Empathy List Archives

oval_developer@lists.cisecurity.org

A list for people interested in developing the OVAL language.

IP Addresses in MacOS InetListeningServers tests

Ulmer, John R CIV USN SPAWARSYSCEN LANT SC (US)

Tue, Aug 23, 2016 4:45 PM

Quick question, maybe.

On Mac OSX, for the inetListeningServer and inetListeningServer510 tests, when parsing the output of the lsof command, OSX shows some IP addresses (local and foreign) as stars (*).

In these cases, what should the item contain? A '*' does not fit in the schema which requires an oval-sc:EntityItemIPAddressStringType.

Ideas?

Thanks,

John R. Ulmer

SPAWAR Systems Center Atlantic

john.r.ulmer6.civ@mail.mil

843.218.5953

...

Quick question, maybe. On Mac OSX, for the inetListeningServer and inetListeningServer510 tests, when parsing the output of the lsof command, OSX shows some IP addresses (local and foreign) as stars (*). In these cases, what should the item contain? A '*' does not fit in the schema which requires an oval-sc:EntityItemIPAddressStringType. Ideas? Thanks, ----------------------------------------- John R. Ulmer SPAWAR Systems Center Atlantic john.r.ulmer6.civ@mail.mil 843.218.5953 ...

David Solin

Thu, Sep 1, 2016 2:06 PM

Actually it does, because EntityItemIPAddressStringType can have a datatype of “string”.

FYI, there was an issue filed pertaining to these two OVAL tests that I recently fixed in the OVAL 5.11.2 branch. See:
https://github.com/OVALProject/Language/issues/77 https://github.com/OVALProject/Language/issues/77
https://github.com/OVALProject/Language/commit/8868668a73c5036dd1290dd036ae5967c614fbec https://github.com/OVALProject/Language/commit/8868668a73c5036dd1290dd036ae5967c614fbec

Best regards,
—David Solin

David A. Solin
Co-Founder, Research & Technology
solin@jovalcm.com mailto:solin@jovalcm.com
http://jovalcm.com/
https://www.facebook.com/jovalcm https://www.linkedin.com/company/joval-continuous-monitoring

On Aug 23, 2016, at 11:45 AM, Ulmer, John R CIV USN SPAWARSYSCEN LANT SC (US) john.r.ulmer6.civ@mail.mil wrote:

Quick question, maybe.

On Mac OSX, for the inetListeningServer and inetListeningServer510 tests, when parsing the output of the lsof command, OSX shows some IP addresses (local and foreign) as stars (*).

In these cases, what should the item contain? A '*' does not fit in the schema which requires an oval-sc:EntityItemIPAddressStringType.

Ideas?

Thanks,

John R. Ulmer
SPAWAR Systems Center Atlantic
john.r.ulmer6.civ@mail.mil mailto:john.r.ulmer6.civ@mail.mil
843.218.5953

...

OVAL_Developer mailing list
OVAL_Developer@lists.cisecurity.org mailto:OVAL_Developer@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org

...

Actually it does, because EntityItemIPAddressStringType can have a datatype of “string”. FYI, there was an issue filed pertaining to these two OVAL tests that I recently fixed in the OVAL 5.11.2 branch. See: https://github.com/OVALProject/Language/issues/77 <https://github.com/OVALProject/Language/issues/77> https://github.com/OVALProject/Language/commit/8868668a73c5036dd1290dd036ae5967c614fbec <https://github.com/OVALProject/Language/commit/8868668a73c5036dd1290dd036ae5967c614fbec> Best regards, —David Solin David A. Solin Co-Founder, Research & Technology solin@jovalcm.com <mailto:solin@jovalcm.com> <http://jovalcm.com/> <https://www.facebook.com/jovalcm> <https://www.linkedin.com/company/joval-continuous-monitoring> > On Aug 23, 2016, at 11:45 AM, Ulmer, John R CIV USN SPAWARSYSCEN LANT SC (US) <john.r.ulmer6.civ@mail.mil> wrote: > > Quick question, maybe. > > On Mac OSX, for the inetListeningServer and inetListeningServer510 tests, when parsing the output of the lsof command, OSX shows some IP addresses (local and foreign) as stars (*). > > In these cases, what should the item contain? A '*' does not fit in the schema which requires an oval-sc:EntityItemIPAddressStringType. > > Ideas? > > Thanks, > ----------------------------------------- > John R. Ulmer > SPAWAR Systems Center Atlantic > john.r.ulmer6.civ@mail.mil <mailto:john.r.ulmer6.civ@mail.mil> > 843.218.5953 > > > ... > _______________________________________________ > OVAL_Developer mailing list > OVAL_Developer@lists.cisecurity.org <mailto:OVAL_Developer@lists.cisecurity.org> > http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org <http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org> ...