La lecture en ligne est gratuite
Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

Partagez cette publication

OVAL Definition Tutorial
©
2007 The MITRE Corporation. All rights reserved
Agenda
Common XML Concepts
OVAL Definition Tutorial The Basics Definition structure Hello World
Advanced Topics OVAL Definitions document Extended Definitions Variables Complex objects Behaviors Nil
Known Issues
XML Namespaces
namespace vs prefix
xmlns:win-def="o//:ptthrtim.lav#w-5doinwse.org/XMLSchema/volad-fenitioisn"
default namespace
xmlns="inifed-lavo/ameh5s-ontivola:p//httMLScrg/Xre.o.mit"
using namespace
<oval:schema_version>5.0</oval:schema version> _
<file_testxmlns="itnoifiniwdn-s#5hemaMLScl-de/ovatim.lavoX/gro.er//p:tthsow"> <file_testxmlns="xinu#5-snoitincSehamo/av-ledifal.mitre.org/XMLh:pttvo//">
schemaLocation
used to identify schema file to validate content
<?xml version="1.0" encoding="UTF-8"?> <avodel_nifiontisxmlns="thptav.l/:o/e.ormitrLSchg/XMlavo/ametinifed--5nsio" xmlns:oval="LMX/ehcSertigro.ov//.malhp:ttcommon-5ma/oval-" xmlns:oval-def="amehcSLMX/gro.erit.malov//p:tth-s5tionfinil-de/ova" xmlns:win-def="reitrg.oML/XheSch:pttvo//m.laons-5#windowsamo/av-ledifinit" xmlns:xsi=".ow3w.ww1/00/2rg//:ptthcehcmeMXSLtsna-ani" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#windows windows-definitions-schema.xsd">
<definitions> ... </definitions>
</_ itions> oval defin
Which schema file is used to validate the <definitions> element?
OVALLanguage Namespaces
OVAL Common Schema xmlns:ovalocmmno5-amo/av-lgro.ertiehcSLMX/p:tth=.malov//
OVAL Definition Schema xmlns:oval-defp:ttov//h=defival-ma/oScheX/LMo.grtierlam.5-snoitin xmlns:apache-def/o:/l.vatrmiore.MX/ghcSL/amelavo-definitions-5#aaphcetpht=xmlns:macos-defh=ov//p:ttertim.laLMX/gro.ma/oSchedefival-no-sinitocs#5am xmlns:win-defh=.malreitp:ttov//cSehamo/o.grX/LMnitions-val-defiswodniw#5
OVAL System Characteristics Schema xmlns:oval-sc5-scitsi-cemstsyerctrahacSehX/LMav-lamo/al.m//ov.orgitrettp:=h xmlns:unix-scxi#5nuci-s-metrahcetcatsirchLSa/emalovys-sav.limrt.ero/gMX=http://o xmlns:ios-scsyl-va/omaheScMLX/gro.ertim.lavop://htt=ostics-5#iartcresitsmec-ah
OVAL Results Schema xmlns:oval-resesulal-rts-5va/o:/tpe.trmil.SLMX/grovo/amehcht=
OVAL Definitions
©
200
7 The
 
MITRE Co
rpo
ra
tion
. All rig
hts
 
rese
rv
ed
Structure ofan OVALDnifeoitin
Definition
the machine is compliant with stated policy
Test fred.dll has a version less than 3.1
objectstate
version < 3.1
fred.dll version < 3.1
Test
object
state
Test registry key has a value of 10
objectstate
registry key value = 10
Hello World
write an OVAL Definition to test that the (hypothetical) Windows registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\oval\example' has a value equal to "Hello World".
Windows registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\oval\exampl e' has a value equal to "Hello World".
HKEY_LOCAL_MACHINE\SOFTWARE\oval\example
value Hello World" " =
Hello World -Registry Object
<registry_objectid=e.axpmelo:jb1:""alovom:c> _ _</hive> <hive>HKEY LOCAL MACHINE <key>SOFTWARE\oval</key> <name>example</name> </registry_object>
definition
obj
test
state
Hello World -Registry State
obj
<registry_stateid=":1"ovalaxe.moc:ets:elpm> <valueoperation="equals">Hello World</value> </registry state> _
definition
test
state

Hello World -RegistryTest
definition
test
obj
<registry_testid=t:1"e:tsamplva"ocol:exm.check="all"> <objectobject_ref=l:va"o1":jbo:elpmaxe.moc/> _ample:st/> <statestate ref="oval:com.ex e:1" </registry_test>
state
