[Open-scap] Get result of a linux command
Martin Preisler
mpreisle at redhat.com
Thu Oct 15 13:19:14 UTC 2015
----- Original Message -----
> From: "Baptiste Villiot" <bvilliot at silicom.fr>
> To: open-scap-list at redhat.com
> Sent: Thursday, October 15, 2015 2:38:45 PM
> Subject: [Open-scap] Get result of a linux command
>
> Hello,
>
> I would like to make a test in my OVAL file which pass if a linux
> command returns what I want, for example something like :
>
> <command_object
> xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"
> id="oval:test.test:obj:1" version="1" >
> <command_line datatype="string" operation="equals">echo
> abcdefghijkl | decode base64</command_line>
> </command_object>
>
> <command_state
> xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"
> id="oval:test.test:ste:1" version="1" >
> <value datatype="string" operation="pattern match"
> entity_check="all">^\{SSHA\}.*$</value>
> </command_state>
>
> Is there a way to do that ?
Nope, there is no such capability in OVAL 5.11.1. However you can
use an alternative checking language called SCE, check out
http://www.open-scap.org/page/SCE
Proposing such a feature to OVAL would be problematic, it goes against
the OVAL way of doing things and it's very hard to sandbox. What if you
expressed that you want OVAL to find out the output of command
"rm -rf /"?
We need something like Microsoft's PowerShell or a way to reliably
sandbox bash scripts so that they can't do bad things to the system.
Then it would be just a matter of specifying such OVAL test and
submitting.
--
Martin Preisler
Security Technologies | Red Hat, Inc.
More information about the Open-scap-list
mailing list