The following is a description of the elements, types, and attributes that compose the Solaris specific system characteristic items found in Open Vulnerability and Assessment Language (OVAL). Each item is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here.
The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
Solaris System Characteristics
5.10
9/14/2011 8:58:23 AM
Copyright (c) 2002-2011, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.
Information about the instruction set architectures. This information can be retrieved by the isainfo command.
The isainfo_item was originally developed by Robert L. Hollis at ThreatGuard, Inc. Many thanks for their support of the OVAL project.
This is the number of bits in the address space of the native instruction set (isainfo -b).
This is the name of the instruction set used by kernel components (isainfo -k).
This is the name of the instruction set used by portable applications (isainfo -n).
This item represents data collected by the ndd command.
The name of the device for which the parameter was collected.
The instance of the device to examine. Certain devices may have multiple instances on a system. If multiple instances exist, this entity should be populated with its respective instance value. If only a single instance exists, this entity should not be collected.
The name of a parameter for example, ip_forwarding
The observed value of the named parameter.
Output of /usr/bin/pkginfo. See pkginfo(1).
The packagecheck_item holds verification information about an individual file that is part of a installed package. Each packagecheck_item contains a package designation, filepath, whether the checksum differs, whether the size differs, whether the modfication time differs, and how the actual permissions differ from the expected permissions. For more information, see pkgchk(1M). It extends the standard ItemType as defined in the oval-system-characteristics schema and one should refer to the ItemType description for more information.
The pkginst entity is a string that represents a package designation by its instance. An instance can be the package abbreviation or a specific instance (for example, inst.1 or inst.2).
The filepath element specifies the absolute path for a file or directory in the specified package..
Has the file's checksum changed? A value of true indicates that the file's checksum has changed. A value of false indicates that the file's checksum has not changed.
Has the file's size changed? A value of true indicates that the file's size has changed. A value of false indicates that the file's size has not changed.
Has the file's modified time changed? A value of true indicates that the file's modified time has changed. A value of false indicates that the file's modified time has not changed.
Has the actual user read permission changed from the expected user read permission?
Has the actual user write permission changed from the expected user write permission?
Has the actual user exec permission changed from the expected user exec permission?
Has the actual group read permission changed from the expected group read permission?
Has the actual group write permission changed from the expected group write permission?
Has the actual group exec permission changed from the expected group exec permission?
Has the actual others read permission changed from the expected others read permission?
Has the actual others read permission changed from the expected others read permission?
Has the actual others read permission changed from the expected others read permission?
Patches are identified by unique alphanumeric strings, with the patch base code first, a hyphen, and a number that represents the patch revision number. The information can be obtained using /usr/bin/showrev -p. Please see showrev(1M).
The base entity reresents a patch base code found before the hyphen.
The version entity represents a patch version number found after the hyphen.
The smf_item is used to hold information related to service management facility controlled services
The FMRI (Fault Managed Resource Identifier) entity holds the identifier associated with a service. Services managed by SMF are assigned FMRI URIs prefixed with the scheme name "svc". FMRIs used by SMF can be expressed in three ways: first as an absolute path including a location path such as "localhost" (eg svc://localhost/system/system-log:default), second as a path relative to the local machine (eg svc:/system/system-log:default), and third as simply the service identifier with the string prefixes implied (eg system/system-log:default). For OVAL, the absolute path version (first choice) should be used.
The service_name entity is usually an abbreviated form of the FMRI. In the example svc://localhost/system/system-log:default, the name would be system-log.
The service_state entity describes the state that the service is in. Each service instance is always in a well-defined state based on its dependencies, the results of the execution of its methods, and its potential receipt of events from the contracts filesystem. The service_state values are UNINITIALIZED, OFFLINE, ONLINE, DEGRADED, MAINTENANCE, DISABLED, and LEGACY-RUN.
The protocol entity describes the protocol supported by the service. Possible values are tcp, tcp6, tcp6only, udp, udp6, and udp6only
The entity server_executable is a string representing the listening daemon on the server side. An example being 'svcprop ftp' which might show 'inetd/start/exec astring /usr/sbin/in.ftpd\ -a'
The server_arguments entity describes the parameters that are passed to the service.
The exec_as_user entity is a string pulled from svcprop in the following format: inetd_start/user astring root
The EntityItemPermissionCompareType complex type restricts a string value to more, less, or same which specifies if an actual permission is different than the expected permission (more or less restrictive) or if the permission is the same. The empty string is also allowed to support empty elements associated with error conditions.
The actual permission is more restrictive than the expected permission.
The actual permission is less restrictive than the expected permission.
The actual permission is the same as the expected permission.
The empty string value is permitted here to allow for detailed error reporting.
The EntityItemSmfProtocolType defines the different values that are valid for the protocol entity of a smf_item. The empty string is also allowed as a valid value to support empty emlements associated with error conditions.
Request that service listen only for and pass on true IPv6 requests (not IPv4 mapped ones).
Request that service listen only for and pass on true IPv6 requests (not IPv4 mapped ones).
The empty string value is permitted here to allow for detailed error reporting.
The EntityItemSmfServiceStateType defines the different values that are valid for the service_state entity of a smf_item. The empty string is also allowed as a valid value to support empty emlements associated with error conditions.
The instance is enabled and running or available to run. The instance, however, is functioning at a limited capacity in comparison to normal operation.
The instance is disabled.
The instance is enabled, but not able to run. Administrative action is required to restore the instance to offline and subsequent states.
This state represents a legacy instance that is not managed by the service management facility. Instances in this state have been started at some point, but might or might not be running.
The instance is enabled, but not yet running or available to run.
The instance is enabled and running or is available to run.
This is the initial state for all service instances.
The empty string value is permitted here to allow for detailed error reporting.