Hi Jack, You can get the schemas from Github: https://github.com/joval/jOVAL/blob/master/scap-extensions/schemas/x-windows-definitions-schema.xsd https://github.com/joval/jOVAL/blob/master/scap-extensions/schemas/x-windows-system-characteristics-schema.xsd I pasted the text content below my signature. Best regards, —David A. Solin <?xml version="1.0" encoding="UTF-8"?> <oval_definitions xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#windows windows-definitions-schema.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:x-win-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#x-windows"> <generator> <oval:schema_version>5.11.1</oval:schema_version> <oval:timestamp>2009-01-12T10:41:00-05:00</oval:timestamp> </generator> <definitions> <definition id="oval:org.joval.oval.test:def:140" version="7" class="miscellaneous"> <metadata> <title>Evaluate to true if the x-win-def:file_test is properly supported</title> <description>This definition is intended to evalutate to true if the interpreter properly supports the x-win-def:junction_test.</description> </metadata> <notes> <note>It is important to note that the values used in this test definition are specific to a particular machine, and may not necessarily apply to your system. As a result, in order to have the definition return a result of 'true', you must either change these values to the ones found on your particular system, or you must configure your system to use these values.</note> </notes> <criteria operator="AND"> <criterion comment="Test that a junction_object is supported." test_ref="oval:org.joval.oval.test:tst:1303"/> </criteria> </definition> </definitions> <tests> <x-win-def:junction_test id="oval:org.joval.oval.test:tst:1303" version="1" comment="Test that a file_object with a path is supported." check_existence="at_least_one_exists" check="all"> <x-win-def:object object_ref="oval:org.joval.oval.test:obj:1060"/> </x-win-def:junction_test> </tests> <objects> <registry_object id="oval:org.joval.oval.test:obj:799" version="1" comment="Retrieve the home directory value for every user" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows"> <behaviors recurse_direction="down" max_depth="1"/> <hive>HKEY_LOCAL_MACHINE</hive> <key>SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList</key> <name>ProfileImagePath</name> </registry_object> <x-win-def:junction_object id="oval:org.joval.oval.test:obj:1060" version="1" comment="Retrieve junction items with path equals '%USERPROFILE%\Start Menu'."> <x-win-def:path var_ref="oval:org.joval.oval.test:var:800" var_check="at least one"/> </x-win-def:junction_object> </objects> <variables> <local_variable id="oval:org.joval.oval.test:var:799" version="1" comment="This variable represents all the user home directories." datatype="string"> <object_component object_ref="oval:org.joval.oval.test:obj:799" item_field="value"/> </local_variable> <local_variable id="oval:org.joval.oval.test:var:800" version="1" comment="The 'Start Menu' directory for every user." datatype="string"> <concat> <variable_component var_ref="oval:org.joval.oval.test:var:799"/> <literal_component>\Start Menu</literal_component> </concat> </local_variable> </variables> </oval_definitions> > On Mar 14, 2016, at 7:51 AM, Vanderpol, Jack R CIV USN SPAWARSYSCEN LANT SC (US) <jack.r.vanderpol.civ@mail.mil> wrote: > > Thanks David, unfortunately the DOD prevents all .xml file attachments. Do we have a place on github (or some other online resource) that we could use for sharing data and archiving for future reference? > > Sincerely, > Jack Vander Pol > > > BLOCKED FILE ALERT > > A file has been blocked due to the 'Level 1 File Types' rule. > Context: 'win-def_junction_test.xml' > Disallowed due to filename > Ticket Number: '0d24-56e0-8b80-0001' > See your system administrator for further information. Copyright 1999-2013 McAfee, Inc.All Rights Reserved.http://www.mcafee.com > > > -----Original Message----- > From: OVAL_Developer [mailto:oval_developer-bounces@lists.cisecurity.org] On Behalf Of David Solin > Sent: Wednesday, March 09, 2016 3:44 PM > To: oval_developer@lists.cisecurity.org > Subject: [Non-DoD Source] [OVAL DEVELOPER] Proposal: x-win-def:junction_test > > All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser. > > ________________________________ > > > Hi Everyone, > > I’m working on a new test for Windows junctions (similar to Unix symlinks) that’s analogous to the unix-def:symlink_test. Please see the attached schema and test content. > > I’d also like to add a @recurse attribute to win-def:FileBehaviors, with the options “directories”, “junctions and directories”, “junctions” (default of “directories”). > > Any questions, comments, or thoughts? > > Thanks, > —David Solin > > > David A. Solin > Co-Founder, Research & Technology > solin@jovalcm.com < Caution-mailto:solin@jovalcm.com > > > [Joval Continuous Monitoring] < Caution-http://jovalcm.com > > > [Facebook] < Caution-https://www.facebook.com/jovalcm > [Linkedin] < Caution-https://www.linkedin.com/company/joval-continuous-monitoring > ...