Skip to content

Writing OVAL Content

Jump to bottom Edit New page
Michal Šrubař edited this page Dec 11, 2015 · 20 revisions

SCAP-Security-Guide Authoring Conventions

Understanding the following conventions will make it easier to navigate the SCAP-Security-Guide repository and author SCAP content.

  • OVAL definitions are written as SSG source OVAL XML files using a shorthand syntax. This shorthand syntax is unique to SSG.
  • Each SSG source OVAL XML file defines one vulnerability assessment definition. (A definition of one vulnerability can test multiple criteria.)
  • Each SSG source OVAL XML file is named for the vulnerability assessed, separating words with underscores (example: accounts_password_pam_dcredit.xml). The filename is identical the value of definition tag's id attribute.
  • SSG source OVAL XML files are transformed into OVAL XML files during the SSG build process.
  • SSG source OVAL XML files applicable to a single version of software is located in the software's input/oval directory.
  • SSG source OVAL XML files applicable to a multiple versions of software is located in the shared/oval directory.

Creating the Stub SSG Source OVAL XML File

  1. Navigate to the input/oval/ directory for the software package for which the OVAL definition will be authored.
  2. Choose the most appropriate stub template in templates/ directory.
  3. Decide the name/id of the definition following the suggested id convention in the template's definition tag.
  4. Copy the stub template file to a new SSG source OVAL XML file with the decided assessment name.
  5. Edit the SSG source OVAL XML file definition tag's id attribute to contain the name of the SSG source OVAL XML file.
  6. Save the SSG source OVAL XML file.

Example (Linux)

# Navigate to the SSG source OVAL directory
cd RHEL/7/input/oval/
# Choose templates/template_package_removed as most appropriate template
# Decide the name of OVAL definition will be "package_ntpdate_removed"
# Copy the stub template file to 
cp templates/template_package_removed ./package_ntpdate_removed.xml
# Edit the SSG source OVAL XML file definition tag's id attribute to have name "package_ntpdate_removed.xml"

(NOTE: If you authoring a test applicable to more than one software package or version thereof, navigate instead /shared/oval.)

Customizing the SSG Source OVAL XML File

TBD

Testing a SSG Source OVAL XML File While Coding

Most developers these days author code interactively. The Python script, testcheck.py, provides all the necessary transformations to test an OVAL definition in isolation during authorship. (testcheck.py is conveniently located in all software_name/version/input/oval/ directories.)

testcheck.py will build the final OVAL XML definition file, place it somewhere under a /tmp/$$ directory, and use OpenSCAP to evaluate the system against the definition.

If the OVAL definition requires some OVAL variable (e.g. if there's <external_variable ... /> element defined within that oval check), testcheck.py will printout if the OVAL definition expects a variable. Define an appropriately named environmental value before running testcheck.py.

Example (Linux)

./testcheck.py package_ntpdate_removed.xml

Example with OVAL variable (Linux)

export var_password_pam_dcredit=3
./testcheck.py accounts_password_pam_dcredit.xml
Add a custom footer
Add a custom sidebar
Clone this wiki locally