I just noticed that in the independent family test that "macos" is listed, meaning mac OS X is not part of "unix", where as "linux", "solaris", "aix", "hpux" are not listed in in the family test, implying they are all "unix". If Mac OSX is then not "unix", do any of the OVAL "unix" tests apply? (file, uname, process, etc..) I know there are a few that may not apply 100%, but seems like most "unix" tests apply to Mac OS, as much as any other *nix variant. In my view, in order to be consistent, "macos" should be remove from the independent family test, and have it be part of "unix". Thoughts? Jack Vander Pol SPAWAR Systems Center Atlantic ...

Hi Jack, By that logic, should there not be AIX, HP-UX, Linux, or Solaris schemata? The UNIX schema tracks what is in common among the various UNIX-like operating systems, while the other schemata track what diverges. Regards, -- Leland Steinke DISA Cyber Standards (RE71) Support Contractor tapestry technologies, Inc. 717-491-8306 leland.j.steinke.ctr@mail.mil (gov't) lsteinke@tapestrytech.com (com'l) > -----Original Message----- > From: OVAL_Developer [mailto:oval_developer-bounces@lists.cisecurity.org] On Behalf Of Vanderpol, Jack R CIV USN > SPAWARSYSCEN LANT SC (US) > Sent: Wednesday, June 08, 2016 1:16 PM > To: oval_developer@lists.cisecurity.org > Subject: [Non-DoD Source] [OVAL DEVELOPER] Is Mac OS X 'unix'? > > All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links > contained within the message prior to copying and pasting the address to a Web browser. > > > > > ---- > > I just noticed that in the independent family test that "macos" is listed, meaning mac OS X is not part of "unix", where as "linux", > "solaris", "aix", "hpux" are not listed in in the family test, implying they are all "unix". > > If Mac OSX is then not "unix", do any of the OVAL "unix" tests apply? (file, uname, process, etc..) I know there are a few that may not > apply 100%, but seems like most "unix" tests apply to Mac OS, as much as any other *nix variant. > > In my view, in order to be consistent, "macos" should be remove from the independent family test, and have it be part of "unix". > > Thoughts? > > Jack Vander Pol > SPAWAR Systems Center Atlantic > > > ... > > _______________________________________________ > OVAL_Developer mailing list > OVAL_Developer@lists.cisecurity.org > Caution-http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org ...

Leland, I'm not quite following your response, can you rephrase it. All of the OS's you list below have their own schemas in OVAL, as does Mac, I'm just wondering what makes Mac OS unique with regards to the family test, and if that has any correlation to the UNIX tests. I was wondering if 'macos' was part of the family test because of some residual artifact from Mac OS 7/8/9 etc... before OS X, which is (or at least was) based on FreeBSD. Since FreeBSD (or any other UNIX OS) isn't listed in the family test, macos just stands out as anomaly. Sincerely, Jack Vander Pol -----Original Message----- From: Steinke, Leland J Sr CTR DISA DD (US) Sent: Wednesday, June 08, 2016 1:30 PM To: Vanderpol, Jack R CIV USN SPAWARSYSCEN LANT SC (US); oval_developer@lists.cisecurity.org Subject: RE: [Non-DoD Source] [OVAL DEVELOPER] Is Mac OS X 'unix'? Hi Jack, By that logic, should there not be AIX, HP-UX, Linux, or Solaris schemata? The UNIX schema tracks what is in common among the various UNIX-like operating systems, while the other schemata track what diverges. Regards, -- Leland Steinke DISA Cyber Standards (RE71) Support Contractor tapestry technologies, Inc. 717-491-8306 leland.j.steinke.ctr@mail.mil (gov't) lsteinke@tapestrytech.com (com'l) > -----Original Message----- > From: OVAL_Developer > [mailto:oval_developer-bounces@lists.cisecurity.org] On Behalf Of > Vanderpol, Jack R CIV USN SPAWARSYSCEN LANT SC (US) > Sent: Wednesday, June 08, 2016 1:16 PM > To: oval_developer@lists.cisecurity.org > Subject: [Non-DoD Source] [OVAL DEVELOPER] Is Mac OS X 'unix'? > > All active links contained in this email were disabled. Please verify > the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser. > > > > > ---- > > I just noticed that in the independent family test that "macos" is > listed, meaning mac OS X is not part of "unix", where as "linux", "solaris", "aix", "hpux" are not listed in in the family test, implying they are all "unix". > > If Mac OSX is then not "unix", do any of the OVAL "unix" tests apply? (file, uname, process, etc..) I know there are a few that may not > apply 100%, but seems like most "unix" tests apply to Mac OS, as much as any other *nix variant. > > In my view, in order to be consistent, "macos" should be remove from the independent family test, and have it be part of "unix". > > Thoughts? > > Jack Vander Pol > SPAWAR Systems Center Atlantic > > > ... > > _______________________________________________ > OVAL_Developer mailing list > OVAL_Developer@lists.cisecurity.org > Caution-http://lists.cisecurity.org/mailman/listinfo/oval_developer_li > sts.cisecurity.org ...

Jack, D'oh! I should have researched more closely. I see your point. Maybe there should be an "osx" schema in the UNIX family to reflect its FreeBSD heritage. Then again, the rumor mills are indicating that OS X may be renamed back to MacOS. Thanks, Leland > -----Original Message----- > From: Vanderpol, Jack R CIV USN SPAWARSYSCEN LANT SC (US) > Sent: Wednesday, June 08, 2016 2:02 PM > To: Steinke, Leland J Sr CTR DISA DD (US); oval_developer@lists.cisecurity.org > Subject: RE: [Non-DoD Source] [OVAL DEVELOPER] Is Mac OS X 'unix'? > > Leland, > > I'm not quite following your response, can you rephrase it. All of the OS's you list below have their own schemas in OVAL, as does > Mac, I'm just wondering what makes Mac OS unique with regards to the family test, and if that has any correlation to the UNIX tests. > > I was wondering if 'macos' was part of the family test because of some residual artifact from Mac OS 7/8/9 etc... before OS X, which is > (or at least was) based on FreeBSD. Since FreeBSD (or any other UNIX OS) isn't listed in the family test, macos just stands out as > anomaly. > > Sincerely, > Jack Vander Pol > > > -----Original Message----- > From: Steinke, Leland J Sr CTR DISA DD (US) > Sent: Wednesday, June 08, 2016 1:30 PM > To: Vanderpol, Jack R CIV USN SPAWARSYSCEN LANT SC (US); oval_developer@lists.cisecurity.org > Subject: RE: [Non-DoD Source] [OVAL DEVELOPER] Is Mac OS X 'unix'? > > Hi Jack, > > By that logic, should there not be AIX, HP-UX, Linux, or Solaris schemata? The UNIX schema tracks what is in common among the > various UNIX-like operating systems, while the other schemata track what diverges. > > > Regards, > -- > Leland Steinke > DISA Cyber Standards (RE71) Support Contractor tapestry technologies, Inc. > 717-491-8306 > leland.j.steinke.ctr@mail.mil (gov't) > lsteinke@tapestrytech.com (com'l) > > > -----Original Message----- > > From: OVAL_Developer > > [mailto:oval_developer-bounces@lists.cisecurity.org] On Behalf Of > > Vanderpol, Jack R CIV USN SPAWARSYSCEN LANT SC (US) > > Sent: Wednesday, June 08, 2016 1:16 PM > > To: oval_developer@lists.cisecurity.org > > Subject: [Non-DoD Source] [OVAL DEVELOPER] Is Mac OS X 'unix'? > > > > All active links contained in this email were disabled. Please verify > > the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the > address to a Web browser. > > > > > > > > > > ---- > > > > I just noticed that in the independent family test that "macos" is > > listed, meaning mac OS X is not part of "unix", where as "linux", "solaris", "aix", "hpux" are not listed in in the family test, implying > they are all "unix". > > > > If Mac OSX is then not "unix", do any of the OVAL "unix" tests apply? (file, uname, process, etc..) I know there are a few that may > not > > apply 100%, but seems like most "unix" tests apply to Mac OS, as much as any other *nix variant. > > > > In my view, in order to be consistent, "macos" should be remove from the independent family test, and have it be part of "unix". > > > > Thoughts? > > > > Jack Vander Pol > > SPAWAR Systems Center Atlantic > > > > > > ... > > > > _______________________________________________ > > OVAL_Developer mailing list > > OVAL_Developer@lists.cisecurity.org > > Caution-http://lists.cisecurity.org/mailman/listinfo/oval_developer_li > > sts.cisecurity.org ...

Hi Jack, I believe that macos has its own family because MacOS 9 was not Unix-like at all. It would actually be nice if the different Unix flavors had their own family. But I think that ship has sailed long ago, and there’s probably a fair amount of content that leverages the macos family test result. So, I’d just leave things as they are. FWIW, Joval has Mac-specific implementations for most of the Unix schema tests. Best regards, —David A. Solin Co-Founder, Research & Technology solin@jovalcm.com > On Jun 8, 2016, at 1:01 PM, Vanderpol, Jack R CIV USN SPAWARSYSCEN LANT SC (US) <jack.r.vanderpol.civ@mail.mil> wrote: > > Leland, > > I'm not quite following your response, can you rephrase it. All of the OS's you list below have their own schemas in OVAL, as does Mac, I'm just wondering what makes Mac OS unique with regards to the family test, and if that has any correlation to the UNIX tests. > > I was wondering if 'macos' was part of the family test because of some residual artifact from Mac OS 7/8/9 etc... before OS X, which is (or at least was) based on FreeBSD. Since FreeBSD (or any other UNIX OS) isn't listed in the family test, macos just stands out as anomaly. > > Sincerely, > Jack Vander Pol > > > -----Original Message----- > From: Steinke, Leland J Sr CTR DISA DD (US) > Sent: Wednesday, June 08, 2016 1:30 PM > To: Vanderpol, Jack R CIV USN SPAWARSYSCEN LANT SC (US); oval_developer@lists.cisecurity.org > Subject: RE: [Non-DoD Source] [OVAL DEVELOPER] Is Mac OS X 'unix'? > > Hi Jack, > > By that logic, should there not be AIX, HP-UX, Linux, or Solaris schemata? The UNIX schema tracks what is in common among the various UNIX-like operating systems, while the other schemata track what diverges. > > > Regards, > -- > Leland Steinke > DISA Cyber Standards (RE71) Support Contractor tapestry technologies, Inc. > 717-491-8306 > leland.j.steinke.ctr@mail.mil (gov't) > lsteinke@tapestrytech.com (com'l) > >> -----Original Message----- >> From: OVAL_Developer >> [mailto:oval_developer-bounces@lists.cisecurity.org] On Behalf Of >> Vanderpol, Jack R CIV USN SPAWARSYSCEN LANT SC (US) >> Sent: Wednesday, June 08, 2016 1:16 PM >> To: oval_developer@lists.cisecurity.org >> Subject: [Non-DoD Source] [OVAL DEVELOPER] Is Mac OS X 'unix'? >> >> All active links contained in this email were disabled. Please verify >> the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser. >> >> >> >> >> ---- >> >> I just noticed that in the independent family test that "macos" is >> listed, meaning mac OS X is not part of "unix", where as "linux", "solaris", "aix", "hpux" are not listed in in the family test, implying they are all "unix". >> >> If Mac OSX is then not "unix", do any of the OVAL "unix" tests apply? (file, uname, process, etc..) I know there are a few that may not >> apply 100%, but seems like most "unix" tests apply to Mac OS, as much as any other *nix variant. >> >> In my view, in order to be consistent, "macos" should be remove from the independent family test, and have it be part of "unix". >> >> Thoughts? >> >> Jack Vander Pol >> SPAWAR Systems Center Atlantic >> >> >> ... >> >> _______________________________________________ >> OVAL_Developer mailing list >> OVAL_Developer@lists.cisecurity.org >> Caution-http://lists.cisecurity.org/mailman/listinfo/oval_developer_li >> sts.cisecurity.org > > ... > > _______________________________________________ > OVAL_Developer mailing list > OVAL_Developer@lists.cisecurity.org > http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org ...

David, We support most of the UNIX tests in our Mac OS X version of SCC as well, was just surprised when it failed the family test. There is macOS OVAL content? Where? I'd love to see it! I assumed that we could modify the family test and remove "macos" and essentially nothing would be impacted :) If there is privately created mac content that relies on the family test, then I'll reluctantly agree to leave it, although it's technically incorrect, or confusing at best. Sincerely, Jack Vander Pol -----Original Message----- From: David Solin [mailto:solin@jovalcm.com] Sent: Wednesday, June 08, 2016 2:54 PM To: Vanderpol, Jack R CIV USN SPAWARSYSCEN LANT SC (US) Cc: Steinke, Leland J Sr CTR DISA DD (US); oval_developer@lists.cisecurity.org Subject: Re: [OVAL DEVELOPER] [Non-DoD Source] Is Mac OS X 'unix'? All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser. ---- Hi Jack, I believe that macos has its own family because MacOS 9 was not Unix-like at all. It would actually be nice if the different Unix flavors had their own family. But I think that ship has sailed long ago, and there’s probably a fair amount of content that leverages the macos family test result. So, I’d just leave things as they are. FWIW, Joval has Mac-specific implementations for most of the Unix schema tests. Best regards, —David A. Solin Co-Founder, Research & Technology solin@jovalcm.com > On Jun 8, 2016, at 1:01 PM, Vanderpol, Jack R CIV USN SPAWARSYSCEN LANT SC (US) <jack.r.vanderpol.civ@mail.mil> wrote: > > Leland, > > I'm not quite following your response, can you rephrase it. All of the OS's you list below have their own schemas in OVAL, as does Mac, I'm just wondering what makes Mac OS unique with regards to the family test, and if that has any correlation to the UNIX tests. > > I was wondering if 'macos' was part of the family test because of some residual artifact from Mac OS 7/8/9 etc... before OS X, which is (or at least was) based on FreeBSD. Since FreeBSD (or any other UNIX OS) isn't listed in the family test, macos just stands out as anomaly. > > Sincerely, > Jack Vander Pol > > > -----Original Message----- > From: Steinke, Leland J Sr CTR DISA DD (US) > Sent: Wednesday, June 08, 2016 1:30 PM > To: Vanderpol, Jack R CIV USN SPAWARSYSCEN LANT SC (US); > oval_developer@lists.cisecurity.org > Subject: RE: [Non-DoD Source] [OVAL DEVELOPER] Is Mac OS X 'unix'? > > Hi Jack, > > By that logic, should there not be AIX, HP-UX, Linux, or Solaris schemata? The UNIX schema tracks what is in common among the various UNIX-like operating systems, while the other schemata track what diverges. > > > Regards, > -- > Leland Steinke > DISA Cyber Standards (RE71) Support Contractor tapestry technologies, Inc. > 717-491-8306 > leland.j.steinke.ctr@mail.mil (gov't) > lsteinke@tapestrytech.com (com'l) > >> -----Original Message----- >> From: OVAL_Developer >> [Caution-mailto:oval_developer-bounces@lists.cisecurity.org] On >> Behalf Of Vanderpol, Jack R CIV USN SPAWARSYSCEN LANT SC (US) >> Sent: Wednesday, June 08, 2016 1:16 PM >> To: oval_developer@lists.cisecurity.org >> Subject: [Non-DoD Source] [OVAL DEVELOPER] Is Mac OS X 'unix'? >> >> All active links contained in this email were disabled. Please >> verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser. >> >> >> >> >> ---- >> >> I just noticed that in the independent family test that "macos" is >> listed, meaning mac OS X is not part of "unix", where as "linux", "solaris", "aix", "hpux" are not listed in in the family test, implying they are all "unix". >> >> If Mac OSX is then not "unix", do any of the OVAL "unix" tests apply? (file, uname, process, etc..) I know there are a few that may not >> apply 100%, but seems like most "unix" tests apply to Mac OS, as much as any other *nix variant. >> >> In my view, in order to be consistent, "macos" should be remove from the independent family test, and have it be part of "unix". >> >> Thoughts? >> >> Jack Vander Pol >> SPAWAR Systems Center Atlantic >> >> >> ... >> >> _______________________________________________ >> OVAL_Developer mailing list >> OVAL_Developer@lists.cisecurity.org >> Caution-Caution-http://lists.cisecurity.org/mailman/listinfo/oval_dev >> eloper_li >> sts.cisecurity.org > > ... > > _______________________________________________ > OVAL_Developer mailing list > OVAL_Developer@lists.cisecurity.org > Caution-http://lists.cisecurity.org/mailman/listinfo/oval_developer_li > sts.cisecurity.org ...

There are only three definitions in the public repository referencing oval:org.mitre.oval:tst:42186 (the MacOS family_test), but I do know SecPod has a lot of subscription-only MacOSX content. We’ve got some generator code to produce thousands of MacOSX vulnerability definitions — I think all of them actually use that same test. (Send me an email if you want to discuss that project with me.) I suppose we could all switch to using a unix:uname_test to look for “Darwin”, but that would be annoying to have to do on purely theoretical/aesthetic grounds. ;) David A. Solin Co-Founder, Research & Technology solin@jovalcm.com > On Jun 8, 2016, at 2:00 PM, Vanderpol, Jack R CIV USN SPAWARSYSCEN LANT SC (US) <jack.r.vanderpol.civ@mail.mil> wrote: > > David, > > We support most of the UNIX tests in our Mac OS X version of SCC as well, was just surprised when it failed the family test. There is macOS OVAL content? Where? I'd love to see it! I assumed that we could modify the family test and remove "macos" and essentially nothing would be impacted :) > > If there is privately created mac content that relies on the family test, then I'll reluctantly agree to leave it, although it's technically incorrect, or confusing at best. > > Sincerely, > Jack Vander Pol > > > > -----Original Message----- > From: David Solin [mailto:solin@jovalcm.com] > Sent: Wednesday, June 08, 2016 2:54 PM > To: Vanderpol, Jack R CIV USN SPAWARSYSCEN LANT SC (US) > Cc: Steinke, Leland J Sr CTR DISA DD (US); oval_developer@lists.cisecurity.org > Subject: Re: [OVAL DEVELOPER] [Non-DoD Source] Is Mac OS X 'unix'? > > All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser. > > > > > ---- > > Hi Jack, > > I believe that macos has its own family because MacOS 9 was not Unix-like at all. > > It would actually be nice if the different Unix flavors had their own family. But I think that ship has sailed long ago, and there’s probably a fair amount of content that leverages the macos family test result. So, I’d just leave things as they are. > > FWIW, Joval has Mac-specific implementations for most of the Unix schema tests. > > Best regards, > —David A. Solin > Co-Founder, Research & Technology > solin@jovalcm.com > > > > > >> On Jun 8, 2016, at 1:01 PM, Vanderpol, Jack R CIV USN SPAWARSYSCEN LANT SC (US) <jack.r.vanderpol.civ@mail.mil> wrote: >> >> Leland, >> >> I'm not quite following your response, can you rephrase it. All of the OS's you list below have their own schemas in OVAL, as does Mac, I'm just wondering what makes Mac OS unique with regards to the family test, and if that has any correlation to the UNIX tests. >> >> I was wondering if 'macos' was part of the family test because of some residual artifact from Mac OS 7/8/9 etc... before OS X, which is (or at least was) based on FreeBSD. Since FreeBSD (or any other UNIX OS) isn't listed in the family test, macos just stands out as anomaly. >> >> Sincerely, >> Jack Vander Pol >> >> >> -----Original Message----- >> From: Steinke, Leland J Sr CTR DISA DD (US) >> Sent: Wednesday, June 08, 2016 1:30 PM >> To: Vanderpol, Jack R CIV USN SPAWARSYSCEN LANT SC (US); >> oval_developer@lists.cisecurity.org >> Subject: RE: [Non-DoD Source] [OVAL DEVELOPER] Is Mac OS X 'unix'? >> >> Hi Jack, >> >> By that logic, should there not be AIX, HP-UX, Linux, or Solaris schemata? The UNIX schema tracks what is in common among the various UNIX-like operating systems, while the other schemata track what diverges. >> >> >> Regards, >> -- >> Leland Steinke >> DISA Cyber Standards (RE71) Support Contractor tapestry technologies, Inc. >> 717-491-8306 >> leland.j.steinke.ctr@mail.mil (gov't) >> lsteinke@tapestrytech.com (com'l) >> >>> -----Original Message----- >>> From: OVAL_Developer >>> [Caution-mailto:oval_developer-bounces@lists.cisecurity.org] On >>> Behalf Of Vanderpol, Jack R CIV USN SPAWARSYSCEN LANT SC (US) >>> Sent: Wednesday, June 08, 2016 1:16 PM >>> To: oval_developer@lists.cisecurity.org >>> Subject: [Non-DoD Source] [OVAL DEVELOPER] Is Mac OS X 'unix'? >>> >>> All active links contained in this email were disabled. Please >>> verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser. >>> >>> >>> >>> >>> ---- >>> >>> I just noticed that in the independent family test that "macos" is >>> listed, meaning mac OS X is not part of "unix", where as "linux", "solaris", "aix", "hpux" are not listed in in the family test, implying they are all "unix". >>> >>> If Mac OSX is then not "unix", do any of the OVAL "unix" tests apply? (file, uname, process, etc..) I know there are a few that may not >>> apply 100%, but seems like most "unix" tests apply to Mac OS, as much as any other *nix variant. >>> >>> In my view, in order to be consistent, "macos" should be remove from the independent family test, and have it be part of "unix". >>> >>> Thoughts? >>> >>> Jack Vander Pol >>> SPAWAR Systems Center Atlantic >>> >>> >>> ... >>> >>> _______________________________________________ >>> OVAL_Developer mailing list >>> OVAL_Developer@lists.cisecurity.org >>> Caution-Caution-http://lists.cisecurity.org/mailman/listinfo/oval_dev >>> eloper_li >>> sts.cisecurity.org >> >> ... >> >> _______________________________________________ >> OVAL_Developer mailing list >> OVAL_Developer@lists.cisecurity.org >> Caution-http://lists.cisecurity.org/mailman/listinfo/oval_developer_li >> sts.cisecurity.org > ...