The following is a description of the elements, types, and attributes that compose the Solaris specific tests found in Open Vulnerability and Assessment Language (OVAL). Each test is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here.
The OVAL Schema is maintained by The Mitre Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
Solaris Definition
5.5
9/26/2008 7:31:00 AM
Copyright (c) 2002-2008, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.
The isainfo test reveals information about the instruction set architectures. This information can be retrieved by the isainfo command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an isainfo_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
The isainfo_test was originally developed by Robert L. Hollis at ThreatGuard, Inc. Many thanks for their support of the OVAL project.
- the object child element of an isainfo_test must reference an isainfo_object
- the state child element of an isainfo_test must reference an isainfo_state
The isainfo_object element is used by an isainfo test to define those objects to evaluated based on a specified state. There is actually only one object relating to isainfo and this is the system as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check isainfo will reference the same isainfo_object which is basically an empty object element.
The isainfo_state element defines the information about the instruction set architectures. Please refer to the individual elements in the schema for more details about what each represents.
This is the number of bits in the address space of the native instruction set (isainfo -b).
- datatype attribute for the bits entity of an isainfo_state should be 'string'
This is the name of the instruction set used by kernel components (isainfo -k).
- datatype attribute for the kernel_isa entity of an isainfo_state should be 'string'
This is the name of the instruction set used by portable applications (isainfo -n).
- datatype attribute for the application_isa entity of an isainfo_state should be 'string'
The package test is used to check information associated with different packages installed on the system. The information used by this test is modeled after the /usr/bin/pkginfo command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an inetd_object and the optional state element specifies the information to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
- the object child element of a package_test must reference a package_object
- the state child element of a package_test must reference a package_state
The package_object element is used by a package test to define the packages to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
A package object consists of a single pkginst entity that identifies the package to be used.
The pkginst entity is a string that represents a package designation by its instance. An instance can be the package abbreviation or a specific instance (for example, inst.1 or inst.2).
- datatype attribute for the pkginst entity of a package_object should be 'string'
The package_state element defines the different information associated with packages installed on the system. Please refer to the individual elements in the schema for more details about what each represents.
The pkginst entity is a string that represents a package designation by its instance. An instance can be the package abbreviation or a specific instance (for example, inst.1 or inst.2).
- datatype attribute for the pkginst entity of a package_state should be 'string'
The name entity is a text string that specifies a full package name.
- datatype attribute for the name entity of a package_state should be 'string'
The category entity is a string in the form of a comma-separated list of categories under which a package may be displayed. Note that a package must at least belong to the system or application category. Categories are case-insensitive and may contain only alphanumerics. Each category is limited in length to 16 characters.
- datatype attribute for the category entity of a package_state should be 'string'
The version entity is a text string that specifies the current version associated with the software package. The maximum length is 256 ASCII characters and the first character cannot be a left parenthesis. Current Solaris software practice is to assign this parameter monotonically increasing Dewey decimal values of the form: major_revision.minor_revision[.micro_revision] where all the revision fields are integers. The versioning fields can be extended to an arbitrary string of numbers in Dewey-decimal format, if necessary.
- datatype attribute for the version entity of a package_state should be 'string'
The vendor entity is a string used to identify the vendor that holds the software copyright (maximum length of 256 ASCII characters).
- datatype attribute for the vendor entity of a package_state should be 'string'
The description entity is a string that represents a more in-depth description of a package.
- datatype attribute for the description entity of a package_state should be 'string'
The patch test is used to check information associated with different patches installed on the system. The information being tested is based off the /usr/bin/showrev -p command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an inetd_object and the optional state element specifies the information to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
- the object child element of a patch54_test must reference a patch54_object
- the state child element of a patch54_test must reference a patch_state
This test has been deprecated and will be removed in version 6.0 of the language. Recommend use of the newer patch54_test.
The patch test is used to check information associated with different patches installed on the system. The information being tested is based off the /usr/bin/showrev -p command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an inetd_object and the optional state element specifies the information to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
- the object child element of a patch_test must reference a patch_object
- the state child element of a patch_test must reference a patch_state
The patch54_object element is used by a patch test to define the specific patch to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
A patch object consists of a base entity that identifies the patch to be used, and a version entity that represent the patch revision number.
Patches are identified by unique alphanumeric strings, with the patch base code first, a hyphen, and a number that represents the patch revision number.
- datatype attribute for the base entity of a patch54_object should be 'int'
Patches are identified by unique alphanumeric strings, with the patch base code first, a hyphen, and a number that represents the patch revision number.
- datatype attribute for the version entity of a patch54_object should be 'int'
This object has been deprecated and will be removed in version 6.0 of the language. Recommend use of the newer patch54_object.
The patch_object element is used by a patch test to define the specific patch to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
A patch object consists of a single base entity that identifies the patch to be used.
Patches are identified by unique alphanumeric strings, with the patch base code first, a hyphen, and a number that represents the patch revision number.
- datatype attribute for the base entity of a patch_object should be 'int'
The patch_state element defines the different information associated with a specific patch installed on the system. Please refer to the individual elements in the schema for more details about what each represents.
The base entity reresents a patch base code found before the hyphen.
- datatype attribute for the base entity of a patch_state should be 'int'
The version entity represents a patch version number found after the hyphen
- datatype attribute for the version entity of a patch_state should be 'int'
These behaviors allow a more detailed definition of the patch_object being specified.
'supersedence' specifies that the object should also match any superseding patches to the one being specified. In other words, if set to True the resulting object set would be the original patch specified plus any superseding patches. The default value is 'false' meaning the object should only match the specified patch.
The smf_test is used to check service management facility controlled services including traditional unix rc level start/kill scrips and inetd daemon services. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a smf_object and the optional state element specifies the information to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
- the object child element of a smf_test must reference a smf_object
- the state child element of a smf_test must reference a smf_state
The smf_object element is used by a smf_test to define the specific service instance to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
A smf_object consists of a service_name entity that identifies the service and a fmri entity that represents the fault management resource identifier.
The FMRI (Fault Managed Resource Identifier) entity is used to identify system objects for which advanced fault and resource management capabilities are provided. Services managed by SMF are assigned FMRI URIs prefixed with the scheme name "svc". FMRIs used by SMF can be expressed in three ways: first as an absolute path including a location path such as "localhost" (eg svc://localhost/system/system-log:default), second as a path relative to the local machine (eg svc:/system/system-log:default), and third as simply the service identifier with the string prefixes implied (eg system/system-log:default). For OVAL, the absolute path version (first choice) should be used.
- datatype attribute for the fmri entity of a smf_object should be 'string'
The smf_state element defines the different information associated with a specific smf controlled service. Please refer to the individual elements in the schema for more details about what each represents.
The FMRI (Fault Managed Resource Identifier) entity describes a possible identifier associated with a service. Services managed by SMF are assigned FMRI URIs prefixed with the scheme name "svc". FMRIs used by SMF can be expressed in three ways: first as an absolute path including a location path such as "localhost" (eg svc://localhost/system/system-log:default), second as a path relative to the local machine (eg svc:/system/system-log:default), and third as simply the service identifier with the string prefixes implied (eg system/system-log:default). For OVAL, the absolute path version (first choice) should be used.
- datatype attribute for the fmri entity of a smf_object should be 'string'
The service_name entity is usually an abbreviated form of the FMRI. In the example svc://localhost/system/system-log:default, the name would be system-log.
- datatype attribute for the service_name entity of a smf_object should be 'string'
The service_state entity describes a possible state that the service may be in. Each service instance is always in a well-defined state based on its dependencies, the results of the execution of its methods, and its potential receipt of events from the contracts filesystem. The service_state values are UNINITIALIZED, OFFLINE, ONLINE, DEGRADED, MAINTENANCE, DISABLED, and LEGACY-RUN.
- datatype attribute for the service_state entity of a smf_object should be 'string'
The protocol entity describes a possible protocol supported by the service. Possible values are tcp, tcp6, tcp6only, udp, udp6, and udp6only
- datatype attribute for the protocol entity of a smf_object should be 'string'
The entity server_executable is a string representing the listening daemon on the server side. An example being 'svcprop ftp' which might show 'inetd/start/exec astring /usr/sbin/in.ftpd\ -a'
- datatype attribute for the server_executable entity of a smf_object should be 'string'
The server_arguments entity describes possible parameters that are passed to the service.
- datatype attribute for the server_arguements entity of a smf_object should be 'string'
The exec_as_user entity is a string pulled from svcprop in the following format: inetd_start/user astring root
- datatype attribute for the exec_as_user entity of a smf_object should be 'string'
The EntityStateSmfProtocolType complex type defines the different values that are valid for the protocol entity of a smf_state. The empty string is also allowed as a valid value to support an empty element that is found when a variable reference is used within the type entity.
Request that service listen only for and pass on true IPv6 requests (not IPv4 mapped ones).
Request that service listen only for and pass on true IPv6 requests (not IPv4 mapped ones).
The EntityStateSmfServiceStateType complex type defines the different values that are valid for the service_state entity of a smf_state. The empty string is also allowed as a valid value to support an empty element that is found when a variable reference is used within the type entity.
The instance is enabled and running or available to run. The instance, however, is functioning at a limited capacity in comparison to normal operation.
The instance is disabled.
The instance is enabled, but not able to run. Administrative action is required to restore the instance to offline and subsequent states.
This state represents a legacy instance that is not managed by the service management facility. Instances in this state have been started at some point, but might or might not be running.
The instance is enabled, but not yet running or available to run.
The instance is enabled and running or is available to run.
This is the initial state for all service instances.