 21, 2011 at 9:08 AM, Steve Grubb <[hidden email]> wrote:

On Wednesday, December 21, 2011 06:57:12 AM Haynes, Dan wrote:
> I do not believe there is a way to check the open files of a process in the
> current version of the OVAL Language.  If such a capability is needed, I
> can open a tracker so that we make sure to consider it for the next
> release.

Modules get loaded into memory. At least on Linux you can get to it like this:

# service httpd status
httpd (pid  2855) is running...
# cat /proc/2855/maps | awk '/modules/ {print $6}' | sort | uniq
/usr/lib64/httpd/modules/libphp5.so
/usr/lib64/httpd/modules/mod_actions.so
/usr/lib64/httpd/modules/mod_alias.so
/usr/lib64/httpd/modules/mod_auth_basic.so
/usr/lib64/httpd/modules/mod_auth_digest.so
/usr/lib64/httpd/modules/mod_authn_alias.so
/usr/lib64/httpd/modules/mod_authn_anon.so
/usr/lib64/httpd/modules/mod_authn_dbm.so
/usr/lib64/httpd/modules/mod_authn_default.so
/usr/lib64/httpd/modules/mod_authn_file.so
/usr/lib64/httpd/modules/mod_authnz_ldap.so
/usr/lib64/httpd/modules/mod_authz_dbm.so
/usr/lib64/httpd/modules/mod_authz_default.so
/usr/lib64/httpd/modules/mod_authz_groupfile.so
/usr/lib64/httpd/modules/mod_authz_host.so
/usr/lib64/httpd/modules/mod_authz_owner.so
/usr/lib64/httpd/modules/mod_authz_user.so
/usr/lib64/httpd/modules/mod_autoindex.so
/usr/lib64/httpd/modules/mod_cache.so

....

-Steve


To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].



 

--

Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:<a href="tel:%28425%29686-9695" target="_blank">(425)686-9695 

 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].



 

--

Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:<a href="tel:%28425%29686-9695" value="+14256869695" target="_blank">(425)686-9695 

 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].



--
Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:(425)686-9695 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: How to assign conditional value to local variables?

joval
The object datatype and filter are redundant. There is no way to
restrict the data returned in an item; any interpreter will try and
capture all the data it can, since that's what the specification
requires.

How many processes match that pattern? It's not like you're going to
end up with a million items, right?

On 12/27/2011 5:14 PM, Gaurav Kumar wrote:
Hi Danny, 
My object looks like this- 

<process58_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:org.owasp.oval:obj:1" version="0" comment="Object holds apache2 process info">
      <command_line operation="pattern match">.*apache2 .*|.*httpd .* </command_line>
      <pid datatype="int" operation="greater than">0</pid>
<oval-def:filter action="include">oval:org.owasp.oval:ste:2</oval-def:filter>

and the state - 

<process_state id="oval:org.owasp.oval:ste:2" version="0" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix">
<pid operation="greater than" datatype="int">0</pid>
</process_state>

Since the filter action says "include" I was hoping that system-characteristics.xml file will contain only the PID information, but I can still see all other info being collected. 

Please advise. 

Thanks,


On Tue, Dec 27, 2011 at 9:11 AM, Haynes, Dan <[hidden email]> wrote:

Hi Gaurav,


If there is an entity in the process58_item that will distinguish between the items that you actually want to collect and all of the items that were collected, you could use an object filter to restrict what items are collected.

 

Thanks,

Danny

 

From: Gaurav Kumar [mailto:[hidden email]]
Sent: Sunday, December 25, 2011 3:06 AM


To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: Re: [OVAL-DEVELOPER-LIST] How to assign conditional value to local variables?

 

Hi Danny, 

I was able to successfully implement the idea you suggested below. Thank you! 

 

Please find attached my submission which has two inventory definitions - 1) Check to see if apache2 is running and 2) Check (if apache2 is running) PHP5 module has been loaded into by it. 

 

One thing I noticed is that process58_object is creating lot of elements (due to usage of if pid is greater than 0) as apache2 spawns multiple processes to handle requests. This can make system-characteristics.xml quite large on a busy web server. 

 

Is there a way we can limit number of elements returned by process58_object? Similar to "instance"? 

 

Thanks,

 

On Wed, Dec 21, 2011 at 3:52 PM, Haynes, Dan <[hidden email]> wrote:

Hi Gaurav,

It has been added and its tracker #32717 for future reference. 

 

Also, since the information can be retrieved from proc, it may be worth trying to use the textfilecontent54_test to parse the contents of maps.  Of course, you would need to dynamically build the path in proc using the pid that you find with the process58_object.

 

Thanks,

Danny

 

From: Gaurav Kumar [mailto:[hidden email]]
Sent: Wednesday, December 21, 2011 3:28 PM


To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: Re: [OVAL-DEVELOPER-LIST] How to assign conditional value to local variables?

 

Thanks Steve and Danny!

It will be interesting to have this functionality in OVAL. Danny, can you please add a tracker for it?

 

 

On Wed, Dec 21, 2011 at 9:08 AM, Steve Grubb <[hidden email]> wrote:

On Wednesday, December 21, 2011 06:57:12 AM Haynes, Dan wrote:
> I do not believe there is a way to check the open files of a process in the
> current version of the OVAL Language.  If such a capability is needed, I
> can open a tracker so that we make sure to consider it for the next
> release.

Modules get loaded into memory. At least on Linux you can get to it like this:

# service httpd status
httpd (pid  2855) is running...
# cat /proc/2855/maps | awk '/modules/ {print $6}' | sort | uniq
/usr/lib64/httpd/modules/libphp5.so
/usr/lib64/httpd/modules/mod_actions.so
/usr/lib64/httpd/modules/mod_alias.so
/usr/lib64/httpd/modules/mod_auth_basic.so
/usr/lib64/httpd/modules/mod_auth_digest.so
/usr/lib64/httpd/modules/mod_authn_alias.so
/usr/lib64/httpd/modules/mod_authn_anon.so
/usr/lib64/httpd/modules/mod_authn_dbm.so
/usr/lib64/httpd/modules/mod_authn_default.so
/usr/lib64/httpd/modules/mod_authn_file.so
/usr/lib64/httpd/modules/mod_authnz_ldap.so
/usr/lib64/httpd/modules/mod_authz_dbm.so
/usr/lib64/httpd/modules/mod_authz_default.so
/usr/lib64/httpd/modules/mod_authz_groupfile.so
/usr/lib64/httpd/modules/mod_authz_host.so
/usr/lib64/httpd/modules/mod_authz_owner.so
/usr/lib64/httpd/modules/mod_authz_user.so
/usr/lib64/httpd/modules/mod_autoindex.so
/usr/lib64/httpd/modules/mod_cache.so

....

-Steve


To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].



 

--

Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:<a moz-do-not-send="true" href="tel:%28425%29686-9695" target="_blank">(425)686-9695 

 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].



 

--

Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:<a moz-do-not-send="true" href="tel:%28425%29686-9695" value="+14256869695" target="_blank">(425)686-9695 

 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].



--
Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:(425)686-9695 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].


--

jOVAL.org: OVAL implemented in Java.
Scan any machine from any machine. For free!
Learn More | Features | Download

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

jOVAL.org: OVAL implemented in Java.
Scan any machine from any machine. For free!
Learn More | Features | Download

Reply | Threaded
Open this post in threaded view
|

Re: How to assign conditional value to local variables?

gauravphoenix
Well, on a busy Apache web servers, there could be many- totally depends upon number of requests being processed by web server. For each request, there will be new process and hence a process58 object. I won't say millions, but maybe in 100s for a busy server. 

Can we open a tracker to address the concern? Specifying which "key" and/or limiting number of matching items will help in reducing the system-characteristics file size and hence better performance during evaluation. 

This use case scenario is valid for any daemon which spawns process for processing. I think Sendmail is also one of them. 


On Tue, Dec 27, 2011 at 8:36 PM, David Solin <[hidden email]> wrote:
The object datatype and filter are redundant. There is no way to
restrict the data returned in an item; any interpreter will try and
capture all the data it can, since that's what the specification
requires.

How many processes match that pattern? It's not like you're going to
end up with a million items, right?

On 12/27/2011 5:14 PM, Gaurav Kumar wrote:
Hi Danny, 
My object looks like this- 

<process58_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:org.owasp.oval:obj:1" version="0" comment="Object holds apache2 process info">
      <command_line operation="pattern match">.*apache2 .*|.*httpd .* </command_line>
      <pid datatype="int" operation="greater than">0</pid>
<oval-def:filter action="include">oval:org.owasp.oval:ste:2</oval-def:filter>

and the state - 

<process_state id="oval:org.owasp.oval:ste:2" version="0" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix">
<pid operation="greater than" datatype="int">0</pid>
</process_state>

Since the filter action says "include" I was hoping that system-characteristics.xml file will contain only the PID information, but I can still see all other info being collected. 

Please advise. 

Thanks,


On Tue, Dec 27, 2011 at 9:11 AM, Haynes, Dan <[hidden email]> wrote:

Hi Gaurav,


If there is an entity in the process58_item that will distinguish between the items that you actually want to collect and all of the items that were collected, you could use an object filter to restrict what items are collected.

 

Thanks,

Danny

 

From: Gaurav Kumar [mailto:[hidden email]]
Sent: Sunday, December 25, 2011 3:06 AM


To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: Re: [OVAL-DEVELOPER-LIST] How to assign conditional value to local variables?

 

Hi Danny, 

I was able to successfully implement the idea you suggested below. Thank you! 

 

Please find attached my submission which has two inventory definitions - 1) Check to see if apache2 is running and 2) Check (if apache2 is running) PHP5 module has been loaded into by it. 

 

One thing I noticed is that process58_object is creating lot of elements (due to usage of if pid is greater than 0) as apache2 spawns multiple processes to handle requests. This can make system-characteristics.xml quite large on a busy web server. 

 

Is there a way we can limit number of elements returned by process58_object? Similar to "instance"? 

 

Thanks,

 

On Wed, Dec 21, 2011 at 3:52 PM, Haynes, Dan <[hidden email]> wrote:

Hi Gaurav,

It has been added and its tracker #32717 for future reference. 

 

Also, since the information can be retrieved from proc, it may be worth trying to use the textfilecontent54_test to parse the contents of maps.  Of course, you would need to dynamically build the path in proc using the pid that you find with the process58_object.

 

Thanks,

Danny

 

From: Gaurav Kumar [mailto:[hidden email]]
Sent: Wednesday, December 21, 2011 3:28 PM


To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: Re: [OVAL-DEVELOPER-LIST] How to assign conditional value to local variables?

 

Thanks Steve and Danny!

It will be interesting to have this functionality in OVAL. Danny, can you please add a tracker for it?

 

 

On Wed, Dec 21, 2011 at 9:08 AM, Steve Grubb <[hidden email]> wrote:

On Wednesday, December 21, 2011 06:57:12 AM Haynes, Dan wrote:
> I do not believe there is a way to check the open files of a process in the
> current version of the OVAL Language.  If such a capability is needed, I
> can open a tracker so that we make sure to consider it for the next
> release.

Modules get loaded into memory. At least on Linux you can get to it like this:

# service httpd status
httpd (pid  2855) is running...
# cat /proc/2855/maps | awk '/modules/ {print $6}' | sort | uniq
/usr/lib64/httpd/modules/libphp5.so
/usr/lib64/httpd/modules/mod_actions.so
/usr/lib64/httpd/modules/mod_alias.so
/usr/lib64/httpd/modules/mod_auth_basic.so
/usr/lib64/httpd/modules/mod_auth_digest.so
/usr/lib64/httpd/modules/mod_authn_alias.so
/usr/lib64/httpd/modules/mod_authn_anon.so
/usr/lib64/httpd/modules/mod_authn_dbm.so
/usr/lib64/httpd/modules/mod_authn_default.so
/usr/lib64/httpd/modules/mod_authn_file.so
/usr/lib64/httpd/modules/mod_authnz_ldap.so
/usr/lib64/httpd/modules/mod_authz_dbm.so
/usr/lib64/httpd/modules/mod_authz_default.so
/usr/lib64/httpd/modules/mod_authz_groupfile.so
/usr/lib64/httpd/modules/mod_authz_host.so
/usr/lib64/httpd/modules/mod_authz_owner.so
/usr/lib64/httpd/modules/mod_authz_user.so
/usr/lib64/httpd/modules/mod_autoindex.so
/usr/lib64/httpd/modules/mod_cache.so

....

-Steve


To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].



 

--

Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:<a href="tel:%28425%29686-9695" target="_blank">(425)686-9695 

 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].



 

--

Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:<a href="tel:%28425%29686-9695" value="+14256869695" target="_blank">(425)686-9695 

 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].



--
Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:<a href="tel:%28425%29686-9695" value="+14256869695" target="_blank">(425)686-9695 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].


--

jOVAL.org: OVAL implemented in Java.
Scan any machine from any machine. For free!
Learn More | Features | Download




--
Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:(425)686-9695 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: How to assign conditional value to local variables?

joval
Hi Gaurav,

You should see the SystemCharacteristics.xml file generated by the SCAP content for Fedora ... scanning my fairly minimal test image it's 297 MB, containing a Unix file_item for (I believe) every file on the machine.  After encountering that monster, a file with only a few hundred objects doesn't strike me as especially large.

Also, there are some pretty large items (in terms of XML footprint) that make the process58 item seem small ... The Unix file_item has something like 23 elements; the Linux rpm_info item has a filepath element for every file in the whole RPM -- which can be a lot.

To achieve exactly what you're asking, I think an attribute would have to be added to the EntitySimpleBaseType that would control filtering at that level.  However, if you're just interested in the OVAL results without the system characteristics data, you can use OVAL directives to filter out the system-characteristics data based on the specific definition result.  This would allow you to exclude item data from the results.xml file if, for instance, your definition evaluates to true (perhaps you'd only want the data for debugging purposes if it evaluates to false or error).

Regards,
--David

On 12/27/2011 8:39 PM, Gaurav Kumar wrote:
Well, on a busy Apache web servers, there could be many- totally depends upon number of requests being processed by web server. For each request, there will be new process and hence a process58 object. I won't say millions, but maybe in 100s for a busy server. 

Can we open a tracker to address the concern? Specifying which "key" and/or limiting number of matching items will help in reducing the system-characteristics file size and hence better performance during evaluation. 

This use case scenario is valid for any daemon which spawns process for processing. I think Sendmail is also one of them. 


On Tue, Dec 27, 2011 at 8:36 PM, David Solin <[hidden email]> wrote:
The object datatype and filter are redundant. There is no way to
restrict the data returned in an item; any interpreter will try and
capture all the data it can, since that's what the specification
requires.

How many processes match that pattern? It's not like you're going to
end up with a million items, right?

On 12/27/2011 5:14 PM, Gaurav Kumar wrote:
Hi Danny, 
My object looks like this- 

<process58_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:org.owasp.oval:obj:1" version="0" comment="Object holds apache2 process info">
      <command_line operation="pattern match">.*apache2 .*|.*httpd .* </command_line>
      <pid datatype="int" operation="greater than">0</pid>
<oval-def:filter action="include">oval:org.owasp.oval:ste:2</oval-def:filter>

and the state - 

<process_state id="oval:org.owasp.oval:ste:2" version="0" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix">
<pid operation="greater than" datatype="int">0</pid>
</process_state>

Since the filter action says "include" I was hoping that system-characteristics.xml file will contain only the PID information, but I can still see all other info being collected. 

Please advise. 

Thanks,


On Tue, Dec 27, 2011 at 9:11 AM, Haynes, Dan <[hidden email]> wrote:

Hi Gaurav,


If there is an entity in the process58_item that will distinguish between the items that you actually want to collect and all of the items that were collected, you could use an object filter to restrict what items are collected.

 

Thanks,

Danny

 

From: Gaurav Kumar [mailto:[hidden email]]
Sent: Sunday, December 25, 2011 3:06 AM


To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: Re: [OVAL-DEVELOPER-LIST] How to assign conditional value to local variables?

 

Hi Danny, 

I was able to successfully implement the idea you suggested below. Thank you! 

 

Please find attached my submission which has two inventory definitions - 1) Check to see if apache2 is running and 2) Check (if apache2 is running) PHP5 module has been loaded into by it. 

 

One thing I noticed is that process58_object is creating lot of elements (due to usage of if pid is greater than 0) as apache2 spawns multiple processes to handle requests. This can make system-characteristics.xml quite large on a busy web server. 

 

Is there a way we can limit number of elements returned by process58_object? Similar to "instance"? 

 

Thanks,

 

On Wed, Dec 21, 2011 at 3:52 PM, Haynes, Dan <[hidden email]> wrote:

Hi Gaurav,

It has been added and its tracker #32717 for future reference. 

 

Also, since the information can be retrieved from proc, it may be worth trying to use the textfilecontent54_test to parse the contents of maps.  Of course, you would need to dynamically build the path in proc using the pid that you find with the process58_object.

 

Thanks,

Danny

 

From: Gaurav Kumar [mailto:[hidden email]]
Sent: Wednesday, December 21, 2011 3:28 PM


To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: Re: [OVAL-DEVELOPER-LIST] How to assign conditional value to local variables?

 

Thanks Steve and Danny!

It will be interesting to have this functionality in OVAL. Danny, can you please add a tracker for it?

 

 

On Wed, Dec 21, 2011 at 9:08 AM, Steve Grubb <[hidden email]> wrote:

On Wednesday, December 21, 2011 06:57:12 AM Haynes, Dan wrote:
> I do not believe there is a way to check the open files of a process in the
> current version of the OVAL Language.  If such a capability is needed, I
> can open a tracker so that we make sure to consider it for the next
> release.

Modules get loaded into memory. At least on Linux you can get to it like this:

# service httpd status
httpd (pid  2855) is running...
# cat /proc/2855/maps | awk '/modules/ {print $6}' | sort | uniq
/usr/lib64/httpd/modules/libphp5.so
/usr/lib64/httpd/modules/mod_actions.so
/usr/lib64/httpd/modules/mod_alias.so
/usr/lib64/httpd/modules/mod_auth_basic.so
/usr/lib64/httpd/modules/mod_auth_digest.so
/usr/lib64/httpd/modules/mod_authn_alias.so
/usr/lib64/httpd/modules/mod_authn_anon.so
/usr/lib64/httpd/modules/mod_authn_dbm.so
/usr/lib64/httpd/modules/mod_authn_default.so
/usr/lib64/httpd/modules/mod_authn_file.so
/usr/lib64/httpd/modules/mod_authnz_ldap.so
/usr/lib64/httpd/modules/mod_authz_dbm.so
/usr/lib64/httpd/modules/mod_authz_default.so
/usr/lib64/httpd/modules/mod_authz_groupfile.so
/usr/lib64/httpd/modules/mod_authz_host.so
/usr/lib64/httpd/modules/mod_authz_owner.so
/usr/lib64/httpd/modules/mod_authz_user.so
/usr/lib64/httpd/modules/mod_autoindex.so
/usr/lib64/httpd/modules/mod_cache.so

....

-Steve


To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].



 

--

Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:<a moz-do-not-send="true" href="tel:%28425%29686-9695" target="_blank">(425)686-9695 

 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].



 

--

Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:<a moz-do-not-send="true" href="tel:%28425%29686-9695" value="+14256869695" target="_blank">(425)686-9695 

 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].



--
Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:<a moz-do-not-send="true" href="tel:%28425%29686-9695" value="+14256869695" target="_blank">(425)686-9695 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].


--

jOVAL.org: OVAL implemented in Java.
Scan any machine from any machine. For free!
Learn More | Features | Download




--
Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:(425)686-9695 



--

jOVAL.org: OVAL implemented in Java.
Scan any machine from any machine. For free!
Learn More | Features | Download

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

jOVAL.org: OVAL implemented in Java.
Scan any machine from any machine. For free!
Learn More | Features | Download

Reply | Threaded
Open this post in threaded view
|

Re: How to assign conditional value to local variables?

gauravphoenix
Thanks David! 

Using directives is certainly an interesting idea.

After learning about the 297 MB file size you mentioned, I think it will make even more sense to have an option to limit the amount of information being collected. Not just for process58 object but for all of the objects. 

Cheers,

On Tue, Dec 27, 2011 at 11:06 PM, David Solin <[hidden email]> wrote:
OVAL directives



--
Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:(425)686-9695 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: How to assign conditional value to local variables?

joval
Hi Gaurav,

After doing a little more reading, I am reconsidering my previous answer.  I think perhaps what I proposed already exists in the form of the mask attribute of the EntityAttributeGroup.  The mask governs whether or not an element should be hidden from the system characteristics inside the results.xml.  So, try adding the attribute mask="true" to the fields you want hidden.

Note, this won't have any impact on system-characteristics.xml, only results.xml.

Cheers,
--David

On 12/27/2011 10:53 PM, Gaurav Kumar wrote:
Thanks David! 

Using directives is certainly an interesting idea.

After learning about the 297 MB file size you mentioned, I think it will make even more sense to have an option to limit the amount of information being collected. Not just for process58 object but for all of the objects. 

Cheers,

On Tue, Dec 27, 2011 at 11:06 PM, David Solin <[hidden email]> wrote:
OVAL directives



--
Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:(425)686-9695 



--

jOVAL.org: OVAL implemented in Java.
Scan any machine from any machine. For free!
Learn More | Features | Download

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

jOVAL.org: OVAL implemented in Java.
Scan any machine from any machine. For free!
Learn More | Features | Download

Reply | Threaded
Open this post in threaded view
|

Re: How to assign conditional value to local variables?

Danny Haynes
Administrator

The mask attribute does not allow you to specify which entities get written to the system-characteristics and results files, but rather, which entities should have their datatypes, operations, and values omitted from the results.  After re-reading the mask documentation in the schema, I can see how you may have thought this.  The documentation does not make this distinction very clear.  However, if you look at Section 5.3.7 of the OVAL Language Specification, it will hopefully be clearer ;).  The section states:

 

When the mask property is set to ‘true’ on an OVAL Entity or an OVAL Field, the value of that OVAL Entity or OVAL Field MUST NOT be present in the OVAL Results. Additionally, the mask property MUST be set to ‘true’ for any OVAL Entity or OVAL Field or corresponding OVAL Item Entity or OVAL Field in the OVAL Results where the system state information was omitted.

 

When the mask property is set to ‘true’ on an OVAL Entity with a datatype of ‘record’, each OVAL Field MUST have its operation and value or value omitted from the OVAL Results regardless of the OVAL Field’s mask property value.

 

It is possible for masking conflicts to occur where one entity has mask set to ‘true’ and another entity has mask set to ‘false’. Such a conflict will occur when the mask attribute is set differently on an OVAL Object and OVAL State or when more than one OVAL Objects identify the same OVAL Item(s). When such a conflict occurs the value MUST always be masked.

 

Values MUST NOT be masked in OVAL System Characteristics that are not contained within OVAL Results.

 

Thanks,

Danny

 

From: David Solin [mailto:[hidden email]]
Sent: Wednesday, December 28, 2011 5:57 PM
To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: Re: [OVAL-DEVELOPER-LIST] How to assign conditional value to local variables?

 

Hi Gaurav,

After doing a little more reading, I am reconsidering my previous answer.  I think perhaps what I proposed already exists in the form of the mask attribute of the EntityAttributeGroup.  The mask governs whether or not an element should be hidden from the system characteristics inside the results.xml.  So, try adding the attribute mask="true" to the fields you want hidden.

Note, this won't have any impact on system-characteristics.xml, only results.xml.

Cheers,
--David

On 12/27/2011 10:53 PM, Gaurav Kumar wrote:

Thanks David! 

 

Using directives is certainly an interesting idea.

 

After learning about the 297 MB file size you mentioned, I think it will make even more sense to have an option to limit the amount of information being collected. Not just for process58 object but for all of the objects. 

 

Cheers,

 

On Tue, Dec 27, 2011 at 11:06 PM, David Solin <[hidden email]> wrote:

OVAL directives



 

--

Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:(425)686-9695 

 

 

--

jOVAL.org: OVAL implemented in Java.
Scan any machine from any machine. For free!
Learn More | Features | Download

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: How to assign conditional value to local variables?

gauravphoenix
So Danny, will it make sense to an option to specify what content should go into  system-characteristics file?

On Wed, Dec 28, 2011 at 6:58 PM, Haynes, Dan <[hidden email]> wrote:

The mask attribute does not allow you to specify which entities get written to the system-characteristics and results files, but rather, which entities should have their datatypes, operations, and values omitted from the results.  After re-reading the mask documentation in the schema, I can see how you may have thought this.  The documentation does not make this distinction very clear.  However, if you look at Section 5.3.7 of the OVAL Language Specification, it will hopefully be clearer ;).  The section states:

 

When the mask property is set to ‘true’ on an OVAL Entity or an OVAL Field, the value of that OVAL Entity or OVAL Field MUST NOT be present in the OVAL Results. Additionally, the mask property MUST be set to ‘true’ for any OVAL Entity or OVAL Field or corresponding OVAL Item Entity or OVAL Field in the OVAL Results where the system state information was omitted.

 

When the mask property is set to ‘true’ on an OVAL Entity with a datatype of ‘record’, each OVAL Field MUST have its operation and value or value omitted from the OVAL Results regardless of the OVAL Field’s mask property value.

 

It is possible for masking conflicts to occur where one entity has mask set to ‘true’ and another entity has mask set to ‘false’. Such a conflict will occur when the mask attribute is set differently on an OVAL Object and OVAL State or when more than one OVAL Objects identify the same OVAL Item(s). When such a conflict occurs the value MUST always be masked.

 

Values MUST NOT be masked in OVAL System Characteristics that are not contained within OVAL Results.

 

Thanks,

Danny

 

From: David Solin [mailto:[hidden email]]
Sent: Wednesday, December 28, 2011 5:57 PM


To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: Re: [OVAL-DEVELOPER-LIST] How to assign conditional value to local variables?

 

Hi Gaurav,



After doing a little more reading, I am reconsidering my previous answer.  I think perhaps what I proposed already exists in the form of the mask attribute of the EntityAttributeGroup.  The mask governs whether or not an element should be hidden from the system characteristics inside the results.xml.  So, try adding the attribute mask="true" to the fields you want hidden.

Note, this won't have any impact on system-characteristics.xml, only results.xml.

Cheers,
--David

On 12/27/2011 10:53 PM, Gaurav Kumar wrote:

Thanks David! 

 

Using directives is certainly an interesting idea.

 

After learning about the 297 MB file size you mentioned, I think it will make even more sense to have an option to limit the amount of information being collected. Not just for process58 object but for all of the objects. 

 

Cheers,

 

On Tue, Dec 27, 2011 at 11:06 PM, David Solin <[hidden email]> wrote:

OVAL directives



 

--

Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:<a href="tel:%28425%29686-9695" value="+14256869695" target="_blank">(425)686-9695 

 

 

--

jOVAL.org: OVAL implemented in Java.
Scan any machine from any machine. For free!
Learn More | Features | Download

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].



--
Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:(425)686-9695 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: How to assign conditional value to local variables?

Hansbury, Matt
In reply to this post by gauravphoenix
Hi Guarav,

I have reviewed this submission and had a few questions for you and the larger community (I added our oval-discussion mailing list to this email thread).

First, I had to make a few changes to make the submission valid:

1. The oval_repository section was:

<oval_repository>
          <contributor organization="Pivotal Security">Gaurav Kumar</contributor>
          <status>INITIAL SUBMISSION</status>
 </oval_repository>

But should be:

<oval_repository>
          <dates>
              <submitted date="2011-12-24T22:51:25.771-05:00">
                <contributor organization="Pivotal Security">Gaurav Kumar</contributor>
              </submitted>
          </dates>
          <status>INITIAL SUBMISSION</status>
</oval_repository>

2. There was also an unnecessary <criteria> in one of the Definitions, which was giving an authoring guide error.  I removed the extra <criteria>.

Those updates were simple.  Now I also noticed:

1. There are no CPEs referred to here.  In general, we like to see those added for inventory Definitions, so I took a look at what would be the best one to use.  Looking in the CPE Dictionary, I don't see something like:

cpe:/a:adobe:http_server:2

I only see:

cpe:/a:adobe:http_server:2.0

I think we'd want to use the latter, as opposed to the former.  Does that seem correct?

2. The <product> is listed as 'apache2', however, existing Definitions in the Repository are using any of the following:

* apache2
* Apache
* Apache httpd

Is there a consensus on the best product name for Apache's Web Server?  Should we consolidate these?

3. Lastly, the Authoring guide recommends using anchors for regular expressions.  Should they be added to either of the regular expressions in use?  They are:

-    .*apache2 .*|.*httpd .*
-    php5.so

I will hold off processing this submission for now, pending the answers to the above questions.  

Thanks
Matt

-----Original Message-----
From: Gaurav Kumar [mailto:[hidden email]]
Sent: Sunday, December 25, 2011 3:06 AM
To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: Re: [OVAL-DEVELOPER-LIST] How to assign conditional value to local variables?

Hi Danny,
I was able to successfully implement the idea you suggested below. Thank you!


Please find attached my submission which has two inventory definitions - 1) Check to see if apache2 is running and 2) Check (if apache2 is running) PHP5 module has been loaded into by it.


One thing I noticed is that process58_object is creating lot of elements (due to usage of if pid is greater than 0) as apache2 spawns multiple processes to handle requests. This can make system-characteristics.xml quite large on a busy web server.


Is there a way we can limit number of elements returned by process58_object? Similar to "instance"?


Thanks,

On Wed, Dec 21, 2011 at 3:52 PM, Haynes, Dan <[hidden email]> wrote:


        Hi Gaurav,
       
        It has been added and its tracker #32717 for future reference.  

         

        Also, since the information can be retrieved from proc, it may be worth trying to use the textfilecontent54_test to parse the contents of maps.  Of course, you would need to dynamically build the path in proc using the pid that you find with the process58_object.

         

        Thanks,
       
        Danny

         

        From: Gaurav Kumar [mailto:[hidden email]]
        Sent: Wednesday, December 21, 2011 3:28 PM


        To: oval-developer-list OVAL Developer List/Closed Public Discussion
        Subject: Re: [OVAL-DEVELOPER-LIST] How to assign conditional value to local variables?

       

         

        Thanks Steve and Danny!

        It will be interesting to have this functionality in OVAL. Danny, can you please add a tracker for it?

         

         

        On Wed, Dec 21, 2011 at 9:08 AM, Steve Grubb <[hidden email]> wrote:

        On Wednesday, December 21, 2011 06:57:12 AM Haynes, Dan wrote:
        > I do not believe there is a way to check the open files of a process in the
        > current version of the OVAL Language.  If such a capability is needed, I
        > can open a tracker so that we make sure to consider it for the next
        > release.

        Modules get loaded into memory. At least on Linux you can get to it like this:
       
        # service httpd status
        httpd (pid  2855) is running...
        # cat /proc/2855/maps | awk '/modules/ {print $6}' | sort | uniq
        /usr/lib64/httpd/modules/libphp5.so
        /usr/lib64/httpd/modules/mod_actions.so
        /usr/lib64/httpd/modules/mod_alias.so
        /usr/lib64/httpd/modules/mod_auth_basic.so
        /usr/lib64/httpd/modules/mod_auth_digest.so
        /usr/lib64/httpd/modules/mod_authn_alias.so
        /usr/lib64/httpd/modules/mod_authn_anon.so
        /usr/lib64/httpd/modules/mod_authn_dbm.so
        /usr/lib64/httpd/modules/mod_authn_default.so
        /usr/lib64/httpd/modules/mod_authn_file.so
        /usr/lib64/httpd/modules/mod_authnz_ldap.so
        /usr/lib64/httpd/modules/mod_authz_dbm.so
        /usr/lib64/httpd/modules/mod_authz_default.so
        /usr/lib64/httpd/modules/mod_authz_groupfile.so
        /usr/lib64/httpd/modules/mod_authz_host.so
        /usr/lib64/httpd/modules/mod_authz_owner.so
        /usr/lib64/httpd/modules/mod_authz_user.so
        /usr/lib64/httpd/modules/mod_autoindex.so
        /usr/lib64/httpd/modules/mod_cache.so
       
        ....
       
        -Steve

       
        To unsubscribe, send an email message to [hidden email] with
        SIGNOFF OVAL-DEVELOPER-LIST
        in the BODY of the message.  If you have difficulties, write to [hidden email].

       
       
       

         

        --
       
       

        Gaurav Kumar
        Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] <mailto:[hidden email]>  | Phone:(425)686-9695 <tel:%28425%29686-9695>  

         

        To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

        To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].




--

Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:(425)686-9695

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].