Making Security Measurable › OVAL - Open Vulnerability and Assessment Language › OVAL Developer's Forum

Suse Linux definitions and parser...
Jezza

Suse Linux definitions and parser...

Reply Threaded More More options
Print post
Permalink
Hello,
I'm looking for OVAL definitions for Suse Linux? Has Suse own
definitions files or I must use definitions in oval.xml from oval.mitre.org?

My second question is, do you know any good parser for Oval (XML)? I
prefer Perl language. Or have you got any practical tutorial or manual
how to parse it?

THX

Jakub Jezek

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].
Marcus Meissner

Re: Suse Linux definitions and parser...

Reply Threaded More More options
Print post
Permalink
On Thu, Mar 26, 2009 at 02:52:18PM +0100, Jakub Jezek wrote:
> Hello,
> I'm looking for OVAL definitions for Suse Linux? Has Suse own
> definitions files or I must use definitions in oval.xml from oval.mitre.org?

I actually have started to autogenerate OVAL descriptions for
SUSE Linux. Its more or less in ALPHA state now, but has the full
dataset converted to OVAL description.

http://www.suse.de/~meissner/oval/

I am working on improving it to match all the OVAL document recommendations,
but I only slowly understand all the concepts ;)
 
> My second question is, do you know any good parser for Oval (XML)? I
> prefer Perl language. Or have you got any practical tutorial or manual
> how to parse it?

ovaldi is painfully slow for me. I would also be interested in either having
it sped up or having another faster tool..

Ciao, Marcus

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].
Thomas R. Jones

Re: Suse Linux definitions and parser...

Reply Threaded More More options
Print post
Permalink
Hello all,

I am so glad that the OVAL standard is being implemented on Novell
products. I have campaigned for just this event for 3 years now. Finally
it comes to fruition. I have been working with the Mitre organizations
stewards for over 4 years and have a very good understanding of the
language, capabilities and its limits.

I would very much like to work with Marcus and everyone on this project,
as I have already implemented a great many definitions on my own for
this cause(see the Dharma project located on the novell developers
server). I am the sole developer of all of the 2,000+ definitions
located within the official OVAL repository. As well, I have another
6,000+ definitions currently on queue within my development servers that
the public has not yet gained access to.

I currently am developing a vulnerability system for the opensuse
distribution using a native XML database, OVAL source, and xquery
interface to extract and automatically import results. Currently the
user interface is restrained to shell access based on the rc scripts. It
works rather nicely and i can extract a singleton of data in under 1/10
of a second. An entire oval definition may be extracted in 8/10 of a
second. With no indexing implemented yet, it needs work definitely but a
good start.

I would like to see a vulnerability system interface within yast in the
future. This has been my main project for some time now....and I would
love to work side-by-side to see its advancement for all Novell
distributions.

Again, I would welcome all collaboration on this project. I look forward
to your responses and the communities involvement.

Thanks,
Thomas Jones

On Thu, 2009-03-26 at 15:01 +0100, Marcus Meissner wrote:

> On Thu, Mar 26, 2009 at 02:52:18PM +0100, Jakub Jezek wrote:
> > Hello,
> > I'm looking for OVAL definitions for Suse Linux? Has Suse own
> > definitions files or I must use definitions in oval.xml from oval.mitre.org?
>
> I actually have started to autogenerate OVAL descriptions for
> SUSE Linux. Its more or less in ALPHA state now, but has the full
> dataset converted to OVAL description.
>
> http://www.suse.de/~meissner/oval/
>
> I am working on improving it to match all the OVAL document recommendations,
> but I only slowly understand all the concepts ;)
>  
> > My second question is, do you know any good parser for Oval (XML)? I
> > prefer Perl language. Or have you got any practical tutorial or manual
> > how to parse it?
>
> ovaldi is painfully slow for me. I would also be interested in either having
> it sped up or having another faster tool..
>
> Ciao, Marcus
>
> To unsubscribe, send an email message to [hidden email] with
> SIGNOFF OVAL-DEVELOPER-LIST
> in the BODY of the message.  If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].
Jan-Oliver Wagner-2

Re: Suse Linux definitions and parser...

Reply Threaded More More options
Print post
Permalink
In reply to this post by Marcus Meissner
On Thursday 26 March 2009 15:01:06 Marcus Meissner wrote:

> On Thu, Mar 26, 2009 at 02:52:18PM +0100, Jakub Jezek wrote:
> > I'm looking for OVAL definitions for Suse Linux? Has Suse own
> > definitions files or I must use definitions in oval.xml from
> > oval.mitre.org?
>
> I actually have started to autogenerate OVAL descriptions for
> SUSE Linux. Its more or less in ALPHA state now, but has the full
> dataset converted to OVAL description.
>
> http://www.suse.de/~meissner/oval/

very nice. OpenVAS could adapt to SUSE OVALs and allow for
running these tests (RHEL already works as a proof of concept).
Latest ovaldi has most of our patches on board, not all though.

> > My second question is, do you know any good parser for Oval (XML)? I
> > prefer Perl language. Or have you got any practical tutorial or manual
> > how to parse it?
>
> ovaldi is painfully slow for me. I would also be interested in either
> having it sped up or having another faster tool..

The trick of OpenVAS is that you have a single ovaldi (e.g. on a fast machine)
to run the tests for all of your systems :-)

Best

        Jan

--
Dr. Jan-Oliver Wagner | ++49-541-335 08 30  |  http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].
Peng, Pai

Re: Suse Linux definitions and parser...

Reply Threaded More More options
Print post
Permalink
In reply to this post by Marcus Meissner
Hi Marcus,

It's very nice to see support for SUSE vulnerabilities. Your OVAL repository looks really good. One thing I want to point out is that you may want to use <platform> tag in your OVAL definitions. It provides a hint about what platform the OVAL applies to, and is used by almost all public OVAL definitions.

Thanks,
Pai

-----Original Message-----
From: Marcus Meissner [mailto:[hidden email]]
Sent: Thursday, March 26, 2009 10:01 AM
To: [hidden email]
Subject: Re: [OVAL-DEVELOPER-LIST] Suse Linux definitions and parser...

On Thu, Mar 26, 2009 at 02:52:18PM +0100, Jakub Jezek wrote:
> Hello,
> I'm looking for OVAL definitions for Suse Linux? Has Suse own
> definitions files or I must use definitions in oval.xml from oval.mitre.org?

I actually have started to autogenerate OVAL descriptions for
SUSE Linux. Its more or less in ALPHA state now, but has the full
dataset converted to OVAL description.

http://www.suse.de/~meissner/oval/

I am working on improving it to match all the OVAL document recommendations,
but I only slowly understand all the concepts ;)
 
> My second question is, do you know any good parser for Oval (XML)? I
> prefer Perl language. Or have you got any practical tutorial or manual
> how to parse it?

ovaldi is painfully slow for me. I would also be interested in either having
it sped up or having another faster tool..

Ciao, Marcus

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].
bakerj

Re: Suse Linux definitions and parser...

Reply Threaded More More options
Print post
Permalink
In reply to this post by Marcus Meissner
Marcus,




>-----Original Message-----
>From: Marcus Meissner [mailto:[hidden email]]
>Sent: Thursday, March 26, 2009 10:01 AM
>To: oval-developer-list OVAL Developer List/Closed Public Discussion
>Subject: Re: [OVAL-DEVELOPER-LIST] Suse Linux definitions and parser...
>
>On Thu, Mar 26, 2009 at 02:52:18PM +0100, Jakub Jezek wrote:
>> Hello,
>> I'm looking for OVAL definitions for Suse Linux? Has Suse own
>> definitions files or I must use definitions in oval.xml from
>oval.mitre.org?
>
>I actually have started to autogenerate OVAL descriptions for
>SUSE Linux. Its more or less in ALPHA state now, but has the full
>dataset converted to OVAL description.
>
>http://www.suse.de/~meissner/oval/
>
>I am working on improving it to match all the OVAL document
>recommendations,
>but I only slowly understand all the concepts ;)

This looks great so far. If you have questions let us know and we will be happy to help. Once you are ready we would like to link to your repository form the oval web site to make sure that the oval community knows it is available.

>
>> My second question is, do you know any good parser for Oval (XML)? I
>> prefer Perl language. Or have you got any practical tutorial or manual
>> how to parse it?
>
>ovaldi is painfully slow for me. I would also be interested in either
>having
>it sped up or having another faster tool..
>

I am curious to know what the definitions look like that you are testing with the oval interpreter. Usually the largest factor in the performance of the interpreter is the actual content that it is evaluating. Do you have a really large set of content that you are running through the oval interpreter? Or are their specific definitions that are very slow to evaluate? I can't promise fixing the performance issue, but it would be good to understand what the issue is.

Thanks,

Jon

============================================
Jonathan O. Baker
G022 - IA Industry Collaboration
The MITRE Corporation
Email: [hidden email]

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].
bakerj

Re: Suse Linux definitions and parser...

Reply Threaded More More options
Print post
Permalink
In reply to this post by Peng, Pai
Marcus,

I took a quick look through your definitions as I said in my previous message so far the definitions look really good. I do have a few suggestions and comments:

- Descriptions are nice - For vulnerability definitions we sync the descriptions with the cve descriptions. In the OVAL Repository we have a utility that runs as a cron job and updates all the cve descriptions each night based on the latest changes to cve descriptions posted on cve.mitre.org

- references - for vulnerability definitions we tend to use only one reference, the cve id of the publicly known vulnerability.

- rpminfo tests - would it be possible to also verify the signature_keyid for the rpms you are checking. Take a look at:
   https://www.redhat.com/security/data/oval/com.redhat.rhba-20040232.xml
I expect that it is important to know that the rpms you are checking came from SUSE.

- titles - I am not sure how or what to suggest using for titles, but as your repository grows you might find that better definition titles will be very helpful

- affected platform and product info - as mentioned by Pai of HP these are also quite helpful in managing large sets of definitions.

As I mentioned previously when you are ready we would be happy to put a link on the oval web site to your repository.


Thanks,

Jon

============================================
Jonathan O. Baker
G022 - IA Industry Collaboration
The MITRE Corporation
Email: [hidden email]


>-----Original Message-----
>From: Peng, Pai [mailto:[hidden email]]
>Sent: Friday, March 27, 2009 4:31 PM
>To: oval-developer-list OVAL Developer List/Closed Public Discussion
>Subject: Re: [OVAL-DEVELOPER-LIST] Suse Linux definitions and parser...
>
>Hi Marcus,
>
>It's very nice to see support for SUSE vulnerabilities. Your OVAL
>repository looks really good. One thing I want to point out is that you
>may want to use <platform> tag in your OVAL definitions. It provides a
>hint about what platform the OVAL applies to, and is used by almost all
>public OVAL definitions.
>
>Thanks,
>Pai
>
>-----Original Message-----
>From: Marcus Meissner [mailto:[hidden email]]
>Sent: Thursday, March 26, 2009 10:01 AM
>To: [hidden email]
>Subject: Re: [OVAL-DEVELOPER-LIST] Suse Linux definitions and parser...
>
>On Thu, Mar 26, 2009 at 02:52:18PM +0100, Jakub Jezek wrote:
>> Hello,
>> I'm looking for OVAL definitions for Suse Linux? Has Suse own
>> definitions files or I must use definitions in oval.xml from
>oval.mitre.org?
>
>I actually have started to autogenerate OVAL descriptions for
>SUSE Linux. Its more or less in ALPHA state now, but has the full
>dataset converted to OVAL description.
>
>http://www.suse.de/~meissner/oval/
>
>I am working on improving it to match all the OVAL document
>recommendations,
>but I only slowly understand all the concepts ;)
>
>> My second question is, do you know any good parser for Oval (XML)? I
>> prefer Perl language. Or have you got any practical tutorial or manual
>> how to parse it?
>
>ovaldi is painfully slow for me. I would also be interested in either
>having
>it sped up or having another faster tool..
>
>Ciao, Marcus
>
>To unsubscribe, send an email message to [hidden email] with
>SIGNOFF OVAL-DEVELOPER-LIST
>in the BODY of the message.  If you have difficulties, write to OVAL-
>[hidden email].
>
>To unsubscribe, send an email message to [hidden email] with
>SIGNOFF OVAL-DEVELOPER-LIST
>in the BODY of the message.  If you have difficulties, write to OVAL-
>[hidden email].

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].
Jezza

Re: Suse Linux definitions and parser...

Reply Threaded More More options
Print post
Permalink
In reply to this post by Marcus Meissner
Hello,
Could you add to your definition tag about date of definition release?

And in official definitions for Suse from mitre.org is as reference CPE.
Where can I find this CPE repository or what is it?

I'm sry, I have noob questions...

J. J.
Marcus Meissner wrote:

> On Thu, Mar 26, 2009 at 02:52:18PM +0100, Jakub Jezek wrote:
>  
>> Hello,
>> I'm looking for OVAL definitions for Suse Linux? Has Suse own
>> definitions files or I must use definitions in oval.xml from oval.mitre.org?
>>    
>
> I actually have started to autogenerate OVAL descriptions for
> SUSE Linux. Its more or less in ALPHA state now, but has the full
> dataset converted to OVAL description.
>
> http://www.suse.de/~meissner/oval/
>
> I am working on improving it to match all the OVAL document recommendations,
> but I only slowly understand all the concepts ;)
>  
>  
>> My second question is, do you know any good parser for Oval (XML)? I
>> prefer Perl language. Or have you got any practical tutorial or manual
>> how to parse it?
>>    
>
> ovaldi is painfully slow for me. I would also be interested in either having
> it sped up or having another faster tool..
>
> Ciao, Marcus
>
> To unsubscribe, send an email message to [hidden email] with
> SIGNOFF OVAL-DEVELOPER-LIST
> in the BODY of the message.  If you have difficulties, write to [hidden email].
>
>
>  

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].
Vladimir Giszpenc

Re: Suse Linux definitions and parser...

Reply Threaded More More options
Print post
Permalink
In reply to this post by Marcus Meissner
> ovaldi is painfully slow for me. I would also be interested in either
> having
> it sped up or having another faster tool..
>
> Ciao, Marcus

Since SuSE is almost guaranteed to have Mono, you should take a look at
http://www.lbtechservices.com/software/oss/sussen/
It is a C# OVAL scanner.

Vlad

Note, I have no idea if the sussen performance is any better than
ovaldi.  And it may be suffering from bit rot.

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].
bakerj

Re: Suse Linux definitions and parser...

Reply Threaded More More options
Print post
Permalink
In reply to this post by Jezza
>
>And in official definitions for Suse from mitre.org is as reference CPE.
>Where can I find this CPE repository or what is it?
>

You can learn more about CPE here:
http://cpe.mitre.org

The CPE Dictionary web page is here:
http://cpe.mitre.org/dictionary/index.html


jon

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].
Free Embeddable Forum Powered by Nabble Help