[Open-scap] Using variable_object in OVAL
Tomas Heinrich
theinric at redhat.com
Tue Aug 3 17:29:51 UTC 2010
On 08/03/2010 04:01 PM, Marshall Miller wrote:
> Hello,
>
> We have been trying to make use of variable_object which uses var_ref to reference an external_variable.
>
> Unfortunately, we always get a result of "Unknown" when using secstate or the oscap scanner in the util directory and we were wondering if there is something we are doing wrong. When I use ovaldi v5.6 I get the expected results.
>
> I have attached a simplified version of our OVAL which uses a constant_variable instead of an external_variable so the OVAL definition can be evaluated independently. There is only one definition and test and it looks in /etc/login.defs to see what the value of the PASS_MIN_LEN entry is. If it is>= 8 it should return true. If it is< 8 it should return false. If the entry does not exist then it should return error.
Hello Marshall,
your notice has led to several bug fixes, so thanks for letting us know.
There were also several problems in the OVAL file:
- By default posix regexps are used and some of the character classes
in the pattern are incompatible. It is possible to switch to PCRE at
compile time.
- The pattern can match a broader range of strings than intended which
causes the result to be false.
Definition file with these small adjustments is attached.
With the latest sources from git, it should work correctly now.
Tomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: passlen-var-ref2.oval.xml
Type: text/xml
Size: 3648 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20100803/3a7852b5/attachment.xml>
More information about the Open-scap-list
mailing list