Hello Gary,
I am not sure if I am following your concerns.
On 08/01/2013 08:38 PM, Gary Gapinski wrote:
On 08/01/2013 02:11 PM, Steve Grubb wrote:
> OVAL variable support is a certification requirement for any SCAP 1.2 scanner.
> Its in the 7511 as SCAP.T.2000.5. So, any validated scanner should handle it.
Perhaps. I would expect that had my expectations not been previously
negatively calibrated.
Please take a close look at the example I provided. It is an acid test
for proper evaluation in the context of a single OVAL external variable
assuming two values for two invocations of a definition.
I took closer look. This use case is supported by OpenSCAP.
I do not
believe such usage is precluded by XCCDF or OVAL. Nor does a cursory
scan of SCAP 1.1 (§3.2.5.2 appears to be the only applicable section) or
SCAP 1.2 (§3.2.5).
There is couple of places where the multiple variable values are
described. However, the exact use case use shared with us is part of
requirement SCAP.T.2000.5 within NISTIR-7511. (The automated test suite
for SCAP.T.2000.5 contains the very same example as yours).
I cannot speak for other scanners. And I don't know if it is supported
by ovaldi. Nevertheless, I wanted to raise this functionality to your
attention.
Perhaps, there is indeed a risk of inter-operability loss assigned with
usage of advanced concepts of SCAP. If so, then the standard needs to be
more explicit next time.
Such re-use allows great economy of expression. It can, be extended to
check settings such as those specified using sysctl, e.g.,
net.ipv4.ip_forward = 0.
Regards,
Gary