-
Notifications
You must be signed in to change notification settings - Fork 706
Writing OVAL Content
Greg Elin edited this page Jul 20, 2015
·
20 revisions
Understanding the following conventions will make it easier to navigate the SCAP-Security-Guide repository and author SCAP content.
- OVAL definitions are written as SSG source OVAL XML files using a shorthand syntax. This shorthand syntax is unique to SSG.
- Each SSG source OVAL XML file defines one vulnerability assessment definition. (A definition of one vulnerability can test multiple criteria.)
- Each SSG source OVAL XML file is named for the vulnerability assessed, separating words with underscores (example:
accounts_password_pam_dcredit.xml). The filename is identical the value ofdefinitiontag'sidattribute. - SSG source OVAL XML files are transformed into OVAL XML files during the SSG build process.
-
SSG source OVAL XML files applicable to a single version of software is located in the software's
input/checksdirectory. -
SSG source OVAL XML files applicable to a multiple versions of software is located in the
shared/ovaldirectory.
- Navigate to the
input/checks/directory for the software package for which the OVAL definition will be authored. - Choose the most appropriate stub template in
templates/directory. - Decide the name/id of the definition following the suggested
idconvention in the template'sdefinitiontag. - Copy the stub template file to a new SSG source OVAL XML file with the decided assessment name.
- Edit the SSG source OVAL XML file
definitiontag'sidattribute to contain the name of the SSG source OVAL XML file. - Save the SSG source OVAL XML file.
Example (Linux)
# Navigate to the SSG source OVAL directory
cd RHEL/7/input/checks/
# Choose templates/template_package_removed as most appropriate template
# Decide the name of OVAL definition will be "package_ntpdate_removed"
# Copy the stub template file to
cp templates/template_package_removed ./package_ntpdate_removed.xml
# Edit the SSG source OVAL XML file definition tag's id attribute to have name "package_ntpdate_removed.xml"(NOTE: If you authoring a test applicable to more than one software package or version thereof, navigate instead /shared/oval.)