The following is a description of the elements, types, and attributes that compose the UNIX specific system characteristic items found in Open Vulnerability and Assessment Language (OVAL). Each item is an extension of the standard item element defined in the Core System Characteristic Schema. Through extension, each item inherits a set of elements and attributes that are shared amongst all OVAL Items. Each item is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core System Characteristic Schema is not outlined here.
The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
The dnscache_item stores information retrieved from the DNS cache about a domain name, its time to live, and its corresponding IP addresses.
Extends: oval-sc:ItemType
Child Elements Type MinOccurs MaxOccurs domain_name oval-sc:EntityItemStringType 0 1 The domain_name element contains a string that represents a domain name that was collected from the DNS cache on the local system. ttl oval-sc:EntityItemIntType 0 1 The ttl element contains an integer that represents the time to live in seconds of the DNS cache entry. ip_address oval-sc:EntityItemIPAddressStringType 0 unbounded The ip_address element contains a string that represents an IP address associated with the specified domain name. Note that the IP address can be IPv4 or IPv6.
The file item holds information about the individual files found on a system. Each file item contains path and filename information as well as its type, associated user and group ids, relevant dates, and the privialeges granted. It extends the standard ItemType as defined in the oval-system-characteristics schema and one should refer to the ItemType description for more information.
Extends: oval-sc:ItemType
Child Elements Type MinOccurs MaxOccurs filepath oval-sc:EntityItemStringType 0 1 The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath. path oval-sc:EntityItemStringType 0 1 The path element specifies the directory component of the absolute path to a file on the machine. filename oval-sc:EntityItemStringType 0 1 The name of the file. If the xsi:nil attribute is set to true, then the item being represented is the higher directory represented by the path entity. type oval-sc:EntityItemStringType 0 1 This is the file's type: regular file (regular), directory, named pipe (fifo), symbolic link, socket or block special. group_id oval-sc:EntityItemIntType 0 1 This is the group owner of the file, by group number. user_id oval-sc:EntityItemIntType 0 1 The numeric user id, or uid, is the third column of each user's entry in /etc/passwd. This element represents the owner of the file. a_time oval-sc:EntityItemIntType 0 1 This is the time that the file was last accessed, in seconds since the Unix epoch. The Unix epoch is the time 00:00:00 UTC on January 1, 1970. c_time oval-sc:EntityItemIntType 0 1 This is the time of the last change to the file's inode, in seconds since the Unix epoch. The Unix epoch is the time 00:00:00 UTC on January 1, 1970. An inode is a Unix data structure that stores all of the information about a particular file. m_time oval-sc:EntityItemIntType 0 1 This is the time of the last change to the file's contents, in seconds since the Unix epoch. The Unix epoch is the time 00:00:00 UTC on January 1, 1970. size oval-sc:EntityItemIntType 0 1 This is the size of the file in bytes. suid oval-sc:EntityItemBoolType 0 1 Does the program run with the uid (thus privileges) of the file's owner, rather than the calling user? sgid oval-sc:EntityItemBoolType 0 1 Does the program run with the gid (thus privileges) of the file's group owner, rather than the calling user's group? sticky oval-sc:EntityItemBoolType 0 1 Can users delete each other's files in this directory, when said directory is writable by those users? uread oval-sc:EntityItemBoolType 0 1 Can the owner (user owner) of the file read this file or, if a directory, read the directory contents? uwrite oval-sc:EntityItemBoolType 0 1 Can the owner (user owner) of the file write to this file or, if a directory, write to the directory? uexec oval-sc:EntityItemBoolType 0 1 Can the owner (user owner) of the file execute it or, if a directory, change into the directory? gread oval-sc:EntityItemBoolType 0 1 Can the group owner of the file read this file or, if a directory, read the directory contents? gwrite oval-sc:EntityItemBoolType 0 1 Can the group owner of the file write to this file, or if a directory, write to the directory? gexec oval-sc:EntityItemBoolType 0 1 Can the group owner of the file execute it or, if a directory, change into the directory? oread oval-sc:EntityItemBoolType 0 1 Can all other users read this file or, if a directory, read the directory contents? owrite oval-sc:EntityItemBoolType 0 1 Can the other users write to this file, or if a directory, write to the directory? oexec oval-sc:EntityItemBoolType 0 1 Can the other users execute this file or, if a directory, change into the directory? has_extended_acl oval-sc:EntityItemBoolType 0 1 Does the file or directory have ACL permissions applied to it? If the file or directory doesn't have an ACL, or it matches the standard UNIX permissions, the value will be 'false'. Otherwise, if a file or directory has an ACL, the value will be 'true'. If the system does not support ACLs, the status will be 'does not exist' and if the system supports ACLs, the status will be 'exists'.
The file extended attribute item holds information about the individual file extended attributes found on a system. Each file extended attribute item contains path, filename, and attribute name information as well as the attribute's value. It extends the standard ItemType as defined in the oval-system-characteristics schema and one should refer to the ItemType description for more information.
Extends: oval-sc:ItemType
Child Elements Type MinOccurs MaxOccurs filepath oval-sc:EntityItemStringType 0 1 The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath. path oval-sc:EntityItemStringType 0 1 The path element specifies the directory component of the absolute path to a file on the machine. filename oval-sc:EntityItemStringType 0 1 The name of the file. If the xsi:nil attribute is set to true, then the item being represented is the higher directory represented by the path entity. attribute_name oval-sc:EntityItemStringType 0 1 This is the extended attribute's name, identifier or key. value oval-sc:EntityItemAnySimpleType 0 1 This is the extended attribute's value or contents.
The gconf_item holds information about an individual GConf preference key found on a system. Each gconf_item contains a preference key, source, type, whether it's writable, the user who last modified it, the time it was last modified, whether it's the default value, as well as the preference key's value. It extends the standard ItemType as defined in the oval-system-characteristics schema and one should refer to the ItemType description for more information.
Extends: oval-sc:ItemType
Child Elements Type MinOccurs MaxOccurs key oval-sc:EntityItemStringType 0 1 The preference key to check. source oval-sc:EntityItemStringType 0 1 The source used to look up the preference key. type unix-sc:EntityItemGconfTypeType 0 1 The type of the preference key. is_writable oval-sc:EntityItemBoolType 0 1 Is the preference key writable? If true, the preference key is writable. If false, the preference key is not writable. mod_user oval-sc:EntityItemStringType 0 1 The user who last modified the preference key. mod_time oval-sc:EntityItemIntType 0 1 The time the preference key was last modified in seconds since the Unix epoch. The Unix epoch is the time 00:00:00 UTC on January 1, 1970. is_default oval-sc:EntityItemBoolType 0 1 Is the preference key value the default value. If true, the preference key value is the default value. If false, the preference key value is not the default value. value oval-sc:EntityItemAnySimpleType 0 unbounded The value of the preference key.
The inetd item holds information associated with different Internet services. It extends the standard ItemType as defined in the oval-system-characteristics schema and one should refer to the ItemType description for more information.
Extends: oval-sc:ItemType
Child Elements Type MinOccurs MaxOccurs protocol oval-sc:EntityItemStringType 0 1 A recognized protocol listed in the file /etc/inet/protocols. service_name oval-sc:EntityItemStringType 0 1 The name of a valid service listed in the services file. For RPC services, the value of the service-name field consists of the RPC service name or program number, followed by a '/' (slash) and either a version number or a range of version numbers (for example, rstatd/2-4). server_program oval-sc:EntityItemStringType 0 1 Either the pathname of a server program to be invoked by inetd to perform the requested service, or the value internal if inetd itself provides the service. server_arguments oval-sc:EntityItemStringType 0 1 endpoint_type unix-sc:EntityItemEndpointType 0 1 exec_as_user oval-sc:EntityItemStringType 0 1 wait_status unix-sc:EntityItemWaitStatusType 0 1 This field has values wait or nowait. This entry specifies whether the server that is invoked by inetd will take over the listening socket associated with the service, and whether once launched, inetd will wait for that server to exit, if ever, before it resumes listening for new service requests.
The interface item holds information about the interfaces on a system. Each interface item contains name and address information as well as any associated flags. It extends the standard ItemType as defined in the oval-system-characteristics schema and one should refer to the ItemType description for more information.
Extends: oval-sc:ItemType
Child Elements Type MinOccurs MaxOccurs name oval-sc:EntityItemStringType 0 1 The name entity is the actual name of the specific interface. Examples might be eth0, eth1, fwo, etc. type unix-sc:EntityItemInterfaceType 0 1 This element specifies the type of interface. hardware_addr oval-sc:EntityItemStringType 0 1 The hardware_addr entity is the hardware or MAC address of the physical network card. MAC addresses should be formatted according to the IEEE 802-2001 standard which states that a MAC address is a sequence of six octet values, separated by hyphens, where each octet is represented by two hexadecimal digits. Uppercase letters should also be used to represent the hexadecimal digits A through F. inet_addr oval-sc:EntityItemIPAddressStringType 0 1 The inet_addr entity is the IP address of the specific interface. Note that the IP address can be IPv4 or IPv6. If the IP address is an IPv6 address, this entity should be expressed as an IPv6 address prefix using CIDR notation and the netmask entity should not be collected. broadcast_addr oval-sc:EntityItemIPAddressStringType 0 1 The broadcast_addr entity is the broadcast IP address for this interface's network. Note that the IP address can be IPv4 or IPv6. netmask oval-sc:EntityItemIPAddressStringType 0 1 This is the bitmask used to calculate the interface's IP network. The network number is calculated by bitwise-ANDing this with the IP address. The host number on that network is calculated by bitwise-XORing this with the IP address. Note that if the inet_addr entity contains an IPv6 address prefix, this entity should not be collected. flag oval-sc:EntityItemStringType 0 unbounded This is the interface flag line, which generally contains flags like "UP" to denote an active interface, "PROMISC" to note that the interface is listening for Ethernet frames not specifically addressed to it, and others.
/etc/passwd. See passwd(4).
Extends: oval-sc:ItemType
Child Elements Type MinOccurs MaxOccurs username oval-sc:EntityItemStringType 0 1 This is the name of the user for which data was gathered. password oval-sc:EntityItemStringType 0 1 This is the encrypted version of the user's password. user_id oval-sc:EntityItemIntType 0 1 The numeric user id, or uid, is the third column of each user's entry in /etc/passwd. This element represents the owner of the file. group_id oval-sc:EntityItemIntType 0 1 This is the group owner of the file, by group number. gcos oval-sc:EntityItemStringType 0 1 home_dir oval-sc:EntityItemStringType 0 1 login_shell oval-sc:EntityItemStringType 0 1
Deprecated As Of Version: 5.8 Reason: The process_item has been deprecated and replaced by the process58_item. The entity 'command' was changed to 'command_line' in the process58_item to accurately describe what information is collected. Please see the process58_item for additional information. |
Output of /usr/bin/ps. See ps(1).
Extends: oval-sc:ItemType
Child Elements Type MinOccurs MaxOccurs command oval-sc:EntityItemStringType 0 1 This specifies the command/program name about which data has has been collected. exec_time oval-sc:EntityItemStringType 0 1 This is the cumulative CPU time, formatted in [DD-]HH:MM:SS where DD is the number of days when execution time is 24 hours or more. pid oval-sc:EntityItemIntType 0 1 This is the process ID of the process. ppid oval-sc:EntityItemIntType 0 1 This is the process ID of the process's parent process. priority oval-sc:EntityItemIntType 0 1 This is the scheduling priority with which the process runs. This can be adjusted with the nice command or nice() system call. ruid oval-sc:EntityItemIntType 0 1 This is the real user id which represents the user who has created the process. scheduling_class oval-sc:EntityItemStringType 0 1 A platform specific characteristic maintained by the scheduler: RT (real-time), TS (timeshare), FF (fifo), SYS (system), etc. start_time oval-sc:EntityItemStringType 0 1 This is the time of day the process started formatted in HH:MM:SS if the same day the process started or formatted as MMM_DD (Ex.: Feb_5) if process started the previous day or further in the past. tty oval-sc:EntityItemStringType 0 1 This is the TTY on which the process was started, if applicable. user_id oval-sc:EntityItemIntType 0 1 This is the effective user id which represents the actual privileges of the process.
Output of /usr/bin/ps. See ps(1).
Extends: oval-sc:ItemType
Child Elements Type MinOccurs MaxOccurs command_line oval-sc:EntityItemStringType 0 1 This is the string used to start the process. This includes any parameters that are part of the command line. exec_time oval-sc:EntityItemStringType 0 1 This is the cumulative CPU time, formatted in [DD-]HH:MM:SS where DD is the number of days when execution time is 24 hours or more. pid oval-sc:EntityItemIntType 0 1 This is the process ID of the process. ppid oval-sc:EntityItemIntType 0 1 This is the process ID of the process's parent process. priority oval-sc:EntityItemIntType 0 1 This is the scheduling priority with which the process runs. This can be adjusted with the nice command or nice() system call. ruid oval-sc:EntityItemIntType 0 1 This is the real user id which represents the user who has created the process. scheduling_class oval-sc:EntityItemStringType 0 1 A platform specific characteristic maintained by the scheduler: RT (real-time), TS (timeshare), FF (fifo), SYS (system), etc. start_time oval-sc:EntityItemStringType 0 1 This is the time of day the process started formatted in HH:MM:SS if the same day the process started or formatted as MMM_DD (Ex.: Feb_5) if process started the previous day or further in the past. tty oval-sc:EntityItemStringType 0 1 This is the TTY on which the process was started, if applicable. user_id oval-sc:EntityItemIntType 0 1 This is the effective user id which represents the actual privileges of the process. exec_shield oval-sc:EntityItemBoolType 0 1 A boolean that when true would indicates that ExecShield is enabled for the process. loginuid oval-sc:EntityItemIntType 0 1 The loginuid shows which account a user gained access to the system with. The /proc/XXXX/loginuid shows this value. posix_capability unix-sc:EntityItemCapabilityType 0 unbounded An effective capability associated with the process. See linux/include/linux/capability.h for more information. selinux_domain_label oval-sc:EntityItemStringType 0 unbounded An selinux domain label associated with the process. session_id oval-sc:EntityItemIntType 0 1 The session ID of the process.
The routingtable_item holds information about an individual routing table entry found in a system's primary routing table. Each routingtable_item contains a destination IP address, gateway, netmask, flags, and the name of the interface associated with it. It is important to note that only numerical addresses will be collected and that their symbolic representations will not be resolved. This equivalent to using the '-n' option with route(8) or netstat(8). It extends the standard ItemType as defined in the oval-system-characteristics schema and one should refer to the ItemType description for more information.
Extends: oval-sc:ItemType
Child Elements Type MinOccurs MaxOccurs destination oval-sc:EntityItemIPAddressType 0 1 The destination IP address prefix of the routing table entry. This is the destination IP address and netmask/prefix-length expressed using CIDR notation. gateway oval-sc:EntityItemIPAddressType 0 1 The gateway of the specified routing table entry. flags unix-sc:EntityItemRoutingTableFlagsType 0 unbounded The flags associated with the specified routing table entry. interface_name oval-sc:EntityItemStringType 0 1 The name of the interface associated with the routing table entry.
The runlevel item holds information about the start or kill state of a specified service at a given runlevel. Each runlevel item contains service_name and runlevel information as well as start and kill information. It extends the standard ItemType as defined in the oval-system-characteristics schema and one should refer to the ItemType description for more information.
Extends: oval-sc:ItemType
Child Elements Type MinOccurs MaxOccurs service_name oval-sc:EntityItemStringType 0 1 The service_name entity is the actual name of the specific service. runlevel oval-sc:EntityItemStringType 0 1 The runlevel entity specifies is the runlevel the system is currently at. start oval-sc:EntityItemBoolType 0 1 The start entity specifies whether the service is scheduled to start at the current runlevel. kill oval-sc:EntityItemBoolType 0 1 The kill entity specifies whether the service is scheduled to be killed at the current runlevel.
Extends: oval-sc:ItemType
Child Elements Type MinOccurs MaxOccurs filepath oval-sc:EntityItemStringType 0 1 Specifies the absolute path to an SCCS file. A directory cannot be specified as a filepath. path oval-sc:EntityItemStringType 0 1 The path element specifies the directory component of the absolute path to an SCCS file. filename oval-sc:EntityItemStringType 0 1 The name of an SCCS file. module_name oval-sc:EntityItemStringType 0 1 module_type oval-sc:EntityItemStringType 0 1 release oval-sc:EntityItemStringType 0 1 level oval-sc:EntityItemStringType 0 1 branch oval-sc:EntityItemStringType 0 1 sequence oval-sc:EntityItemStringType 0 1 what_string oval-sc:EntityItemStringType 0 1
/etc/shadow. See shadow(4).
Extends: oval-sc:ItemType
Child Elements Type MinOccurs MaxOccurs username oval-sc:EntityItemStringType 0 1 This is the name of the user for which data was gathered. password oval-sc:EntityItemStringType 0 1 This is the encrypted version of the user's password. chg_lst oval-sc:EntityItemIntType 0 1 This is the date of the last password change in days since 1/1/1970. chg_allow oval-sc:EntityItemIntType 0 1 This specifies how often in days a user may change their password. It can also be thought of as the minimum age of a password. chg_req oval-sc:EntityItemIntType 0 1 This describes how long a user can keep a password before the system forces her to change it. exp_warn oval-sc:EntityItemIntType 0 1 This describes how long before password expiration the system begins warning the user. The system will warn the user at each login. exp_inact oval-sc:EntityItemIntType 0 1 This describes how many days of account inactivity the system will wait after a password expires before locking the account? This window, usually only set to a few days, gives users who are logging in very seldomly a bit of extra time to receive the password expiration warning and change their password. exp_date oval-sc:EntityItemIntType 0 1 This specifies when will the account's password expire, in days since 1/1/1970. flag oval-sc:EntityItemStringType 0 1 This is a reserved field that the shadow file may use in the future. encrypt_method unix-sc:EntityItemEncryptMethodType 0 1 The encrypt_method entity describes method that is used for hashing passwords.
The sysctl_item stores information retrieved from the local system about a kernel parameter and its respective value(s).
Extends: oval-sc:ItemType
Child Elements Type MinOccurs MaxOccurs name oval-sc:EntityItemStringType 0 1 The name element contains a string that represents the name of a kernel parameter that was collected from the local system. value oval-sc:EntityItemAnySimpleType 0 1 The value element contains a string that represents the current value(s) for the specified kernel parameter on the local system.
Information about the hardware the machine is running on. This information is the parsed equivalent of uname -a.
Extends: oval-sc:ItemType
Child Elements Type MinOccurs MaxOccurs machine_class oval-sc:EntityItemStringType 0 1 This entity specifies the machine hardware name. This corresponds to the command uname -m. node_name oval-sc:EntityItemStringType 0 1 This entity specifies the host name. This corresponds to the command uname -n. os_name oval-sc:EntityItemStringType 0 1 This entity specifies the operating system name. This corresponds to the command uname -s. os_release oval-sc:EntityItemStringType 0 1 This entity specifies the build version. This corresponds to the command uname -r. os_version oval-sc:EntityItemStringType 0 1 This entity specifies the operating system version. This corresponds to the command uname -v. processor_type oval-sc:EntityItemStringType 0 1 This entity specifies the processor type. This corresponds to the command uname -p.
The xinetd item holds information associated with different Internet services. It extends the standard ItemType as defined in the oval-system-characteristics schema and one should refer to the ItemType description for more information.
Extends: oval-sc:ItemType
Child Elements Type MinOccurs MaxOccurs protocol oval-sc:EntityItemStringType 0 1 The protocol entity describes the protocol related to the service item. service_name oval-sc:EntityItemStringType 0 1 The service_name entity describes the name of the service. flags oval-sc:EntityItemStringType 0 unbounded The flags entity describes miscellaneous settings like TCP keepalives or libwrap deactivation. no_access oval-sc:EntityItemStringType 0 unbounded only_from oval-sc:EntityItemIPAddressStringType 0 unbounded The only_from entity describes specifies an exclusive set of IP addresses that may connect to this service port oval-sc:EntityItemIntType 0 1 server oval-sc:EntityItemStringType 0 1 what program listens on this port server_arguments oval-sc:EntityItemStringType 0 1 socket_type oval-sc:EntityItemStringType 0 1 type unix-sc:EntityItemXinetdTypeStatusType 0 1 user oval-sc:EntityItemStringType 0 1 The user entity describes user that xinetd should run the service as. wait oval-sc:EntityItemBoolType 0 1 The wait entity describes whether the service allows only one connection at a time. disabled oval-sc:EntityItemBoolType 0 1 The disabled entity describes whether this service is on or not.
The EntityItemCapabilityType complex type restricts a string value to a specific set of values that describe POSIX capability types associated with a process service. This list is based off the values defined in linux/include/linux/capability.h. Documentation on each allowed value can be found in capability.h. The empty string is also allowed to support empty elements associated with error conditions.
Restricts: oval-sc:EntityItemStringType
Value Description CAP_CHOWN
CAP_DAC_OVERRIDE
CAP_DAC_READ_SEARCH
CAP_FOWNER
CAP_FSETID
CAP_KILL
CAP_SETGID
CAP_SETUID
CAP_SETPCAP
CAP_LINUX_IMMUTABLE
CAP_NET_BIND_SERVICE
CAP_NET_BROADCAST
CAP_NET_ADMIN
CAP_NET_RAW
CAP_IPC_LOCK
CAP_IPC_OWNER
CAP_SYS_MODULE
CAP_SYS_RAWIO
CAP_SYS_CHROOT
CAP_SYS_PTRACE
CAP_SYS_ADMIN
CAP_SYS_BOOT
CAP_SYS_NICE
CAP_SYS_RESOURCE
CAP_SYS_TIME
CAP_SYS_TTY_CONFIG
CAP_MKNOD
CAP_LEASE
CAP_AUDIT_WRITE
CAP_AUDIT_CONTROL
CAP_SETFCAP
CAP_MAC_OVERRIDE
CAP_MAC_ADMIN
The empty string value is permitted here to allow for empty elements associated with variable references.
The EntityItemEndpointType complex type restricts a string value to a specific set of values that describe endpoint types associated with an Internet service. The empty string is also allowed to support empty elements associated with error conditions.
Restricts: oval-sc:EntityItemStringType
Value Description stream
The stream value is used to describe a stream socket.
dgram
The dgram value is used to describe a datagram socket.
raw
The raw value is used to describe a raw socket.
seqpacket
The seqpacket value is used to describe a sequenced packet socket.
tli
The tli value is used to describe all TLI endpoints.
The empty string value is permitted here to allow for detailed error reporting.
The EntityItemGconfTypeType complex type restricts a string value to the seven values GCONF_VALUE_STRING, GCONF_VALUE_INT, GCONF_VALUE_FLOAT, GCONF_VALUE_BOOL, GCONF_VALUE_SCHEMA, GCONF_VALUE_LIST, and GCONF_VALUE_PAIR that specify the type of the value associated with a GConf preference key. The empty string is also allowed to support empty elements associated with error conditions.
Restricts: oval-sc:EntityItemStringType
Value Description GCONF_VALUE_STRING
The GCONF_VALUE_STRING type is used to describe a preference key that has a string value.
GCONF_VALUE_INT
The GCONF_VALUE_INT type is used to describe a preference key that has a integer value.
GCONF_VALUE_FLOAT
The GCONF_VALUE_FLOAT type is used to describe a preference key that has a float value.
GCONF_VALUE_BOOL
The GCONF_VALUE_BOOL type is used to describe a preference key that has a boolean value.
GCONF_VALUE_SCHEMA
The GCONF_VALUE_SCHEMA type is used to describe a preference key that has a schema value. The actual value will be the default value as specified in the GConf schema.
GCONF_VALUE_LIST
The GCONF_VALUE_LIST type is used to describe a preference key that has a list of values. The actual values will be one of the primitive GConf datatypes GCONF_VALUE_STRING, GCONF_VALUE_INT, GCONF_VALUE_FLOAT, GCONF_VALUE_BOOL, and GCONF_VALUE_SCHEMA. Note that all of the values associated with a GCONF_VALUE_LIST are required to have the same type.
GCONF_VALUE_PAIR
The GCONF_VALUE_PAIR type is used to describe a preference key that has a pair of values. The actual values will consist of the primitive GConf datatypes GCONF_VALUE_STRING, GCONF_VALUE_INT, GCONF_VALUE_FLOAT, GCONF_VALUE_BOOL, and GCONF_VALUE_SCHEMA. Note that the values associated with a GCONF_VALUE_PAIR are not required to have the same type.
The empty string value is permitted here to allow for detailed error reporting.
The EntityItemRoutingTableFlagsType complex type restricts a string value to a specific set of values that describe the flags associated with a routing table entry. This list is based off the values defined in the man pages of various platforms. For Linux, please see route(8). For Solaris, please see netstat(1M). For HP-UX, please see netstat(1). For Mac OS, please see netstat(1). For FreeBSD, please see netstat(1). Documentation on each allowed value can be found in the previously listed man pages. The empty string is also allowed to support empty elements associated with error conditions.
Restricts: oval-sc:EntityItemStringType
Value Description UP
GATEWAY
HOST
REINSTATE
DYNAMIC
MODIFIED
ADDRCONF
CACHE
REJECT
REDUNDANT
SETSRC
BROADCAST
LOCAL
PROTOCOL_1
PROTOCOL_2
PROTOCOL_3
BLACK_HOLE
CLONING
PROTOCOL_CLONING
INTERFACE_SCOPE
LINK_LAYER
MULTICAST
STATIC
WAS_CLONED
XRESOLVE
The empty string value is permitted here to allow for detailed error reporting.
The following table is a mapping between the generic flag enumeration values and the actual flag values found on the various platforms. If the flag value is not specified, for a particular generic flag enumeration value, the flag value is not defined for that platform.
Name Linux Solaris HPUX Mac OS FreeBSD UP U U U U U GATEWAY G G G G G HOST H H H H H REINSTATE R DYNAMIC D D D D MODIFIED M M M ADDRCONF A A CACHE C REJECT ! R R REDUNDANT M SETSRC S BROADCAST B b b LOCAL L PROTOCOL_1 1 1 PROTOCOL_2 2 2 PROTOCOL_3 3 3 BLACK_HOLE B B CLONING C C PROTOCOL_CLONING c c INTERFACE_SCOPE I LINK_LAYER L L MULTICAST m STATIC S S WAS_CLONED W W XRESOLVE X X
The EntityItemXinetdTypeStatusType complex type restricts a string value to five values, either RPC, INTERNAL, UNLISTED, TCPMUX, or TCPMUXPLUS that specify the type of service registered in xinetd. The empty string is also allowed to support empty elements associated with error conditions.
Restricts: oval-sc:EntityItemStringType
Value Description INTERNAL
The INTERNAL type is used to describe services like echo, chargen, and others whose functionality is supplied by xinetd itself.
RPC
The RPC type is used to describe services that use remote procedure call ala NFS.
UNLISTED
The UNLISTED type is used to describe services that aren't listed in /etc/protocols or /etc/rpc.
TCPMUX
The TCPMUX type is used to describe services that conform to RFC 1078. This type indiciates that the service is responsible for handling the protocol handshake.
TCPMUXPLUS
The TCPMUXPLUS type is used to describe services that conform to RFC 1078. This type indicates that xinetd is responsible for handling the protocol handshake.
The empty string value is permitted here to allow for detailed error reporting.
The EntityItemWaitStatusType complex type restricts a string value to two values, either wait or nowait, that specify whether the server that is invoked by inetd will take over the listening socket associated with the service, and whether once launched, inetd will wait for that server to exit, if ever, before it resumes listening for new service requests. The empty string is also allowed to support empty elements associated with error conditions.
Restricts: oval-sc:EntityItemStringType
Value Description wait
The value of 'wait' specifies that the server that is invoked by inetd will take over the listening socket associated with the service, and once launched, inetd will wait for that server to exit, if ever, before it resumes listening for new service requests.
nowait
The value of 'nowait' specifies that the server that is invoked by inetd will not wait for any existing server to finish before taking over the listening socket associated with the service.
The empty string value is permitted here to allow for detailed error reporting.
The EntityItemEncryptMethodType complex type restricts a string value to a set that corresponds to the allowed encrypt methods used for protected passwords in a shadow file. The empty string is also allowed to support empty elements associated with error conditions.
Restricts: oval-sc:EntityItemStringType
Value Description DES
The DES method corresponds to the (none) prefix.
BSDi
The BSDi method corresponds to BSDi modified DES or the '_' prefix.
MD5
The MD5 method corresponds to MD5 for Linux/BSD or the $1$ prefix.
Blowfish
The Blowfish method corresponds to Blowfish (OpenBSD) or the $2$ or $2a$ prefixes.
Sun MD5
The Sun MD5 method corresponds to the $md5$ prefix.
SHA-256
The SHA-256 method corresponds to the $5$ prefix.
SHA-512
The SHA-512 method corresponds to the $6$ prefix.
The empty string value is permitted here to allow for empty elements associated with variable references.
The EntityItemInterfaceType complex type restricts a string value to a specific set of values. These values describe the different interface types which are defined in 'if_arp.h'. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
Restricts: oval-sc:EntityItemStringType
Value Description ARPHRD_ETHER
The ARPHRD_ETHER type is used to describe ethernet interfaces.
ARPHRD_FDDI
The ARPHRD_FDDI type is used to describe fiber distributed data interfaces (FDDI).
ARPHRD_LOOPBACK
The ARPHRD_LOOPBACK type is used to describe loopback interfaces.
ARPHRD_VOID
The ARPHRD_VOID type is used to describe unknown interfaces.
ARPHRD_PPP
The ARPHRD_PPP type is used to describe point-to-point protocol interfaces (PPP).
ARPHRD_SLIP
The ARPHRD_SLIP type is used to describe serial line internet protocol interfaces (SLIP).
ARPHRD_PRONET
The ARPHRD_PRONET type is used to describe PROnet token ring interfaces.
The empty string value is permitted here to allow for detailed error reporting.