Help Please,
We are using a few of the "family" level OVAL patch and vulnerability definition files for Unix from the CISecurity repository.
Ex: https://oval.cisecurity.org/repository/download/5.10/patch/unix.xml
https://oval.cisecurity.org/repository/download/5.11.1/patch/unix.xml
(I believe they are broken in GitHub too)
Unfortunately, at least some of the definitions in there are referencing checks that don't exist further down in the document. This is becoming a pretty major problem for us. Until I can get our new content developers onboarded, can someone please address this?
Thanks,
Dale
Dale Rich, CISSP
DTCC Global Vulnerability Detection & Management
Technology Risk Management (TRM)
Tampa, FL (EST)
(813) 470-2193 | drich1@dtcc.commailto:drich1@dtcc.com
[cid:image002.png@01D11D68.0C217AA0]
Visit us at www.dtcc.comhttp://www.dtcc.com/ or follow us on Twitter @The_DTCC and on LinkedInhttp://www.linkedin.com/company/6915?trk=saber_s000001e_1000.
To learn about career opportunities at DTCC, please visit dtcc.com/careershttp://dtcc.com/careers.
DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
...
Hi Dale,
Using the OVALRepo project (head revision, master branch), I was able to run the following command:
python3 scripts/build_oval_definitions_file.py -o unix-all-vulnerability.xml --family unix --class vulnerability
That generated unix-all-vulnerability.xml, which successfully schema-validates (meaning, nothing is missing; I was able to run it).
So, perhaps there’s something not right with the repository website content generation?
Best regards,
—David Solin
David A. Solin
Co-Founder, Research & Technology
solin@jovalcm.com mailto:solin@jovalcm.com
http://jovalcm.com/
https://www.facebook.com/jovalcm https://www.linkedin.com/company/joval-continuous-monitoring
On Nov 12, 2015, at 3:34 PM, Rich, Dale drich1@dtcc.com wrote:
Help Please,
We are using a few of the “family” level OVAL patch and vulnerability definition files for Unix from the CISecurity repository.
Ex: https://oval.cisecurity.org/repository/download/5.10/patch/unix.xml https://oval.cisecurity.org/repository/download/5.10/patch/unix.xml
https://oval.cisecurity.org/repository/download/5.11.1/patch/unix.xml https://oval.cisecurity.org/repository/download/5.11.1/patch/unix.xml
(I believe they are broken in GitHub too)
Unfortunately, at least some of the definitions in there are referencing checks that don’t exist further down in the document. This is becoming a pretty major problem for us. Until I can get our new content developers onboarded, can someone please address this?
Thanks,
Dale
Dale Rich, CISSP
DTCC Global Vulnerability Detection & Management
Technology Risk Management (TRM)
Tampa, FL (EST)
(813) 470-2193 | drich1@dtcc.com mailto:drich1@dtcc.com
<image002.png>
Visit us at www.dtcc.com http://www.dtcc.com/ or follow us on Twitter @The_DTCC and on LinkedIn http://www.linkedin.com/company/6915?trk=saber_s000001e_1000.
To learn about career opportunities at DTCC, please visit dtcc.com/careers http://dtcc.com/careers.
DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
...
OVAL_Repository mailing list
OVAL_Repository@lists.cisecurity.org mailto:OVAL_Repository@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_repository_lists.cisecurity.org http://lists.cisecurity.org/mailman/listinfo/oval_repository_lists.cisecurity.org
...
Hi David,
Just as another data point, I ran a very similar command (I restricted to 5.10), and ran into a schema validation error (it looks like one element was missing).
Adam
On Nov 13, 2015, at 8:38 AM, David Solin solin@jovalcm.com wrote:
Hi Dale,
Using the OVALRepo project (head revision, master branch), I was able to run the following command:
python3 scripts/build_oval_definitions_file.py -o unix-all-vulnerability.xml --family unix --class vulnerability
That generated unix-all-vulnerability.xml, which successfully schema-validates (meaning, nothing is missing; I was able to run it).
So, perhaps there’s something not right with the repository website content generation?
Best regards,
—David Solin
David A. Solin
Co-Founder, Research & Technology
solin@jovalcm.com mailto:solin@jovalcm.com
http://jovalcm.com/
https://www.facebook.com/jovalcm https://www.linkedin.com/company/joval-continuous-monitoring
On Nov 12, 2015, at 3:34 PM, Rich, Dale <drich1@dtcc.com mailto:drich1@dtcc.com> wrote:
Help Please,
We are using a few of the “family” level OVAL patch and vulnerability definition files for Unix from the CISecurity repository.
Ex: https://oval.cisecurity.org/repository/download/5.10/patch/unix.xml https://oval.cisecurity.org/repository/download/5.10/patch/unix.xml
https://oval.cisecurity.org/repository/download/5.11.1/patch/unix.xml https://oval.cisecurity.org/repository/download/5.11.1/patch/unix.xml
(I believe they are broken in GitHub too)
Unfortunately, at least some of the definitions in there are referencing checks that don’t exist further down in the document. This is becoming a pretty major problem for us. Until I can get our new content developers onboarded, can someone please address this?
Thanks,
Dale
Dale Rich, CISSP
DTCC Global Vulnerability Detection & Management
Technology Risk Management (TRM)
Tampa, FL (EST)
(813) 470-2193 | drich1@dtcc.com mailto:drich1@dtcc.com
<image002.png>
Visit us at www.dtcc.com http://www.dtcc.com/ or follow us on Twitter @The_DTCC and on LinkedIn http://www.linkedin.com/company/6915?trk=saber_s000001e_1000.
To learn about career opportunities at DTCC, please visit dtcc.com/careers http://dtcc.com/careers.
DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
...
OVAL_Repository mailing list
OVAL_Repository@lists.cisecurity.org mailto:OVAL_Repository@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_repository_lists.cisecurity.org http://lists.cisecurity.org/mailman/listinfo/oval_repository_lists.cisecurity.org
...
OVAL_Repository mailing list
OVAL_Repository@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_repository_lists.cisecurity.org
...
Also, I didn’t build vulnerability, but patch, which appears to be what Rich was after.
From: "adam.w.montville@gmail.commailto:adam.w.montville@gmail.com" <adam.w.montville@gmail.commailto:adam.w.montville@gmail.com>
Date: Friday, November 13, 2015 at 8:42 AM
To: David Solin <solin@jovalcm.commailto:solin@jovalcm.com>
Cc: "oval_developer@lists.cisecurity.orgmailto:oval_developer@lists.cisecurity.org" <oval_developer@lists.cisecurity.orgmailto:oval_developer@lists.cisecurity.org>, "oval_repository@lists.cisecurity.orgmailto:oval_repository@lists.cisecurity.org" <oval_repository@lists.cisecurity.orgmailto:oval_repository@lists.cisecurity.org>
Subject: Re: [OVAL REPOSITORY] Problem with the Family OVAL definitions for Unix
Hi David,
Just as another data point, I ran a very similar command (I restricted to 5.10), and ran into a schema validation error (it looks like one element was missing).
Adam
On Nov 13, 2015, at 8:38 AM, David Solin <solin@jovalcm.commailto:solin@jovalcm.com> wrote:
Hi Dale,
Using the OVALRepo project (head revision, master branch), I was able to run the following command:
python3 scripts/build_oval_definitions_file.py -o unix-all-vulnerability.xml --family unix --class vulnerability
That generated unix-all-vulnerability.xml, which successfully schema-validates (meaning, nothing is missing; I was able to run it).
So, perhaps there’s something not right with the repository website content generation?
Best regards,
—David Solin
David A. Solin
Co-Founder, Research & Technology
solin@jovalcm.commailto:solin@jovalcm.com
[Joval Continuous Monitoring]http://jovalcm.com/
[Facebook]https://www.facebook.com/jovalcm[Linkedin]https://www.linkedin.com/company/joval-continuous-monitoring
On Nov 12, 2015, at 3:34 PM, Rich, Dale <drich1@dtcc.commailto:drich1@dtcc.com> wrote:
Help Please,
We are using a few of the “family” level OVAL patch and vulnerability definition files for Unix from the CISecurity repository.
Ex: https://oval.cisecurity.org/repository/download/5.10/patch/unix.xml
https://oval.cisecurity.org/repository/download/5.11.1/patch/unix.xml
(I believe they are broken in GitHub too)
Unfortunately, at least some of the definitions in there are referencing checks that don’t exist further down in the document. This is becoming a pretty major problem for us. Until I can get our new content developers onboarded, can someone please address this?
Thanks,
Dale
Dale Rich, CISSP
DTCC Global Vulnerability Detection & Management
Technology Risk Management (TRM)
Tampa, FL (EST)
(813) 470-2193 | drich1@dtcc.commailto:drich1@dtcc.com
<image002.png>
Visit us at www.dtcc.comhttp://www.dtcc.com/ or follow us on Twitter @The_DTCC and on LinkedInhttp://www.linkedin.com/company/6915?trk=saber_s000001e_1000.
To learn about career opportunities at DTCC, please visit dtcc.com/careershttp://dtcc.com/careers.
DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
...
OVAL_Repository mailing list
OVAL_Repository@lists.cisecurity.orgmailto:OVAL_Repository@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_repository_lists.cisecurity.org
...
OVAL_Repository mailing list
OVAL_Repository@lists.cisecurity.orgmailto:OVAL_Repository@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_repository_lists.cisecurity.org
...
...
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
. . .
...
Adam, you’re absolutely right. When I run build unix patches I get the following validation errors:
Key 'stateKeyRef' with value 'oval:org.cisecurity:ste:2791' not found for identity constraint of element 'oval_definitions'.
Key 'testKeyRef' with value 'oval:org.cisecurity:tst:2211' not found for identity constraint of element 'oval_definitions'.
Key 'extendKeyRef' with value 'oval:org.mitre.oval:def:28919' not found for identity constraint of element 'oval_definitions'.
David A. Solin
Co-Founder, Research & Technology
solin@jovalcm.com mailto:solin@jovalcm.com
http://jovalcm.com/
https://www.facebook.com/jovalcm https://www.linkedin.com/company/joval-continuous-monitoring
On Nov 13, 2015, at 8:49 AM, Adam Montville Adam.Montville@cisecurity.org wrote:
Also, I didn’t build vulnerability, but patch, which appears to be what Rich was after.
From: "adam.w.montville@gmail.com mailto:adam.w.montville@gmail.com" <adam.w.montville@gmail.com mailto:adam.w.montville@gmail.com>
Date: Friday, November 13, 2015 at 8:42 AM
To: David Solin <solin@jovalcm.com mailto:solin@jovalcm.com>
Cc: "oval_developer@lists.cisecurity.org mailto:oval_developer@lists.cisecurity.org" <oval_developer@lists.cisecurity.org mailto:oval_developer@lists.cisecurity.org>, "oval_repository@lists.cisecurity.org mailto:oval_repository@lists.cisecurity.org" <oval_repository@lists.cisecurity.org mailto:oval_repository@lists.cisecurity.org>
Subject: Re: [OVAL REPOSITORY] Problem with the Family OVAL definitions for Unix
Hi David,
Just as another data point, I ran a very similar command (I restricted to 5.10), and ran into a schema validation error (it looks like one element was missing).
Adam
On Nov 13, 2015, at 8:38 AM, David Solin <solin@jovalcm.com mailto:solin@jovalcm.com> wrote:
Hi Dale,
Using the OVALRepo project (head revision, master branch), I was able to run the following command:
python3 scripts/build_oval_definitions_file.py -o unix-all-vulnerability.xml --family unix --class vulnerability
That generated unix-all-vulnerability.xml, which successfully schema-validates (meaning, nothing is missing; I was able to run it).
So, perhaps there’s something not right with the repository website content generation?
Best regards,
—David Solin
David A. Solin
Co-Founder, Research & Technology
solin@jovalcm.com mailto:solin@jovalcm.com
http://jovalcm.com/
https://www.facebook.com/jovalcm https://www.linkedin.com/company/joval-continuous-monitoring
On Nov 12, 2015, at 3:34 PM, Rich, Dale <drich1@dtcc.com mailto:drich1@dtcc.com> wrote:
Help Please,
We are using a few of the “family” level OVAL patch and vulnerability definition files for Unix from the CISecurity repository.
Ex: https://oval.cisecurity.org/repository/download/5.10/patch/unix.xml https://oval.cisecurity.org/repository/download/5.10/patch/unix.xml
https://oval.cisecurity.org/repository/download/5.11.1/patch/unix.xml https://oval.cisecurity.org/repository/download/5.11.1/patch/unix.xml
(I believe they are broken in GitHub too)
Unfortunately, at least some of the definitions in there are referencing checks that don’t exist further down in the document. This is becoming a pretty major problem for us. Until I can get our new content developers onboarded, can someone please address this?
Thanks,
Dale
Dale Rich, CISSP
DTCC Global Vulnerability Detection & Management
Technology Risk Management (TRM)
Tampa, FL (EST)
(813) 470-2193 | drich1@dtcc.com mailto:drich1@dtcc.com
<image002.png>
Visit us at www.dtcc.com http://www.dtcc.com/ or follow us on Twitter @The_DTCC and on LinkedIn http://www.linkedin.com/company/6915?trk=saber_s000001e_1000.
To learn about career opportunities at DTCC, please visit dtcc.com/careers http://dtcc.com/careers.
DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
...
OVAL_Repository mailing list
OVAL_Repository@lists.cisecurity.org mailto:OVAL_Repository@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_repository_lists.cisecurity.org http://lists.cisecurity.org/mailman/listinfo/oval_repository_lists.cisecurity.org
...
...
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
. . .
...