[Open-scap] How to get an OVAL check to return Not Applicable
Simon Lukasik
slukasik at redhat.com
Wed Nov 19 09:21:23 UTC 2014
On 11/18/2014 11:56 PM, WARREN wrote:
> Hi all,
>
> I am writing an OVAL check that analyzes the contents of a file, but if
> that file is missing, I want to return "Not Applicable" rather
> than true or false.
>
I believe this use-case does not qualify as as "Not Applicable" by OVAL
definition.
You can learn more about 'not applicable' OVAL result at
http://oval.mitre.org/language/version5.10.1/ovalresults/documentation/oval-results-schema.html
quotation:
When evaluating a definition or test, a result value of 'not
applicable' means that the definition or test being evaluated is
not valid on the given platform.
> The documentation implies that this is possible (or so it seems to me)
> but I cannot find any specific example or recipe.
>
I was not able to find a relevant snippet that would imply this.
> Any sort of pointer would be great.
>
If you really insist on having not_applicable, I would use XCCDF+CPE to
verify file presence and then OVAL to check its content.
Best regards,
--
Simon Lukasik
Security Technologies, Red Hat, Inc.
https://github.com/isimluk
More information about the Open-scap-list
mailing list