Custom OVAL definitions for internal organizational use
|
|
solutionecho
|
Hello,
Will the OVALdi interpreter allow the use of a custom oval defintion for internal organizational use? I created a test definition while using the 'Writing an OVAL Definition' tutorial and an official as a guide to step me through the process of writing a defintion which checks a particular registry key for a certain value but I keep getting the following error: -------------------------------------------------------- Start Time: Thu Oct 01 17:32:25 2009 ** parsing definitions.xml file. - validating xml schema. Error while parsing xml file: Severity: Error Message: Unknown element 'registry_test' File: D:\OVAL\ovaldi-5.6.3/definitions.xml Line 30 At char 63 -------------------------------------------------------- Should I be referencing a custom schema? V/R SFC Danny L. Bell Information Assurance Officer Texas Military Forces To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email]. [danny.bell.vcf] begin:vcard n:Bell;Danny fn:Danny Bell org:Joint Forces HQ Texas;J1 adr:;;;;;; email;internet:[hidden email] title:Information Management Officer version:2.1 end:vcard |
||||||||||||||||
Danny Haynes
|
Hi Danny,
Yes, you can use custom OVAL definitions that you create for your organization with the OVAL Interpreter. From the error message, I am guessing that you did not specify the Windows component schema for the xmlns attribute on your registry_test. I have attached a sample definition that checks the value of a registry key for you to look at. Also, there are additional examples for the registry_test and many other OVAL tests in the OVAL Repository at http://oval.mitre.org/repository/index.html. If you have any other questions, please let me know. Thanks, Danny -----Original Message----- From: Bell, Danny L SFC NG NG NGB [mailto:[hidden email]] Sent: Friday, October 02, 2009 8:58 AM To: oval-developer-list OVAL Developer List/Closed Public Discussion Subject: [OVAL-DEVELOPER-LIST] Custom OVAL definitions for internal organizational use Hello, Will the OVALdi interpreter allow the use of a custom oval defintion for internal organizational use? I created a test definition while using the 'Writing an OVAL Definition' tutorial and an official as a guide to step me through the process of writing a defintion which checks a particular registry key for a certain value but I keep getting the following error: -------------------------------------------------------- Start Time: Thu Oct 01 17:32:25 2009 ** parsing definitions.xml file. - validating xml schema. Error while parsing xml file: Severity: Error Message: Unknown element 'registry_test' File: D:\OVAL\ovaldi-5.6.3/definitions.xml Line 30 At char 63 -------------------------------------------------------- Should I be referencing a custom schema? V/R SFC Danny L. Bell Information Assurance Officer Texas Military Forces To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email]. To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email]. <?xml version="1.0" encoding="UTF-8"?> <oval_definitions xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows windows-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5"> <generator> <oval:product_name>The OVAL Repository</oval:product_name> <oval:schema_version>5.6</oval:schema_version> <oval:timestamp>2009-10-02T09:09:35.237-04:00</oval:timestamp> </generator> <definitions> <definition id="oval:test:def:1" version="1" class="miscellaneous"> <metadata> <title>This definition checks to see if the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion registry key has a value of '5.1'</title> <description>This definition will evaluate to true if the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion registry key has a value of '5.1'</description> </metadata> <criteria> <criterion comment="Check to see if the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion registry key has a value of '5.1'." test_ref="oval:test:tst:1"/> </criteria> </definition> </definitions> <tests> <registry_test id="oval:test:tst:1" version="1" comment="Check to see if the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion registry key has a value of '5.1'." check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows"> <object object_ref="oval:test:obj:1"/> <state state_ref="oval:test:ste:1"/> </registry_test> </tests> <objects> <registry_object id="oval:test:obj:1" version="1" comment="This registry key holds the version of the installed operating system." xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows"> <hive>HKEY_LOCAL_MACHINE</hive> <key>SOFTWARE\Microsoft\Windows NT\CurrentVersion</key> <name>CurrentVersion</name> </registry_object> </objects> <states> <registry_state id="oval:test:ste:1" version="1" comment="Registry key has a value of '5.1'." xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows"> <value>5.1</value> </registry_state> </states> </oval_definitions> |
||||||||||||||||
|
solutionecho
|
Thanks alot!
That was the issue. I was able to run my test oval but the only issue now is that it gave me back a 'false' result when I know in fact that it should be true. My registry path, name and value are correct. This was prior to receiving your sample file. I'll cross check. V/R SFC Danny L. Bell Information Assurance Officer Texas Military Force ----- Original Message ----- From: "Haynes, Dan" <[hidden email]> Date: Friday, October 2, 2009 8:37 am Subject: Re: [OVAL-DEVELOPER-LIST] Custom OVAL definitions for internal organizational use To: [hidden email] > Hi Danny, > > Yes, you can use custom OVAL definitions that you create for your > organization with the OVAL Interpreter. From the error message, I > am guessing that you did not specify the Windows component schema > for the xmlns attribute on your registry_test. I have attached a > sample definition that checks the value of a registry key for you > to look at. Also, there are additional examples for the > registry_test and many other OVAL tests in the OVAL Repository at > http://oval.mitre.org/repository/index.html. If you have any > other questions, please let me know. > > Thanks, > > Danny > > -----Original Message----- > From: Bell, Danny L SFC NG NG NGB [mailto:[hidden email]] > Sent: Friday, October 02, 2009 8:58 AM > To: oval-developer-list OVAL Developer List/Closed Public Discussion > Subject: [OVAL-DEVELOPER-LIST] Custom OVAL definitions for > internal organizational use > > Hello, > > Will the OVALdi interpreter allow the use of a custom oval > defintion for internal organizational use? I created a test > definition while using the 'Writing an OVAL Definition' tutorial > and an official as a guide to step me through the process of > writing a defintion which checks a particular registry key for a > certain value but I keep getting the following error: > > -------------------------------------------------------- > > Start Time: Thu Oct 01 17:32:25 2009 > > ** parsing definitions.xml file. > - validating xml schema. > Error while parsing xml file: > Severity: Error > Message: Unknown element 'registry_test' > File: D:\OVAL\ovaldi-5.6.3/definitions.xml > Line 30 > At char 63 > > -------------------------------------------------------- > > Should I be referencing a custom schema? > > V/R > > SFC Danny L. Bell > Information Assurance Officer > Texas Military Forces > > To unsubscribe, send an email message to [hidden email] with > SIGNOFF OVAL-DEVELOPER-LIST > in the BODY of the message. If you have difficulties, write to > [hidden email]. > > To unsubscribe, send an email message to [hidden email] with > SIGNOFF OVAL-DEVELOPER-LIST > in the BODY of the message. If you have difficulties, write to > [hidden email]. SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email]. [danny.bell.vcf] begin:vcard n:Bell;Danny fn:Danny Bell org:Joint Forces HQ Texas;J1 adr:;;;;;; email;internet:[hidden email] title:Information Management Officer version:2.1 end:vcard |
||||||||||||||||
|
Danny Haynes
|
Hi Danny,
I am glad to hear that it worked. Let me know if you run into any other issues. Thanks, Danny -----Original Message----- From: Bell, Danny L SFC NG NG NGB [mailto:[hidden email]] Sent: Friday, October 02, 2009 10:06 AM To: oval-developer-list OVAL Developer List/Closed Public Discussion Subject: Re: [OVAL-DEVELOPER-LIST] Custom OVAL definitions for internal organizational use Thanks alot! That was the issue. I was able to run my test oval but the only issue now is that it gave me back a 'false' result when I know in fact that it should be true. My registry path, name and value are correct. This was prior to receiving your sample file. I'll cross check. V/R SFC Danny L. Bell Information Assurance Officer Texas Military Force ----- Original Message ----- From: "Haynes, Dan" <[hidden email]> Date: Friday, October 2, 2009 8:37 am Subject: Re: [OVAL-DEVELOPER-LIST] Custom OVAL definitions for internal organizational use To: [hidden email] > Hi Danny, > > Yes, you can use custom OVAL definitions that you create for your > organization with the OVAL Interpreter. From the error message, I > am guessing that you did not specify the Windows component schema > for the xmlns attribute on your registry_test. I have attached a > sample definition that checks the value of a registry key for you > to look at. Also, there are additional examples for the > registry_test and many other OVAL tests in the OVAL Repository at > http://oval.mitre.org/repository/index.html. If you have any > other questions, please let me know. > > Thanks, > > Danny > > -----Original Message----- > From: Bell, Danny L SFC NG NG NGB [mailto:[hidden email]] > Sent: Friday, October 02, 2009 8:58 AM > To: oval-developer-list OVAL Developer List/Closed Public Discussion > Subject: [OVAL-DEVELOPER-LIST] Custom OVAL definitions for > internal organizational use > > Hello, > > Will the OVALdi interpreter allow the use of a custom oval > defintion for internal organizational use? I created a test > definition while using the 'Writing an OVAL Definition' tutorial > and an official as a guide to step me through the process of > writing a defintion which checks a particular registry key for a > certain value but I keep getting the following error: > > -------------------------------------------------------- > > Start Time: Thu Oct 01 17:32:25 2009 > > ** parsing definitions.xml file. > - validating xml schema. > Error while parsing xml file: > Severity: Error > Message: Unknown element 'registry_test' > File: D:\OVAL\ovaldi-5.6.3/definitions.xml > Line 30 > At char 63 > > -------------------------------------------------------- > > Should I be referencing a custom schema? > > V/R > > SFC Danny L. Bell > Information Assurance Officer > Texas Military Forces > > To unsubscribe, send an email message to [hidden email] with > SIGNOFF OVAL-DEVELOPER-LIST > in the BODY of the message. If you have difficulties, write to > [hidden email]. > > To unsubscribe, send an email message to [hidden email] with > SIGNOFF OVAL-DEVELOPER-LIST > in the BODY of the message. If you have difficulties, write to > [hidden email]. To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email]. To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email]. |
||||||||||||||||
|
solutionecho
|
In reply to this post
by Danny Haynes
Hello,
I rewrote the defintion using your sample file but the result is 'false' when it should be 'true'. I even used the un-altered definition you supplied (of course I renamed it to definitions.xml) and it gave a 'false' result. I carefully stepped through my registry and confirmed that the path and key value is in fact '5.1'. Incidentally, Is MITRE working on a way to remediate vulnerabilities and or bringing systems into compliance utilizing the OVAL interpreter V/R SFC Danny L. Bell Information Assurance Texas Military Force ----- Original Message ----- From: "Haynes, Dan" <[hidden email]> Date: Friday, October 2, 2009 8:37 am Subject: Re: [OVAL-DEVELOPER-LIST] Custom OVAL definitions for internal organizational use To: [hidden email] > Hi Danny, > > Yes, you can use custom OVAL definitions that you create for your > organization with the OVAL Interpreter. From the error message, I > am guessing that you did not specify the Windows component schema > for the xmlns attribute on your registry_test. I have attached a > sample definition that checks the value of a registry key for you > to look at. Also, there are additional examples for the > registry_test and many other OVAL tests in the OVAL Repository at > http://oval.mitre.org/repository/index.html. If you have any > other questions, please let me know. > > Thanks, > > Danny > > -----Original Message----- > From: Bell, Danny L SFC NG NG NGB [mailto:[hidden email]] > Sent: Friday, October 02, 2009 8:58 AM > To: oval-developer-list OVAL Developer List/Closed Public Discussion > Subject: [OVAL-DEVELOPER-LIST] Custom OVAL definitions for > internal organizational use > > Hello, > > Will the OVALdi interpreter allow the use of a custom oval > defintion for internal organizational use? I created a test > definition while using the 'Writing an OVAL Definition' tutorial > and an official as a guide to step me through the process of > writing a defintion which checks a particular registry key for a > certain value but I keep getting the following error: > > -------------------------------------------------------- > > Start Time: Thu Oct 01 17:32:25 2009 > > ** parsing definitions.xml file. > - validating xml schema. > Error while parsing xml file: > Severity: Error > Message: Unknown element 'registry_test' > File: D:\OVAL\ovaldi-5.6.3/definitions.xml > Line 30 > At char 63 > > -------------------------------------------------------- > > Should I be referencing a custom schema? > > V/R > > SFC Danny L. Bell > Information Assurance Officer > Texas Military Forces > > To unsubscribe, send an email message to [hidden email] with > SIGNOFF OVAL-DEVELOPER-LIST > in the BODY of the message. If you have difficulties, write to > [hidden email]. > > To unsubscribe, send an email message to [hidden email] with > SIGNOFF OVAL-DEVELOPER-LIST > in the BODY of the message. If you have difficulties, write to > [hidden email]. SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email]. [danny.bell.vcf] begin:vcard n:Bell;Danny fn:Danny Bell org:Joint Forces HQ Texas;J1 adr:;;;;;; email;internet:[hidden email] title:Information Management Officer version:2.1 end:vcard |
||||||||||||||||
|
Danny Haynes
|
Hi Danny,
When I run the registry_sample_definition.xml definition through ovaldi-5.6.3 on my system, it evaluates to 'true'. What version of ovaldi are you using? Also, could you post your OVAL Definition so that I could take a look at it? Thanks, Danny -----Original Message----- From: Bell, Danny L SFC NG NG NGB [mailto:[hidden email]] Sent: Friday, October 02, 2009 3:23 PM To: oval-developer-list OVAL Developer List/Closed Public Discussion Subject: Re: [OVAL-DEVELOPER-LIST] Custom OVAL definitions for internal organizational use Hello, I rewrote the defintion using your sample file but the result is 'false' when it should be 'true'. I even used the un-altered definition you supplied (of course I renamed it to definitions.xml) and it gave a 'false' result. I carefully stepped through my registry and confirmed that the path and key value is in fact '5.1'. Incidentally, Is MITRE working on a way to remediate vulnerabilities and or bringing systems into compliance utilizing the OVAL interpreter V/R SFC Danny L. Bell Information Assurance Texas Military Force ----- Original Message ----- From: "Haynes, Dan" <[hidden email]> Date: Friday, October 2, 2009 8:37 am Subject: Re: [OVAL-DEVELOPER-LIST] Custom OVAL definitions for internal organizational use To: [hidden email] > Hi Danny, > > Yes, you can use custom OVAL definitions that you create for your > organization with the OVAL Interpreter. From the error message, I > am guessing that you did not specify the Windows component schema > for the xmlns attribute on your registry_test. I have attached a > sample definition that checks the value of a registry key for you > to look at. Also, there are additional examples for the > registry_test and many other OVAL tests in the OVAL Repository at > http://oval.mitre.org/repository/index.html. If you have any > other questions, please let me know. > > Thanks, > > Danny > > -----Original Message----- > From: Bell, Danny L SFC NG NG NGB [mailto:[hidden email]] > Sent: Friday, October 02, 2009 8:58 AM > To: oval-developer-list OVAL Developer List/Closed Public Discussion > Subject: [OVAL-DEVELOPER-LIST] Custom OVAL definitions for > internal organizational use > > Hello, > > Will the OVALdi interpreter allow the use of a custom oval > defintion for internal organizational use? I created a test > definition while using the 'Writing an OVAL Definition' tutorial > and an official as a guide to step me through the process of > writing a defintion which checks a particular registry key for a > certain value but I keep getting the following error: > > -------------------------------------------------------- > > Start Time: Thu Oct 01 17:32:25 2009 > > ** parsing definitions.xml file. > - validating xml schema. > Error while parsing xml file: > Severity: Error > Message: Unknown element 'registry_test' > File: D:\OVAL\ovaldi-5.6.3/definitions.xml > Line 30 > At char 63 > > -------------------------------------------------------- > > Should I be referencing a custom schema? > > V/R > > SFC Danny L. Bell > Information Assurance Officer > Texas Military Forces > > To unsubscribe, send an email message to [hidden email] with > SIGNOFF OVAL-DEVELOPER-LIST > in the BODY of the message. If you have difficulties, write to > [hidden email]. > > To unsubscribe, send an email message to [hidden email] with > SIGNOFF OVAL-DEVELOPER-LIST > in the BODY of the message. If you have difficulties, write to > [hidden email]. To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email]. To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email]. |
||||||||||||||||
| Free Embeddable Forum Powered by Nabble | Help |
