Help Please, We are using a few of the "family" level OVAL patch and vulnerability definition files for Unix from the CISecurity repository. Ex: https://oval.cisecurity.org/repository/download/5.10/patch/unix.xml https://oval.cisecurity.org/repository/download/5.11.1/patch/unix.xml (I believe they are broken in GitHub too) Unfortunately, at least some of the definitions in there are referencing checks that don't exist further down in the document. This is becoming a pretty major problem for us. Until I can get our new content developers onboarded, can someone please address this? Thanks, Dale DTCC Non-Confidential (White) --------------------------------------------------- Dale Rich, CISSP DTCC Global Vulnerability Detection & Management Technology Risk Management (TRM) Tampa, FL (EST) (813) 470-2193 | drich1@dtcc.com<mailto:drich1@dtcc.com> [cid:image002.png@01D11D68.0C217AA0] Visit us at www.dtcc.com<http://www.dtcc.com/> or follow us on Twitter @The_DTCC and on LinkedIn<http://www.linkedin.com/company/6915?trk=saber_s000001e_1000>. To learn about career opportunities at DTCC, please visit dtcc.com/careers<http://dtcc.com/careers>. DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. ...

Hi Dale, Using the OVALRepo project (head revision, master branch), I was able to run the following command: python3 scripts/build_oval_definitions_file.py -o unix-all-vulnerability.xml --family unix --class vulnerability That generated unix-all-vulnerability.xml, which successfully schema-validates (meaning, nothing is missing; I was able to run it). So, perhaps there’s something not right with the repository website content generation? Best regards, —David Solin David A. Solin Co-Founder, Research & Technology solin@jovalcm.com <mailto:solin@jovalcm.com> <http://jovalcm.com/> <https://www.facebook.com/jovalcm> <https://www.linkedin.com/company/joval-continuous-monitoring> > On Nov 12, 2015, at 3:34 PM, Rich, Dale <drich1@dtcc.com> wrote: > > Help Please, > > We are using a few of the “family” level OVAL patch and vulnerability definition files for Unix from the CISecurity repository. > Ex: https://oval.cisecurity.org/repository/download/5.10/patch/unix.xml <https://oval.cisecurity.org/repository/download/5.10/patch/unix.xml> > https://oval.cisecurity.org/repository/download/5.11.1/patch/unix.xml <https://oval.cisecurity.org/repository/download/5.11.1/patch/unix.xml> > (I believe they are broken in GitHub too) > > Unfortunately, at least some of the definitions in there are referencing checks that don’t exist further down in the document. This is becoming a pretty major problem for us. Until I can get our new content developers onboarded, can someone please address this? > > > Thanks, > Dale > > DTCC Non-Confidential (White) > --------------------------------------------------- > Dale Rich, CISSP > DTCC Global Vulnerability Detection & Management > Technology Risk Management (TRM) > Tampa, FL (EST) > (813) 470-2193 | drich1@dtcc.com <mailto:drich1@dtcc.com> > > <image002.png> > > Visit us at www.dtcc.com <http://www.dtcc.com/> or follow us on Twitter @The_DTCC and on LinkedIn <http://www.linkedin.com/company/6915?trk=saber_s000001e_1000>. > To learn about career opportunities at DTCC, please visit dtcc.com/careers <http://dtcc.com/careers>. > > > > DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. > ... > _______________________________________________ > OVAL_Repository mailing list > OVAL_Repository@lists.cisecurity.org <mailto:OVAL_Repository@lists.cisecurity.org> > http://lists.cisecurity.org/mailman/listinfo/oval_repository_lists.cisecurity.org <http://lists.cisecurity.org/mailman/listinfo/oval_repository_lists.cisecurity.org> ...

Hi David, Just as another data point, I ran a very similar command (I restricted to 5.10), and ran into a schema validation error (it looks like one element was missing). Adam > On Nov 13, 2015, at 8:38 AM, David Solin <solin@jovalcm.com> wrote: > > Hi Dale, > > Using the OVALRepo project (head revision, master branch), I was able to run the following command: > > python3 scripts/build_oval_definitions_file.py -o unix-all-vulnerability.xml --family unix --class vulnerability > > That generated unix-all-vulnerability.xml, which successfully schema-validates (meaning, nothing is missing; I was able to run it). > > So, perhaps there’s something not right with the repository website content generation? > > Best regards, > —David Solin > > David A. Solin > Co-Founder, Research & Technology > solin@jovalcm.com <mailto:solin@jovalcm.com> > <http://jovalcm.com/> > <https://www.facebook.com/jovalcm> <https://www.linkedin.com/company/joval-continuous-monitoring> > >> On Nov 12, 2015, at 3:34 PM, Rich, Dale <drich1@dtcc.com <mailto:drich1@dtcc.com>> wrote: >> >> Help Please, >> >> We are using a few of the “family” level OVAL patch and vulnerability definition files for Unix from the CISecurity repository. >> Ex: https://oval.cisecurity.org/repository/download/5.10/patch/unix.xml <https://oval.cisecurity.org/repository/download/5.10/patch/unix.xml> >> https://oval.cisecurity.org/repository/download/5.11.1/patch/unix.xml <https://oval.cisecurity.org/repository/download/5.11.1/patch/unix.xml> >> (I believe they are broken in GitHub too) >> >> Unfortunately, at least some of the definitions in there are referencing checks that don’t exist further down in the document. This is becoming a pretty major problem for us. Until I can get our new content developers onboarded, can someone please address this? >> >> >> Thanks, >> Dale >> >> DTCC Non-Confidential (White) >> --------------------------------------------------- >> Dale Rich, CISSP >> DTCC Global Vulnerability Detection & Management >> Technology Risk Management (TRM) >> Tampa, FL (EST) >> (813) 470-2193 | drich1@dtcc.com <mailto:drich1@dtcc.com> >> >> <image002.png> >> >> Visit us at www.dtcc.com <http://www.dtcc.com/> or follow us on Twitter @The_DTCC and on LinkedIn <http://www.linkedin.com/company/6915?trk=saber_s000001e_1000>. >> To learn about career opportunities at DTCC, please visit dtcc.com/careers <http://dtcc.com/careers>. >> >> >> >> DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. >> ... >> _______________________________________________ >> OVAL_Repository mailing list >> OVAL_Repository@lists.cisecurity.org <mailto:OVAL_Repository@lists.cisecurity.org> >> http://lists.cisecurity.org/mailman/listinfo/oval_repository_lists.cisecurity.org <http://lists.cisecurity.org/mailman/listinfo/oval_repository_lists.cisecurity.org> > > ... > _______________________________________________ > OVAL_Repository mailing list > OVAL_Repository@lists.cisecurity.org > http://lists.cisecurity.org/mailman/listinfo/oval_repository_lists.cisecurity.org ...

Also, I didn’t build vulnerability, but patch, which appears to be what Rich was after. From: "adam.w.montville@gmail.com<mailto:adam.w.montville@gmail.com>" <adam.w.montville@gmail.com<mailto:adam.w.montville@gmail.com>> Date: Friday, November 13, 2015 at 8:42 AM To: David Solin <solin@jovalcm.com<mailto:solin@jovalcm.com>> Cc: "oval_developer@lists.cisecurity.org<mailto:oval_developer@lists.cisecurity.org>" <oval_developer@lists.cisecurity.org<mailto:oval_developer@lists.cisecurity.org>>, "oval_repository@lists.cisecurity.org<mailto:oval_repository@lists.cisecurity.org>" <oval_repository@lists.cisecurity.org<mailto:oval_repository@lists.cisecurity.org>> Subject: Re: [OVAL REPOSITORY] Problem with the Family OVAL definitions for Unix Hi David, Just as another data point, I ran a very similar command (I restricted to 5.10), and ran into a schema validation error (it looks like one element was missing). Adam On Nov 13, 2015, at 8:38 AM, David Solin <solin@jovalcm.com<mailto:solin@jovalcm.com>> wrote: Hi Dale, Using the OVALRepo project (head revision, master branch), I was able to run the following command: python3 scripts/build_oval_definitions_file.py -o unix-all-vulnerability.xml --family unix --class vulnerability That generated unix-all-vulnerability.xml, which successfully schema-validates (meaning, nothing is missing; I was able to run it). So, perhaps there’s something not right with the repository website content generation? Best regards, —David Solin David A. Solin Co-Founder, Research & Technology solin@jovalcm.com<mailto:solin@jovalcm.com> [Joval Continuous Monitoring]<http://jovalcm.com/> [Facebook]<https://www.facebook.com/jovalcm>[Linkedin]<https://www.linkedin.com/company/joval-continuous-monitoring> On Nov 12, 2015, at 3:34 PM, Rich, Dale <drich1@dtcc.com<mailto:drich1@dtcc.com>> wrote: Help Please, We are using a few of the “family” level OVAL patch and vulnerability definition files for Unix from the CISecurity repository. Ex: https://oval.cisecurity.org/repository/download/5.10/patch/unix.xml https://oval.cisecurity.org/repository/download/5.11.1/patch/unix.xml (I believe they are broken in GitHub too) Unfortunately, at least some of the definitions in there are referencing checks that don’t exist further down in the document. This is becoming a pretty major problem for us. Until I can get our new content developers onboarded, can someone please address this? Thanks, Dale DTCC Non-Confidential (White) --------------------------------------------------- Dale Rich, CISSP DTCC Global Vulnerability Detection & Management Technology Risk Management (TRM) Tampa, FL (EST) (813) 470-2193 | drich1@dtcc.com<mailto:drich1@dtcc.com> <image002.png> Visit us at www.dtcc.com<http://www.dtcc.com/> or follow us on Twitter @The_DTCC and on LinkedIn<http://www.linkedin.com/company/6915?trk=saber_s000001e_1000>. To learn about career opportunities at DTCC, please visit dtcc.com/careers<http://dtcc.com/careers>. DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. ... _______________________________________________ OVAL_Repository mailing list OVAL_Repository@lists.cisecurity.org<mailto:OVAL_Repository@lists.cisecurity.org> http://lists.cisecurity.org/mailman/listinfo/oval_repository_lists.cisecurity.org ... _______________________________________________ OVAL_Repository mailing list OVAL_Repository@lists.cisecurity.org<mailto:OVAL_Repository@lists.cisecurity.org> http://lists.cisecurity.org/mailman/listinfo/oval_repository_lists.cisecurity.org ... ... This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments. . . . ...

Adam, you’re absolutely right. When I run build unix patches I get the following validation errors: Key 'stateKeyRef' with value 'oval:org.cisecurity:ste:2791' not found for identity constraint of element 'oval_definitions'. Key 'testKeyRef' with value 'oval:org.cisecurity:tst:2211' not found for identity constraint of element 'oval_definitions'. Key 'extendKeyRef' with value 'oval:org.mitre.oval:def:28919' not found for identity constraint of element 'oval_definitions'. David A. Solin Co-Founder, Research & Technology solin@jovalcm.com <mailto:solin@jovalcm.com> <http://jovalcm.com/> <https://www.facebook.com/jovalcm> <https://www.linkedin.com/company/joval-continuous-monitoring> > On Nov 13, 2015, at 8:49 AM, Adam Montville <Adam.Montville@cisecurity.org> wrote: > > Also, I didn’t build vulnerability, but patch, which appears to be what Rich was after. > > From: "adam.w.montville@gmail.com <mailto:adam.w.montville@gmail.com>" <adam.w.montville@gmail.com <mailto:adam.w.montville@gmail.com>> > Date: Friday, November 13, 2015 at 8:42 AM > To: David Solin <solin@jovalcm.com <mailto:solin@jovalcm.com>> > Cc: "oval_developer@lists.cisecurity.org <mailto:oval_developer@lists.cisecurity.org>" <oval_developer@lists.cisecurity.org <mailto:oval_developer@lists.cisecurity.org>>, "oval_repository@lists.cisecurity.org <mailto:oval_repository@lists.cisecurity.org>" <oval_repository@lists.cisecurity.org <mailto:oval_repository@lists.cisecurity.org>> > Subject: Re: [OVAL REPOSITORY] Problem with the Family OVAL definitions for Unix > > Hi David, > > Just as another data point, I ran a very similar command (I restricted to 5.10), and ran into a schema validation error (it looks like one element was missing). > > Adam > >> On Nov 13, 2015, at 8:38 AM, David Solin <solin@jovalcm.com <mailto:solin@jovalcm.com>> wrote: >> >> Hi Dale, >> >> Using the OVALRepo project (head revision, master branch), I was able to run the following command: >> >> python3 scripts/build_oval_definitions_file.py -o unix-all-vulnerability.xml --family unix --class vulnerability >> >> That generated unix-all-vulnerability.xml, which successfully schema-validates (meaning, nothing is missing; I was able to run it). >> >> So, perhaps there’s something not right with the repository website content generation? >> >> Best regards, >> —David Solin >> >> David A. Solin >> Co-Founder, Research & Technology >> solin@jovalcm.com <mailto:solin@jovalcm.com> >> <http://jovalcm.com/> >> <https://www.facebook.com/jovalcm> <https://www.linkedin.com/company/joval-continuous-monitoring> >> >>> On Nov 12, 2015, at 3:34 PM, Rich, Dale <drich1@dtcc.com <mailto:drich1@dtcc.com>> wrote: >>> >>> Help Please, >>> >>> We are using a few of the “family” level OVAL patch and vulnerability definition files for Unix from the CISecurity repository. >>> Ex: https://oval.cisecurity.org/repository/download/5.10/patch/unix.xml <https://oval.cisecurity.org/repository/download/5.10/patch/unix.xml> >>> https://oval.cisecurity.org/repository/download/5.11.1/patch/unix.xml <https://oval.cisecurity.org/repository/download/5.11.1/patch/unix.xml> >>> (I believe they are broken in GitHub too) >>> >>> Unfortunately, at least some of the definitions in there are referencing checks that don’t exist further down in the document. This is becoming a pretty major problem for us. Until I can get our new content developers onboarded, can someone please address this? >>> >>> >>> Thanks, >>> Dale >>> >>> DTCC Non-Confidential (White) >>> --------------------------------------------------- >>> Dale Rich, CISSP >>> DTCC Global Vulnerability Detection & Management >>> Technology Risk Management (TRM) >>> Tampa, FL (EST) >>> (813) 470-2193 | drich1@dtcc.com <mailto:drich1@dtcc.com> >>> >>> <image002.png> >>> >>> Visit us at www.dtcc.com <http://www.dtcc.com/> or follow us on Twitter @The_DTCC and on LinkedIn <http://www.linkedin.com/company/6915?trk=saber_s000001e_1000>. >>> To learn about career opportunities at DTCC, please visit dtcc.com/careers <http://dtcc.com/careers>. >>> >>> >>> >>> DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. >>> ... >>> _______________________________________________ >>> OVAL_Repository mailing list >>> OVAL_Repository@lists.cisecurity.org <mailto:OVAL_Repository@lists.cisecurity.org> >>> http://lists.cisecurity.org/mailman/listinfo/oval_repository_lists.cisecurity.org <http://lists.cisecurity.org/mailman/listinfo/oval_repository_lists.cisecurity.org> >> >> ... >> _______________________________________________ >> OVAL_Repository mailing list >> OVAL_Repository@lists.cisecurity.org <mailto:OVAL_Repository@lists.cisecurity.org> >> http://lists.cisecurity.org/mailman/listinfo/oval_repository_lists.cisecurity.org <http://lists.cisecurity.org/mailman/listinfo/oval_repository_lists.cisecurity.org> > > > ... > > ... > This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments. > . . . ...