This page provides a listing of all the tests that are available in the different component schemas.
Deprecated tests are lined through.
| family_test |
The family_test element is used to check the family a certain system belongs to. This test basically allows the high level
system types (window, unix, ios, etc.) to be tested. It extends the standard TestType as defined in the oval-definitions-schema
and one should refer to the TestType description for more information. The required object element references a family_object
and the optional state element specifies the metadata to check.
|
| filehash_test |
The file hash test is used to check the hashes associated with a specified file. It extends the standard TestType as defined
in the oval-definitions-schema and one should refer to the TestType description for more information. The required object
element references a filehash_object and the optional state element specifies the different hashes to check.
|
| filehash58_test |
The file hash test is used to check a specific hash type associated with a specified file. It extends the standard TestType
as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required
object element references a filehash58_object and the optional state element specifies an expected hash value.
|
| environmentvariable_test |
The environmentvariable_test element is used to check an environment variable found on the system. It extends the standard
TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information.
The required object element references a environmentvariable_object and the optional state element specifies the metadata
to check.
|
| environmentvariable58_test |
The environmentvariable58_test element is used to check an environment variable for the specified process, which is identified
by its process ID, on the system . It extends the standard TestType as defined in the oval-definitions-schema and one should
refer to the TestType description for more information. The required object element references a environmentvariable_object
and the optional state element specifies the metadata to check.
|
| ldap_test |
The LDAP test is used to check information about specific entries in an LDAP directory. It extends the standard TestType as
defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required
object element references an ldap_object and the optional state element, ldap_state, specifies the metadata to check. Note that this test supports only simple (string based) value collection. For more complex values see the ldap57_test.
|
| ldap57_test |
The LDAP test is used to check information about specific entries in an LDAP directory. It extends the standard TestType as
defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required
object element references an ldap57_object and the optional state element, ldap57_state, specifies the metadata to check. Note that this test supports complex values that are in the form of a record. For simple (string based) value collection see
the ldap_test.
|
| sql_test |
The sql test is used to check information stored in a database. It is often the case that applications store configuration
settings in a database as opposed to a file. This test has been designed to enable those settings to be tested. It extends
the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more
information. The required object element references a wmi_object and the optional state element specifies the metadata to
check.
|
| sql57_test |
The sql test is used to check information stored in a database. It is often the case that applications store configuration
settings in a database as opposed to a file. This test has been designed to enable those settings to be tested. It extends
the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more
information. The required object element references a wmi_object and the optional state element specifies the metadata to
check.
|
| textfilecontent54_test |
The textfilecontent54_test element is used to check the contents of a text file (aka a configuration file) by looking at individual
blocks of text. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType
description for more information. The required object element references a textfilecontent54_object and the optional state
element specifies the metadata to check.
|
| textfilecontent_test |
The textfilecontent_test element is used to check the contents of a text file (aka a configuration file) by looking at individual
lines. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description
for more information. The required object element references a textfilecontent_object and the optional state element specifies
the metadata to check.
|
| unknown_test |
An unknown_test acts as a placeholder for tests whose implementation is unknown. This test always evaluates to a result of
'unknown'. Any information that is known about the test should be held in the notes child element that is available through
the extension of the abstract test element. It extends the standard TestType as defined in the oval-definitions-schema and
one should refer to the TestType description for more information. Note that for an unknown_test, the required check attribute
that is part of the extended TestType should be ignored during evaluation and hence can be set to any valid value.
|
| variable_test |
The variable test allows the value of a variable to be compared to a defined value. As an example one might use this test
to validate that a variable being passed in from an external source falls within a specified range. It extends the standard
TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information.
The required object element references a variable_object and the optional state element specifies the value to check.
|
| xmlfilecontent_test |
The xmlfilecontent_test element is used to explore the contents of an xml file. This test allows specific pieces of an xml
document specified using xpath to be tested. It extends the standard TestType as defined in the oval-definitions-schema and
one should refer to the TestType description for more information. The required object element references a xmlfilecontent_object
and the optional state element specifies the metadata to check.
|
| acl_test |
The acl test is used to check the properties of specific output lines from an ACL configuration. |
| bgpneighbor_test |
The bgpneighbor test is used to check the bgp neighbpr properties of bgp instances instances in IOS. |
| global_test |
The global test is used to check for the existence of a particular line in the ios config file under the global context. It
extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for
more information. The required object element references a global_object and the optional state element specifies the data
to check.
|
| interface_test |
The interface test is used to check for the existence of a particular interface on the Cisco IOS device. It extends the standard
TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information.
The required object element references a interface_object and the optional state element specifies the data to check.
|
| line_test |
The line test is used to check the properties of specific output lines from a SHOW command, such as show running-config. It
extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for
more information. The required object element references a line_object and the optional state element specifies the data to
check.
|
| router_test |
The router test is used to check the properties of specific output lines from a router configurated instance in IOS. |
| routingprotocolauthintf_test |
The routing protocol authentication interface test is used to check the properties of routing protocol authentication configured
under interfaces in IOS.
|
| section_test |
The section test is used to check the properties of specific output lines from a configuration section. |
| snmp_test |
Tests if lines under the global context associated with snmp that have a specifiec access list or community name. |
| snmpcommunity_test |
The snmpcommunity test is used to check the properties of specific output lines from an SNMP configuration. |
| snmpgroup_test |
The snmpgroup test is used to check the properties of specific output lines from an SNMP group configuration. |
| snmphost_test |
The snmphost test is used to check the properties of specific output lines from an SNMP configuration. |
| snmpuser_test |
The snmpuser test is used to check the properties of specific output lines from an SNMP user configuration. |
| snmpview_test |
The snmpview test is used to check the properties of specific output lines from an SNMP view configuration. |
| tclsh_test |
The tclsh test is used to check tclsh information of the IOS operating system. It extends the standard TestType as defined
in the oval-definitions-schema and one should refer to the TestType description for more information. The required object
element references a tclsh_object and the optional state element specifies the data to check.
|
| version55_test |
The version55_test is used to check the version of the IOS operating system. It extends the standard TestType as defined in
the oval-definitions-schema and one should refer to the TestType description for more information. The required object element
references a version_object and the optional state element specifies the data to check.
|
| version_test |
The version test is used to check the version of the IOS operating system. It extends the standard TestType as defined in
the oval-definitions-schema and one should refer to the TestType description for more information. The required object element
references a version_object and the optional state element specifies the data to check.
|
| dpkginfo_test |
The dpkginfo test is used to check information for a given DPKG package. It extends the standard TestType as defined in the
oval-definitions-schema and one should refer to the TestType description for more information. The required object element
references a dpkginfo_object and the optional state element specifies the data to check.
|
| iflisteners_test |
The iflisteners_test is used to check what applications such as packet sniffers that are bound to an interface on the system.
This is limited to applications that are listening on AF_PACKET sockets. Furthermore, only applications bound to an ethernet
interface should be collected. It extends the standard TestType as defined in the oval-definitions-schema and one should refer
to the TestType description for more information. The required object element references an iflisteners_object and the optional
iflisteners_state element specifies the data to check.
|
| inetlisteningservers_test |
The inet listening servers test is used to check what applications are listening on the network. This is limited to applications
that are listening for connections that use the TCP or UDP protocols and have addresses represented as IPv4 or IPv6 addresses
(AF_INET or AF_INET6). It is generally using the parsed output of running the command netstat -tuwlnpe with root privilege.
It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description
for more information. The required object element references an inetlisteningservers_object and the optional state element
specifies the data to check.
|
| partition_test |
The partition_test is used to check the information associated with partitions on the local system. It extends the standard
TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information.
The required object element references a partition_object and the optional state element references a partition_state that
specifies the information to check.
|
| rpminfo_test |
The rpminfo_test is used to check the RPM header information for a given RPM package. It extends the standard TestType as
defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required
object element references a rpminfo_object and the optional state element specifies the data to check.
|
| rpmverify_test |
The rpmverify_test is used to verify the integrity of installed RPMs. This test aligns with the rpm -V command for verifying
RPMs. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description
for more information. The required object element references a rpmverify_object and the optional state element specifies the
data to check.
|
| rpmverifyfile_test |
The rpmverifyfile_test is used to verify the integrity of the individual files in installed RPMs. This test aligns with the
rpm -V command for verifying RPMs. It extends the standard TestType as defined in the oval-definitions-schema and one should
refer to the TestType description for more information. The required object element references a rpmverifyfile_object and
the optional state element specifies the data to check.
|
| rpmverifypackage_test |
The rpmverifypackage_test is used to verify the integrity of installed RPMs. This test aligns with the rpm -V command for
verifying RPMs. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType
description for more information. The required object element references a rpmverifypackage_object and the optional state
element specifies the data to check.
|
| selinuxboolean_test |
The selinuxboolean_test is used to check the current and pending status of a SELinux boolean. It extends the standard TestType
as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required
object element references a selinuxboolean_object and the optional state element references a selinuxboolean_state that specifies
the metadata to check.
|
| selinuxsecuritycontext_test |
The selinuxsecuritycontext_test is used to check the security context of a file or process on the local system. It extends
the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more
information. The required object element references a selinuxsecuritycontext_object and the optional state element references
a selinuxsecuritycontext_state that specifies the metadata to check.
|
| slackwarepkginfo_test |
The slackware package info test is used to check information associated with a given Slackware package. It extends the standard
TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information.
The required object element references a slackwarepkginfo_object and the optional state element specifies the data to check.
|
| systemdunitdependency_test |
The systemdunitdependency_test is used to retrieve information about dependencies of a single systemd unit in the form of
a list. This list contains all dependencies, including transitive dependencies. For more information see the output generated
by systemctl list-dependencies --plain $unit. It extends the standard TestType as defined in the oval-definitions-schema and
one should refer to the TestType description for more information. The required object element references a systemdunitdependency_object
and the optional state element specifies the data to check.
|
| systemdunitproperty_test |
The systemdunitproperty_test is used to retrieve information about systemd units in form of properties. For more information
see the output generated by systemctl show $unit. It extends the standard TestType as defined in the oval-definitions-schema
and one should refer to the TestType description for more information. The required object element references a systemdunitproperty_object
and the optional state element specifies the data to check.
|
| accountinfo_test |
User account information (username, uid, gid, etc.) See netinfo(5) for field information, niutil(1) for retrieving it. As
of Mac OS 10.5, niutil(1) is no longer available, however, the same functionality can be obtained using dscl(1). Specifically,
the command 'dscl . -list /Users' can be used to list all users and the command 'dscl . -read /Users/some_user passwd uid
gid realname home shell' can be used to retrieve the attributes associated with an account.
|
| authorizationdb_test |
The authorizationdb_test is used to check the properties of the plist-style XML output from the "security authorizationdb
read >right-name<" command, for reading information about rights authorizations on MacOSX. It extends the standard TestType
as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required
object element references an authorizationdb_object and the optional state element specifies the data to check.
|
| corestorage_test |
The corestorage_test is used to check the properties of the plist-style XML output from the "diskutil cs list -plist" command,
for reading information about the CoreStorage setup on MacOSX. It extends the standard TestType as defined in the oval-definitions-schema
and one should refer to the TestType description for more information. The required object element references an corestorage_object
and the optional state element specifies the data to check.
|
| diskutil_test |
The diskutil_test is used to verify disks on a Mac OS system. The information used by this test is modeled after the diskutil
command. For more information, see diskutil(8). It extends the standard TestType as defined in the oval-definitions-schema
and one should refer to the TestType description for more information. The required object element references a diskutil_object
and the optional diskutil_state element specifies the data to check.
|
| gatekeeper_test |
The gatekeeper_test is used to check the status of Gatekeeper and any unsigned applications that have been granted execute
permission.
|
| inetlisteningservers_test |
This test's purpose is generally used to check if an application is listening on the network, either for a new connection
or as part of an ongoing connection. This is limited to applications that are listening for connections that use the TCP or
UDP protocols and have addresses represented as IPv4 or IPv6 addresses (AF_INET or AF_INET6). It is generally speaking the
parsed output of running the command netstat -tuwlnpe with root privilege.
|
| inetlisteningserver510_test |
The inetlisteningserver510_test is used to check if an application is listening on the network, either for a new connection
or as part of an ongoing connection. This is limited to applications that are listening for connections that use the TCP or
UDP protocols and have addresses represented as IPv4 or IPv6 addresses (AF_INET or AF_INET6). One method for retrieving the
required information is by parsing the output of the command 'lsof -i -P -n -l' with root privileges.
|
| keychain_test |
The keychain_test is used to check the properties of the plist-style XML output from the "security show-keychain-info >keychain<"
command, for reading information about keychain settings on MacOSX. It extends the standard TestType as defined in the oval-definitions-schema
and one should refer to the TestType description for more information. The required object element references an keychain_object
and the optional state element specifies the data to check.
|
| launchd_test |
The launchd_test is used to check the status of daemons/agents loaded via the launchd service. It extends the standard TestType
as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required
object element references a launchd_object and the optional state element specifies the data to check.
|
| nvram_test |
This test pulls data from the 'nvram -p' output. |
| plist_test |
The plist_test is used to check the value(s) associated with property list preference keys. It extends the standard TestType
as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required
object element references a plist_object and the optional plist_state element specifies the data to check.
|
| plist510_test |
The plist510_test is used to check the value(s) associated with property list preference keys. It extends the standard TestType
as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required
object element references a plist510_object and the optional plist510_state element specifies the data to check.
|
| pwpolicy_test |
This test pulls data from the 'pwpolicy -getpolicy' output. The actual values get stored under /var/db/netinfo/local.nidb/
in a Store.# file. Is this test actually needed, or can the text file content test be used instead?
|
| pwpolicy59_test |
This test retrieves password policy data from the 'pwpolicy -getpolicy -u target_user [-a username] [-p userpass] [-n directory_node]'
output where username, userpass, and directory_node are optional. Please see the 'pwpolicy' man page for additional information.
|
| rlimit_test |
The rlimit_test is used to check system resource limits for launchd. It is a singleton object. It extends the standard TestType
as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The state
element specifies the system setup elements to check.
|
| softwareupdate_test |
The softwareupdate_test is used to check the status of automatic software updates on MacOSX. It is a singleton object. It
extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for
more information. The state element specifies the softwareupdate elements to check.
|
| systemprofiler_test |
The systemprofiler_test is used to check the properties of the plist-style XML output from the "system_profiler -xml <data
type>" command, for reading information about system inventory data on MacOSX. It extends the standard TestType as defined
in the oval-definitions-schema and one should refer to the TestType description for more information. The required object
element references an systemprofiler_object and the optional state element specifies the data to check.
|
| systemsetup_test |
The systemsetup_test is used to check systemsetup properties. It is a singleton object. It extends the standard TestType as
defined in the oval-definitions-schema and one should refer to the TestType description for more information. The state element
specifies the system setup elements to check.
|
| spwebapplication_test |
The spwebapplication test is used to check the properties or permission settings of a SharePoint web application. It extends
the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more
information. The required object element references a spwebapplication_object and the optional state element
specifies the data to check.
|
| spgroup_test |
The spgroup test is used to check the group properties for site collections. It extends the standard TestType as defined in
the oval-definitions-schema and one should refer to the TestType description for more information. The required object element
references an spwebapplication_object and the optional state element specifies the data to
check.
|
| spweb_test |
The spweb test is used to check the properties for site collections. It extends the standard TestType as defined in the oval-definitions-schema
and one should refer to the TestType description for more information. The required object element references an spwebapplication_object
and the optional state element specifies the data to check.
|
| splist_test |
The splist test is used to check the properties of lists associated with a SharePoint site or site collection. It extends
the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more
information. The required object element references an splist_object and the optional state element specifies the data
to check.
|
| spantivirussettings_test |
The spantivirussettings test is used to check the settings for antivirus software associated with a SharePoint deployment. |
| spsiteadministration_test |
The spsiteadministration test is used to check the properties of a site. It extends the standard TestType as defined in the
oval-definitions-schema and one should refer to the TestType description for more information. The required object element
references an spwebapplication_object and the optional state element specifies the data to
check.
|
| spsite_test |
The spsite test is used to check the properties of a site. It extends the standard TestType as defined in the oval-definitions-schema
and one should refer to the TestType description for more information. The required object element references an spwebapplication_object
and the optional state element specifies the data to check.
|
| spcrawlrule_test |
The spcrawlrule test is used to check the configuration or rules associated with the SharePoint system's built-in indexer
and the sites or documents that will be indexed.
|
| spjobdefinition_test |
The spjobdefinition test is used to check the status of the various properties associated with scheduled jobs in the SharePoint
system.
|
| spjobdefinition510_test |
The spjobdefinition test is used to check the status of the various properties associated with scheduled jobs in the SharePoint
system.
|
| bestbet_test |
The bestbet test is used to get all the best bets associated with a site. |
| infopolicycoll_test |
The policycoll test is used to get all the Information Policies associated with a site. |
| spdiagnosticsservice_test |
The spdiagnosticsservice test is used to check the diagnostic properties associated with a Sharepoint system. |
| spdiagnosticslevel_test |
The spdiagnosticslevel_test is used to check the status of the logging features associated with a Sharepoint deployment. |
| sppolicyfeature_test |
The sppolicyfeature test enables one to check the attributes associated with policies and policy features on the Sharepoint
deployment.
|
| sppolicy_test |
The sppolicy test enables one to check the attributes of the policies associated with a particular URL Zone in a Sharepoint
system.
|
| facet_test |
The facet_test is used to check the facets associated with the specified Image Packaging System image. Facets are properties
that control whether or not optional components from a package are installed on a system. It extends the standard TestType
as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required
object element references an facet_object and the optional state elements reference a facet_state and specifies the data to
check.
|
| image_test |
The image_test provides support for checking the metadata of IPS images on Solaris systems. The test extends the standard
TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information.
The required object element references a image_object and the optional state elements reference image_states that specify
the metadata to check about a set of images.
|
| isainfo_test |
The isainfo test reveals information about the instruction set architectures. This information can be retrieved by the isainfo
command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description
for more information. The required object element references an isainfo_object and the optional state element specifies the
metadata to check. The isainfo_test was originally developed by Robert L. Hollis at ThreatGuard, Inc. Many thanks for their support of the OVAL
project.
|
| ndd_test |
From /usr/bin/ndd. See ndd manpage for specific fields |
| package_test |
The package test is used to check information associated with different SVR4 packages installed on the system. Image Packaging
System (IPS) packages are not supported by this test. The information used by this test is modeled after the /usr/bin/pkginfo
command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description
for more information. The required object element references an package_object and the optional state element specifies the
information to check.
|
| package511_test |
The package511_test provides support for checking the metadata of packages installed using the Solaris Image Packaging System.
The test extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description
for more information. The required object element references a package511_object and the optional state elements reference
package511_states that specify the metadata to check about a set of packages.
|
| packageavoidlist_test |
The packageavoidlist_test provides support for checking the metadata of IPS packages that have been flagged as needing to
avoid from installation on a Solaris system. The test extends the standard TestType as defined in the oval-definitions-schema
and one should refer to the TestType description for more information. The required object element references a packageavoidlist_object
and the optional state elements reference packageavoidlist_states that specify the metadata to check about a set of packages
that have been flagged as to be avoided on a Solaris system.
|
| packagecheck_test |
The packagecheck_test is used to verify the integrity of an installed Solaris SVR4 package. Image Packaging System (IPS) packages
are not supported by this test. The information used by this test is modeled after the pkgchk command. For more information,
see pkgchk(1M). It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType
description for more information. The required object element references a packagecheck_object and the optional packagecheck_state
element specifies the data to check.
|
| packagefreezelist_test |
The packagefreezelist_test provides support for checking the metadata of IPS packages that have been frozen at a particular
version. The test extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType
description for more information. The required object element references a packagefreezelist_object and the optional state
elements reference packagefreezelist_states that specify the metadata to check about a set of packages.
|
| packagepublisher_test |
The packagepublisher_test provides support for checking the metadata of package publishers on a Solaris system. The test extends
the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more
information. The required object element references a packagepublisher_object and the optional state elements reference packagepublisher_states
that specify the metadata to check about a set of package publishers on a Solaris system.
|
| patch54_test |
The patch test is used to check information associated with different patches for SVR4 packages installed on the system. Image
Packaging System (IPS) packages do not support patches and are not supported by this test. The information being tested is
based off the /usr/bin/showrev -p command. It extends the standard TestType as defined in the oval-definitions-schema and
one should refer to the TestType description for more information. The required object element references an inetd_object
and the optional state element specifies the information to check.
|
| patch_test |
The patch test is used to check information associated with different patches installed on the system. The information being
tested is based off the /usr/bin/showrev -p command. It extends the standard TestType as defined in the oval-definitions-schema
and one should refer to the TestType description for more information. The required object element references an inetd_object
and the optional state element specifies the information to check.
|
| smf_test |
The smf_test is used to check service management facility controlled services including traditional unix rc level start/kill
scrips and inetd daemon services. It extends the standard TestType as defined in the oval-definitions-schema and one should
refer to the TestType description for more information. The required object element references a smf_object and the optional
state element specifies the information to check.
|
| smfproperty_test |
The smfproperty_test is used to check the value of properties associated with SMF services. It extends the standard TestType
as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required
object element references an smfproperty_object and the optional state elements reference a smfproperty_state and specifies
the data to check.
|
| variant_test |
The variant_test is used to check the variants associated with the current Image Packaging System image. Variants are properties
that control whether or not mutually exclusive components from a package are installed on a system. It extends the standard
TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information.
The required object element references an variant_object and the optional state elements reference a variant_state and specifies
the data to check.
|
| virtualizationinfo_test |
The virtualizationinfo_test provides support for checking the metadata associated with the current virtualization environment
this instance of Solaris is running on. The test extends the standard TestType as defined in the oval-definitions-schema and
one should refer to the TestType description for more information. The required object element references a virtualizationinfo_object
and the optional state elements reference virtualizationinfo_states that specify the metadata to check the current virtualization
environment.
|
| dnscache_test |
The dnscache_test is used to check the time to live and IP addresses associated with a domain name. The time to live and
IP addresses for a particular domain name are retrieved from the DNS cache on the local system. It extends the standard TestType
as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required
object element references a dnscache_object and the optional state element specifies the metadata to check.
|
| file_test |
The file test is used to check metadata associated with UNIX files, of the sort returned by either an ls command, stat command
or stat() system call. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to
the TestType description for more information. The required object element references a file_object and the optional state
element specifies the metadata to check.
|
| fileextendedattribute_test |
The file extended attribute test is used to check extended attribute values associated with UNIX files, of the sort returned
by the getfattr command or getxattr() system call. It extends the standard TestType as defined in the oval-definitions-schema
and one should refer to the TestType description for more information. The required object element references a fileextendedattribute_object
and the optional state element specifies the extended attributes to check. NOTE: Solaris has a very different implementation of "extended attributes" in which the attributes are really an orthogonal
directory hierarchy of files. See the Solaris documentation for more details. The file extended attribute test only handles
simple name/value pairs as implemented by most other UNIX derived operating systems.
|
| gconf_test |
The gconf_test is used to check the attributes and value(s) associated with GConf preference keys. It extends the standard
TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information.
The required object element references a gconf_object and the optional gconf_state element specifies the data to check.
|
| inetd_test |
The inetd test is used to check information associated with different Internet services. It extends the standard TestType
as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required
object element references an inetd_object and the optional state element specifies the information to check.
|
| interface_test |
The interface test enumerates various attributes about the interfaces on a system. It extends the standard TestType as defined
in the oval-definitions-schema and one should refer to the TestType description for more information. The required object
element references an interface_object and the optional state element specifies the interface information to check.
|
| password_test |
/etc/passwd. See passwd(4). The password test is used to check metadata associated with the UNIX password file, of the sort returned by the passwd command.
It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description
for more information. The required object element references a password_object and the optional state element specifies the
metadata to check.
|
| process_test |
The process test is used to check information found in the UNIX processes. It is equivalent to parsing the output of the ps
command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description
for more information. The required object element references a process_object and the optional state element specifies the
process information to check.
|
| process58_test |
The process58_test is used to check information found in the UNIX processes. It is equivalent to parsing the output of the
ps command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType
description for more information. The required object element references a process58_object and the optional state element
references a process58_state that specifies the process information to check.
|
| routingtable_test |
The routingtable_test is used to check information about the IPv4 and IPv6 routing table entries found in a system's primary
routing table. It is important to note that only numerical addresses will be collected and that their symbolic representations
will not be resolved. This equivalent to using the '-n' option with route(8) or netstat(8). It extends the standard TestType
as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required
object element references a routingtable_object and the optional routingtable_state element specifies the data to check.
|
| runlevel_test |
The runlevel test is used to check information about which runlevel specified services are scheduled to exist at. For more
information see the output generated by a chkconfig --list. It extends the standard TestType as defined in the oval-definitions-schema
and one should refer to the TestType description for more information. The required object element references a runlevel_object
and the optional state element specifies the data to check.
|
| sccs_test |
|
| shadow_test |
The shadow test is used to check information from the /etc/shadow file for a specific user. This file contains a user's password,
but also their password aging and lockout information. It extends the standard TestType as defined in the oval-definitions-schema
and one should refer to the TestType description for more information. The required object element references an shadow_object
and the optional state element specifies the information to check.
|
| symlink_test |
The symlink_test is used to obtain canonical path information for symbolic links. |
| sysctl_test |
The sysctl_test is used to check the values associated with the kernel parameters that are used by the local system. It extends
the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more
information. The required object element references a sysctl_object and the optional state element references a sysctl_state
that specifies the information to check.
|
| uname_test |
The uname test reveals information about the hardware the machine is running on. This information is the parsed equivalent
of uname -a. For example: "Linux quark 2.6.5-7.108-default #1 Wed Aug 25 13:34:40 UTC 2004 i686 i686 i386 GNU/Linux" or "Darwin
TestHost 7.7.0 Darwin Kernel Version 7.7.0: Sun Nov 7 16:06:51 PST 2004; root:xnu/xnu-517.9.5.obj~1/RELEASE_PPC Power Macintosh
powerpc". It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType
description for more information. The required object element references a uname_object and the optional state element specifies
the metadata to check.
|
| xinetd_test |
The xinetd test is used to check information associated with different Internet services. It extends the standard TestType
as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required
object element references an inetd_object and the optional state element specifies the information to check.
|
| accesstoken_test |
The accesstoken_test is used to check the properties of a Windows access token as well as individual privileges and rights
associated with it. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the
TestType description for more information. The required object element references an accesstoken_object and the optional state
element specifies the data to check.
|
| activedirectory_test |
The active directory test is used to check information about specific entries in active directory. It extends the standard
TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information.
The required object element references an activedirectory_object and the optional state element specifies the metadata to
check. Note that this test supports only simple (string based) value collection. For more complex values see the activedirectory57_test.
|
| activedirectory57_test |
The active directory test is used to check information about specific entries in active directory. It extends the standard
TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information.
The required object element references an activedirectory57_object and the optional state element specifies the metadata to
check. Note that this test supports complex values that are in the form of a record. For simple (string based) value collection see
the activedirectory_test.
|
| auditeventpolicy_test |
The auditeventpolicy_test is used to check different types of events the system should audit. It extends the standard TestType
as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required
object element references a auditeventpolicy_object and the optional state element specifies the metadata to check.
|
| auditeventpolicysubcategories_test |
The auditeventpolicysubcategories_test is used to check the audit event policy settings on a Windows system. These settings
are used to specify which system and network events are monitored. For example, if the credential_validation element has
a value of AUDIT_FAILURE, it means that the system is configured to log all unsuccessful attempts to validate a user account
on a system. It is important to note that these audit event policy settings are specific to certain versions of Windows. As
a result, the documentation for that version of Windows should be consulted for more information on each setting. The test
extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for
more information. The required object element references a auditeventpolicy_object and the optional state element specifies
the metadata to check.
|
| cmdlet_test |
The cmdlet_test is used to levarage a PowerShell cmdlet to check a Windows system. The test extends the standard TestType
as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required
object element references a cmdlet_object and the optional state element specifies the metadata to check.
|
| dnscache_test |
The dnscache_test is used to check the time to live and IP addresses associated with a domain name. The time to live and
IP addresses for a particular domain name are retrieved from the DNS cache on the local system. The entries in the DNS cache
can be collected using Microsoft's DnsGetCacheDataTable() and DnsQuery() API calls. It extends the standard TestType as defined
in the oval-definitions-schema and one should refer to the TestType description for more information. The required object
element references a dnscache_object and the optional state element specifies the metadata to check.
|
| file_test |
The file test is used to check metadata associated with Windows files. It extends the standard TestType as defined in the
oval-definitions-schema and one should refer to the TestType description for more information. The required object element
references a file_object and the optional state element specifies the metadata to check.
|
| fileauditedpermissions53_test |
The file audit permissions test is used to check the audit permissions associated with Windows files. Note that the trustee's
audited permissions are the audit permissons that the SACL grants to the trustee or to any groups of which the trustee is
a member. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType
description for more information. The required object element references a fileauditedpermissions_object and the optional
state element specifies the metadata to check.
|
| fileauditedpermissions_test |
The file audited permissions test is used to check the audit permissions associated with Windows files. Note that the trustee's
audited permissions are the audit permissons that the SACL grants to the trustee or to any groups of which the trustee is
a member. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType
description for more information. The required object element references a fileauditedpermissions_object, and the optional
state element references a fileauditedpermissions_state that specifies the metadata to check.
|
| fileeffectiverights53_test |
The file effective rights test is used to check the effective rights associated with Windows files. Note that the trustee's
effective access rights are the access rights that the DACL grants to the trustee or to any groups of which the trustee is
a member. The fileeffectiverights53_test element extends the standard TestType as defined in the oval-definitions-schema and
one should refer to the TestType description for more information. The required object element references a fileeffectiverights53_object
and the optional state element specifies the metadata to check.
|
| fileeffectiverights_test |
The file effective rights test is used to check the effective rights associated with Windows files. Note that the trustee's
effective access rights are the access rights that the DACL grants to the trustee or to any groups of which the trustee is
a member. The fileeffectiverights_test element extends the standard TestType as defined in the oval-definitions-schema and
one should refer to the TestType description for more information. The required object element references a fileeffectiverights_object
and the optional state element specifies the metadata to check.
|
| group_test |
The group_test allows the different users and subgroups, that directly belong to specific groups (identified by name), to
be tested. When the group_test collects the groups on the system, it should only include the local and built-in group accounts
and not domain group accounts. However, it is important to note that domain group accounts can still be looked up. Also,
note that the subgroups of the group will not be resolved to find indirect user and group members. If the subgroups need to
be resolved, it should be done using the sid_object. It extends the standard TestType as defined in the oval-definitions-schema
and one should refer to the TestType description for more information. The required object element references a group_object
and the optional state element specifies the metadata to check.
|
| group_sid_test |
The group_sid_test allows the different users and subgroups, that directly belong to specific groups (identified by SID),
to be tested. When the group_sid_test collects the group SIDs on the system, it should only include the local and built-in
group SIDs and not domain group SIDs. However, it is important to note that domain group SIDs can still be looked up. Also,
note that the subgroups of the group will not be resolved to find indirect user and group members. If the subgroups need to
be resolved, it should be done using the sid_sid_object. It extends the standard TestType as defined in the oval-definitions-schema
and one should refer to the TestType description for more information. The required object element references a group_sid_object
and the optional state element specifies the metadata to check.
|
| interface_test |
The interface test enumerate various attributes about the interfaces on a system. It extends the standard TestType as defined
in the oval-definitions-schema and one should refer to the TestType description for more information. The required object
element references an interface_object and the optional state element specifies the interface information to check.
|
| license_test |
The license_test is used to check the content of a particular entry in the Windows registry HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions
key, ProductPolicy value. Access to this data is exposed by the functions NtQueryLicenseValue (and also, in version 6.0 and
higher, ZwQueryLicenseValue) in NTDLL.DLL.
|
| lockoutpolicy_test |
The lockout policy test enumerates various attributes associated with lockout information for users and global groups in the
security database. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the
TestType description for more information. The required object element references a lockoutpolicy_object and the optional
state element specifies the metadata to check.
|
| metabase_test |
The metabase test is used to check information found in the Windows metabase. It extends the standard TestType as defined
in the oval-definitions-schema and one should refer to the TestType description for more information. The required object
element references a metabase_object and the optional state element specifies the metadata to check.
|
| ntuser_test |
The ntuser test is used to check metadata associated with Windows ntuser.dat files. It extends the standard TestType as defined
in the oval-definitions-schema and
one should refer to the TestType description for more information. The required object element references a ntuser_object
and the optional state element specifies the ntuser
data to check.
|
| passwordpolicy_test |
The password policy test is used to check specific policy associated with passwords. It is important to note that these policies
are specific to certain versions of Windows. As a result, the documentation for that version of Windows should be consulted
for more information. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the
TestType description for more information. The required object element references a passwordpolicy_object and the optional
state element specifies the metadata to check. NOTE: This information is stored in the SAM or Active Directory but is encrypted or hidden so the registry_test and activedirectory57_test
are of no use. If this can be figured out, then the password_policy test is not needed.
|
| peheader_test |
The peheader_test is used to check data from a Portable Executable file header. It extends the standard TestType as defined
in the oval-definitions-schema and one should refer to the TestType description for more information. The required object
element references a peheader_object and the optional state element specifies the metadata to check.
|
| port_test |
The port test is used to check information about the available ports on a Windows system. It extends the standard TestType
as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required
object element references a port_object and the optional state element specifies the port information to check.
|
| printereffectiverights_test |
The printer effective rights test is used to check the effective rights associated with Windows printers. The printereffectiverights_test
element extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description
for more information. The required object element references a printereffectiverights_object and the optional state element
specifies the metadata to check.
|
| process_test |
The process_test is used to check information found in the Windows processes. It extends the standard TestType as defined
in the oval-definitions-schema and one should refer to the TestType description for more information. The required object
element references a process_object and the optional state element references a process_state element that specifies the process
information to check.
|
| process58_test |
The process58_test is used to check information found in the Windows processes. It extends the standard TestType as defined
in the oval-definitions-schema and one should refer to the TestType description for more information. The required object
element references a process58_object and the optional state element references a process58_state element that specifies the
process information to check.
|
| registry_test |
The registry test is used to check metadata associated with Windows registry key. It extends the standard TestType as defined
in the oval-definitions-schema and one should refer to the TestType description for more information. The required object
element references a registry_object and the optional state element specifies the registry data to check.
|
| regkeyauditedpermissions53_test |
The registry key audited permissions test is used to check the audit permissions associated with Windows registry keys. Note
that the trustee's audited permissions are the audit permissons that the SACL grants to the trustee or to any groups of which
the trustee is a member. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to
the TestType description for more information. The required object element references a regkeyauditedpermissions53_object
and the optional state element specifies the metadata to check.
|
| regkeyauditedpermissions_test |
The registry key audited permissions test is used to check the audit permissions associated with Windows registry keys. Note
that the trustee's audited permissions are the audit permissons that the SACL grants to the trustee or to any groups of which
the trustee is a member. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to
the TestType description for more information. The required object element references a regkeyauditedpermissions_object and
the optional state element specifies the metadata to check.
|
| regkeyeffectiverights53_test |
The registry key effective rights test is used to check the effective rights associated with Windows files. Note that the
trustee's effective access rights are the access rights that the DACL grants to the trustee or to any groups of which the
trustee is a member. The regkeyeffectiverights53_test element extends the standard TestType as defined in the oval-definitions-schema
and one should refer to the TestType description for more information. The required object element references a regkeyeffectiverights53_object
and the optional state element specifies the metadata to check.
|
| regkeyeffectiverights_test |
The registry key effective rights test is used to check the effective rights associated with Windows files. Note that the
trustee's effective access rights are the access rights that the DACL grants to the trustee or to any groups of which the
trustee is a member. The regkeyeffectiverights_test element extends the standard TestType as defined in the oval-definitions-schema
and one should refer to the TestType description for more information. The required object element references a regkeyeffectiverights_object
and the optional state element specifies the metadata to check.
|
| service_test |
The service_test is used to check metadata associated with Windows services. It extends the standard TestType as defined in
the oval-definitions-schema and one should refer to the TestType description for more information. The required object element
references a service_object and the optional state elements specify the metadata to check.
|
| serviceeffectiverights_test |
The service effective rights test is used to check the effective rights associated with Windows services. Note that the trustee's
effective access rights are the access rights that the DACL grants to the trustee or to any groups of which the trustee is
a member. The serviceeffectiverights_test element extends the standard TestType as defined in the oval-definitions-schema
and one should refer to the TestType description for more information. The required object element references a serviceeffectiverights_object
and the optional state element specifies the metadata to check.
|
| sharedresource_test |
The shared resource test is used to check properties associated with any shared resource on the system. It extends the standard
TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information.
The required object element references a sharedresource_object and the optional state element specifies the metadata to check.
|
| sharedresourceauditedpermissions_test |
The shared resource audited permissions test is used to check the audit permissions associated with any shared resource on
the system. Note that the trustee's audited permissions are the audit permissons that the SACL grants to the trustee or to
any groups of which the trustee is a member. It extends the standard TestType as defined in the oval-definitions-schema and
one should refer to the TestType description for more information. The required object element references a sharedresourceauditedpermissions_object
and the optional state element specifies the metadata to check.
|
| sharedresourceeffectiverights_test |
The shared resource effective rights test is used to check the effective rights associated with any shared resource on the
system. Note that the trustee's effective access rights are the access rights that the DACL grants to the trustee or to any
groups of which the trustee is a member. It extends the standard TestType as defined in the oval-definitions-schema and one
should refer to the TestType description for more information. The required object element references a sharedresourceeffectiverights_object
and the optional state element specifies the metadata to check.
|
| sid_test |
The SID test is used to check properties associated with the specified SID. It extends the standard TestType as defined in
the oval-definitions-schema and one should refer to the TestType description for more information. The required object element
references a sid_object and the optional state element specifies the metadata to check.
|
| sid_sid_test |
The sid_sid_test is used to check properties associated with the specified SID. It extends the standard TestType as defined
in the oval-definitions-schema and one should refer to the TestType description for more information. The required object
element references a sid_sid_object and the optional state element specifies the metadata to check. Note that this sid_sid test was added in version 5.4 as a temporary fix. There is a need within the community to identify
things like users and groups by both the name and the SID. For version 6 of OVAL, work is underway for a better solution
to the problem, but for now, a second test was added to satisfy the need.
|
| systemmetric_test |
The system metric test is used to check the value of a particular Windows system metric. Access to this information is exposed
by the GetSystemMetrics function in User32.dll.
|
| uac_test |
The user access control test is used to check setting related to User Access Control within Windows. It extends the standard
TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information.
The required object element references a uaac_object and the optional state element specifies the metadata to check.
|
| user_test |
The user_test is used to check information about Windows users. When the user_test collects the users on the system, it should
only include the local and built-in user accounts and not domain user accounts. However, it is important to note that domain
user accounts can still be looked up. Also, note that the collection of groups, for which a user is a member, is not recursive.
The only groups that will be collected are those for which the user is a direct member. For example, if a user is a member
of group A, and group A is a member of group B, the only group that will be collected is group A. It extends the standard
TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information.
The required object element references a user_object and the optional state element specifies the metadata to check.
|
| user_sid55_test |
The user_sid55_test is used to check information about Windows users. When the user_sid55_test collects the user SIDs on the
system, it should only include the local and built-in user SIDs and not domain user SIDs. However, it is important to note
that domain user SIDs can still be looked up. Also, note that the collection of groups, for which a user is a member, is not
recursive. The only groups that will be collected are those for which the user is a direct member. For example, if a user
is a member of group A, and group A is a member of group B, the only group that will be collected is group A. It extends the
standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information.
The required object element references a user_sid55_object and the optional state element specifies the metadata to check.
|
| user_sid_test |
The user_sid_test is used to check information about Windows users. When the user_sid_test collects the user SIDs on the system,
it should only include the local and built-in user SIDs and not domain user SIDs. However, it is important to note that domain
user SIDs can still be looked up. Also, note that the collection of groups, for which a user is a member, is not recursive.
The only groups that will be collected are those for which the user is a direct member. For example, if a user is a member
of group A, and group A is a member of group B, the only group that will be collected is group A. It extends the standard
TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information.
The required object element references a user_sid_object and the optional state element specifies the metadata to check.
|
| userright_test |
The userright_test is used to enumerate all of the SIDs that have been granted a specific user right/privilege. |
| volume_test |
The volume_test is used to check information about different storage volumes found on a Windows system. This includes the
various system flags returned by GetVolumeInformation(). It is important to note that these system flags are specific to certain
versions of Windows. As a result, the documentation for that version of Windows should be consulted for more information.
It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description
for more information. The required object element references a volume_object and the optional state element specifies the
metadata to check.
|
| wmi_test |
The wmi test is used to check information accessed by WMI. It extends the standard TestType as defined in the oval-definitions-schema
and one should refer to the TestType description for more information. The required object element references a wmi_object
and the optional state element specifies the metadata to check.
|
| wmi57_test |
The wmi57 test is used to check information accessed by WMI. It extends the standard TestType as defined in the oval-definitions-schema
and one should refer to the TestType description for more information. The required object element references a wmi57_object
and the optional state element specifies the metadata to check.
|
| wuaupdatesearcher_test |
The wuaupdatesearcher_test is used to evaluate patch level in a Windows environment utilizing the WUA (Windows Update Agent)
interface. It is based on the Search method of the IUpdateSearcher interface found in the WUA API. It extends the standard
TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information.
The required object element references a wuaupdatesearcher_object and the optional state element specifies the metadata to
check. Note that WUA can work off of many different sources including WSUS, update.microsoft.com, and a local cab file. The content
source is specific to a given system evaluating a wuaupdatesearcher_test and thus is not defined by this test. The tool being
used for evaluation should determine what content source is best for the system being assessed and then evaluate this test
based on that selection.
|