Linux Certif

Toute la documentation sur la certification Linux LPI

ovaldi

NAME

ovaldi - a reference interpreter for the Open Vulnerability and Asessment Language

SYNOPSIS

ovaldi [-d filename] [-i filename] [-o filename] [-r filename] [-t filename] [-v filename] [-x filename] [-hmpzs] [MD5Hash]

DESCRIPTION

The MITRE Corporation developed the Open Vulnerability and Assessment Language (OVAL) Interpreter to provide the OVAL Community with an open source reference implementation of the language and its Definitions. The OVAL Interpreter uses OVAL Definitions to gather security relevant configuration information on a computer (e.g., rpm parameters, registry keys, file information, etc.), analyze the information for vulnerabilities and configuration issues, and report the results of the analysis for each definition.

OPTIONS

-h

Displays command line options.

-o filename

Specifies the pathname of the OVAL Definition file to use. If none is specified than the Interpreter will default to "definitions.xml" in the Interpreter directory.

-v filename

Specifies the pathname of the external variable file to use. If none is specified than the Interpreter will default to "external-variables.xml" in the Interpreter directory.

-e definition id list

Specifies a list of definition ids to evaluate in the input oval-definitions document. Supply definition ids as a comma seperated list like: oval:com.example:def:123,oval:com.example:def:234

-f filename

Path to a file containing a list of definitions to be evaluated. The file must comply with the evaluation-id schema.

-m

Run without requiring an MD5 checksum. Running the Interpreter with this option DISABLES an important security feature. In normal usage, a trusted checksum provided on the command line is used to verify the integrity of the OVAL Definitions file. Use of this option is recommended only when testing your own draft definitions before submitting them to the OVAL Community Forum for public review.

-n

Perform Schematron validation of the oval-defiitions file.

-c filename

Specifies the pathname of the oval-definitions-schematron.xsl to be used for Schematron validation. If none is specified then the Interpreter will default to "oval-definitions-schematron.xsl" in the Interpreter directory.

-i filename

Specifies the pathname of a System Characteristics file that is to be used as the basis of the analysis. In this mode, the Interpreter does not perform data collection on the local system, but relies upon the input file, which may have been generated on another system.

-d filename

Specifies the pathname of the file to which collected configuration data is to be saved. This data is stored in the format defined by the Systems Characteristics Schema.

-r filename

Specifies the pathname of the file to which analysis results are to be saved. This data is stored according to the format defined by the OVAL Results Schema. If none is specified than the Interpreter will default to "results.xml" in the Interpreter directory.

-s

If set do not apply the xsl to the OVAL Results xml.

-t filename

Specifies the pathname of the xsl file which should be used to transform the oval results. If none is specified then the Interpreter will default to "results_to_html.xsl" in the Interpreter directory.

-x filename

Specifies the pathname of the file which xsl transform results are to be saved. If none is specified then the Interpreter will default to "results.html" in the Interpreter directory.

-p

Verbose output. Print all information and error message to the console.

-z

Calculates and prints to the screen the MD5 checksum of the current data file (definitions.xml by default, or as specified by the -o option). This can be used to manually compare the current file with the trusted checksum available from the OVAL Web site.

EXAMPLES

Run the interpreter against the Linux definitions file, without verifying MD5 checksum:

ovaldi -o linux.definitions.xml -m

FILES

/usr/share/ovaldi/*.xsd

The schema files for the OVAL language.

AUTHOR

Man page written by Jonathan Baker (bakerj@mitre.org)