oval_developer@lists.cisecurity.org
A list for people interested in developing the OVAL language.
View all threadsCisco IOS <router_test> question(s)
OVAL developers,
I am taking a bit of a closer look at the Cisco IOS <router_test> and am needing some help. The <router_object> defines the <id> element, which is noted as an "int", however, in some of my configurations for the various routers and protocols, I am seeing router sections configured as:
router eigrp foo
and
router rip
alongside others which seem to match the "int" definition of the <id> field:
router ospf 1
and
router bgp 1
My question then becomes, what do we collect in the first cases? For the "router eigrp foo" case, I cannot collect "foo" as the <id> for obvious reasons. For the "router rip" case, would the <id> be marked as "does not exist"? If there's the potential to not have an <id> element collected in the system characteristics, how can that be defined in the <router_object>, since a value for <id> is required in the object. Is the "xsi:nil" allowed in this case? How would I create the <router_object> to collect "router rip"?
Does the schema need to change to allow either a "string" or and "int" value for the <id> field?
Thanks for any comments!
Cheers,
-Bill M
Bill Munyan
Technical Product Executive; Security Controls & Automation
31 Tech Valley Drive
East Greenbush, NY 12061
william.munyan@cisecurity.orgmailto:william.munyan@cisecurity.org
518 880-0690
518 466-1160 (cell)
[CIS_WEB_Logo_Type_RGB_Flat]https://www.cisecurity.org/
[CIS Email Icons 01_23-02] https://www.facebook.com/CenterforIntSec [CIS Email Icons 01_23-03] https://twitter.com/CISecurity [CIS Email Icons 01_23-04] https://www.youtube.com/user/TheCISecurity [CIS Email Icons 01_23-05] https://www.linkedin.com/company/the-center-for-internet-security
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
Hi Bill,
I think when updating the Cisco schemata we indeed were focusing on router process ids used in the config (like BGP, EIGRP etc that you showed). We didn't pay attention to instances like rip or pseudonames for eigrp. I don't think these configs are used often, but someone that wants to be able to collect such system characteristics would indeed need a schema update.
Rgs,
Panos
From: OVAL_Developer [mailto:oval_developer-bounces@lists.cisecurity.org] On Behalf Of William Munyan
Sent: Friday, December 01, 2017 9:44 AM
To: oval_developer@lists.cisecurity.org
Subject: [OVAL DEVELOPER] Cisco IOS <router_test> question(s)
OVAL developers,
I am taking a bit of a closer look at the Cisco IOS <router_test> and am needing some help. The <router_object> defines the <id> element, which is noted as an "int", however, in some of my configurations for the various routers and protocols, I am seeing router sections configured as:
router eigrp foo
and
router rip
alongside others which seem to match the "int" definition of the <id> field:
router ospf 1
and
router bgp 1
My question then becomes, what do we collect in the first cases? For the "router eigrp foo" case, I cannot collect "foo" as the <id> for obvious reasons. For the "router rip" case, would the <id> be marked as "does not exist"? If there's the potential to not have an <id> element collected in the system characteristics, how can that be defined in the <router_object>, since a value for <id> is required in the object. Is the "xsi:nil" allowed in this case? How would I create the <router_object> to collect "router rip"?
Does the schema need to change to allow either a "string" or and "int" value for the <id> field?
Thanks for any comments!
Cheers,
-Bill M
Bill Munyan
Technical Product Executive; Security Controls & Automation
31 Tech Valley Drive
East Greenbush, NY 12061
william.munyan@cisecurity.orgmailto:william.munyan@cisecurity.org
518 880-0690
518 466-1160 (cell)
[CIS_WEB_Logo_Type_RGB_Flat]https://www.cisecurity.org/
[CIS Email Icons 01_23-02] https://protect-us.mimecast.com/s/O5JXBwUg3Z8c2?domain=facebook.com [CIS Email Icons 01_23-03] https://protect-us.mimecast.com/s/9XN9B0fGz7QFR?domain=twitter.com [CIS Email Icons 01_23-04] https://protect-us.mimecast.com/s/lNpeBgUEAJ9F2?domain=youtube.com [CIS Email Icons 01_23-05] https://protect-us.mimecast.com/s/zN8gBwUpVz0cv?domain=linkedin.com
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
Hi Bill,
I think when updating the Cisco schemata we indeed were focusing on router process ids used in the config (like BGP, EIGRP etc that you showed). We didn't pay attention to instances like rip or pseudonames for eigrp. I don't think these configs are used often, but someone that wants to be able to collect such system characteristics would indeed need a schema update.
Rgs,
Panos
From: OVAL_Developer [mailto:oval_developer-bounces@lists.cisecurity.org] On Behalf Of William Munyan
Sent: Friday, December 01, 2017 9:44 AM
To: oval_developer@lists.cisecurity.org
Subject: [OVAL DEVELOPER] Cisco IOS <router_test> question(s)
OVAL developers,
I am taking a bit of a closer look at the Cisco IOS <router_test> and am needing some help. The <router_object> defines the <id> element, which is noted as an "int", however, in some of my configurations for the various routers and protocols, I am seeing router sections configured as:
router eigrp foo
and
router rip
alongside others which seem to match the "int" definition of the <id> field:
router ospf 1
and
router bgp 1
My question then becomes, what do we collect in the first cases? For the "router eigrp foo" case, I cannot collect "foo" as the <id> for obvious reasons. For the "router rip" case, would the <id> be marked as "does not exist"? If there's the potential to not have an <id> element collected in the system characteristics, how can that be defined in the <router_object>, since a value for <id> is required in the object. Is the "xsi:nil" allowed in this case? How would I create the <router_object> to collect "router rip"?
Does the schema need to change to allow either a "string" or and "int" value for the <id> field?
Thanks for any comments!
Cheers,
-Bill M
Bill Munyan
Technical Product Executive; Security Controls & Automation
31 Tech Valley Drive
East Greenbush, NY 12061
william.munyan@cisecurity.orgmailto:william.munyan@cisecurity.org
518 880-0690
518 466-1160 (cell)
[CIS_WEB_Logo_Type_RGB_Flat]https://www.cisecurity.org/
[CIS Email Icons 01_23-02] https://protect-us.mimecast.com/s/3RvDBzfA152hw?domain=facebook.com [CIS Email Icons 01_23-03] https://protect-us.mimecast.com/s/qO52BxuRDxXiz?domain=twitter.com [CIS Email Icons 01_23-04] https://protect-us.mimecast.com/s/4QN8BZiLpg2IW?domain=youtube.com [CIS Email Icons 01_23-05] https://protect-us.mimecast.com/s/dqpZB0SEXQRIQ?domain=linkedin.com
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
Hi Bill,
I think when updating the Cisco schemata we indeed were focusing on router process ids used in the config (like BGP, EIGRP etc that you showed). We didn't pay attention to instances like rip or pseudonames for eigrp. I don't think these configs are used often, but someone that wants to be able to collect such system characteristics would indeed need a schema update.
Rgs,
Panos
From: OVAL_Developer [mailto:oval_developer-bounces@lists.cisecurity.org] On Behalf Of William Munyan
Sent: Friday, December 01, 2017 9:44 AM
To: oval_developer@lists.cisecurity.org
Subject: [OVAL DEVELOPER] Cisco IOS <router_test> question(s)
OVAL developers,
I am taking a bit of a closer look at the Cisco IOS <router_test> and am needing some help. The <router_object> defines the <id> element, which is noted as an "int", however, in some of my configurations for the various routers and protocols, I am seeing router sections configured as:
router eigrp foo
and
router rip
alongside others which seem to match the "int" definition of the <id> field:
router ospf 1
and
router bgp 1
My question then becomes, what do we collect in the first cases? For the "router eigrp foo" case, I cannot collect "foo" as the <id> for obvious reasons. For the "router rip" case, would the <id> be marked as "does not exist"? If there's the potential to not have an <id> element collected in the system characteristics, how can that be defined in the <router_object>, since a value for <id> is required in the object. Is the "xsi:nil" allowed in this case? How would I create the <router_object> to collect "router rip"?
Does the schema need to change to allow either a "string" or and "int" value for the <id> field?
Thanks for any comments!
Cheers,
-Bill M
Bill Munyan
Technical Product Executive; Security Controls & Automation
31 Tech Valley Drive
East Greenbush, NY 12061
william.munyan@cisecurity.orgmailto:william.munyan@cisecurity.org
518 880-0690
518 466-1160 (cell)
[CIS_WEB_Logo_Type_RGB_Flat]https://www.cisecurity.org/
[CIS Email Icons 01_23-02] https://protect-us.mimecast.com/s/qO52BxuRDxZu9?domain=facebook.com [CIS Email Icons 01_23-03] https://protect-us.mimecast.com/s/4QN8BZiLpgQHg?domain=twitter.com [CIS Email Icons 01_23-04] https://protect-us.mimecast.com/s/dqpZB0SEXQqHm?domain=youtube.com [CIS Email Icons 01_23-05] https://protect-us.mimecast.com/s/DzeKBdIQD06HE?domain=linkedin.com
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
Bill, do you want to add an issue to OVALProject/Language to make the router_object/id entity nillable? I think that would address the flaw.
—David Solin
On Dec 4, 2017, at 11:34 AM, Panos Kampanakis (pkampana) pkampana@cisco.com wrote:
Hi Bill,
I think when updating the Cisco schemata we indeed were focusing on router process ids used in the config (like BGP, EIGRP etc that you showed). We didn’t pay attention to instances like rip or pseudonames for eigrp. I don’t think these configs are used often, but someone that wants to be able to collect such system characteristics would indeed need a schema update.
Rgs,
Panos
From: OVAL_Developer [mailto:oval_developer-bounces@lists.cisecurity.org mailto:oval_developer-bounces@lists.cisecurity.org] On Behalf Of William Munyan
Sent: Friday, December 01, 2017 9:44 AM
To: oval_developer@lists.cisecurity.org mailto:oval_developer@lists.cisecurity.org
Subject: [OVAL DEVELOPER] Cisco IOS <router_test> question(s)
OVAL developers,
I am taking a bit of a closer look at the Cisco IOS <router_test> and am needing some help. The <router_object> defines the <id> element, which is noted as an “int”, however, in some of my configurations for the various routers and protocols, I am seeing router sections configured as:
router eigrp foo
and
router rip
alongside others which seem to match the “int” definition of the <id> field:
router ospf 1
and
router bgp 1
My question then becomes, what do we collect in the first cases? For the “router eigrp foo” case, I cannot collect “foo” as the <id> for obvious reasons. For the “router rip” case, would the <id> be marked as “does not exist”? If there’s the potential to not have an <id> element collected in the system characteristics, how can that be defined in the<router_object>, since a value for <id> is required in the object. Is the “xsi:nil” allowed in this case? How would I create the <router_object> to collect “router rip”?
Does the schema need to change to allow either a “string” or and “int” value for the <id> field?
Thanks for any comments!
Cheers,
-Bill M
Bill Munyan
Technical Product Executive; Security Controls & Automation
31 Tech Valley Drive
East Greenbush, NY 12061
william.munyan@cisecurity.org mailto:william.munyan@cisecurity.org
518 880-0690
518 466-1160 (cell)
<image001.png> https://www.cisecurity.org/
<image002.png> https://protect-us.mimecast.com/s/7GXMBYfVOv1Fk?domain=facebook.com <image003.png> https://protect-us.mimecast.com/s/EJReB8uxnDec1?domain=twitter.com <image004.png> https://protect-us.mimecast.com/s/RKg5BJU3JmKcW?domain=youtube.com <image005.png> https://protect-us.mimecast.com/s/vlqXBpTp5rJTl?domain=linkedin.com
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
OVAL_Developer mailing list
OVAL_Developer@lists.cisecurity.org mailto:OVAL_Developer@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
Done. https://github.com/OVALProject/Language/issues/298
Cheers,
-Bill M.
From: David Solin [mailto:solin@jovalcm.com]
Sent: Tuesday, December 5, 2017 4:22 PM
To: Panos Kampanakis pkampana@cisco.com; William Munyan William.Munyan@cisecurity.org
Cc: oval_developer@lists.cisecurity.org
Subject: Re: [OVAL DEVELOPER] Cisco IOS <router_test> question(s)
Bill, do you want to add an issue to OVALProject/Language to make the router_object/id entity nillable? I think that would address the flaw.
—David Solin
On Dec 4, 2017, at 11:34 AM, Panos Kampanakis (pkampana) <pkampana@cisco.commailto:pkampana@cisco.com> wrote:
Hi Bill,
I think when updating the Cisco schemata we indeed were focusing on router process ids used in the config (like BGP, EIGRP etc that you showed). We didn’t pay attention to instances like rip or pseudonames for eigrp. I don’t think these configs are used often, but someone that wants to be able to collect such system characteristics would indeed need a schema update.
Rgs,
Panos
From: OVAL_Developer [mailto:oval_developer-bounces@lists.cisecurity.org] On Behalf Of William Munyan
Sent: Friday, December 01, 2017 9:44 AM
To: oval_developer@lists.cisecurity.orgmailto:oval_developer@lists.cisecurity.org
Subject: [OVAL DEVELOPER] Cisco IOS <router_test> question(s)
OVAL developers,
I am taking a bit of a closer look at the Cisco IOS <router_test> and am needing some help. The <router_object> defines the <id> element, which is noted as an “int”, however, in some of my configurations for the various routers and protocols, I am seeing router sections configured as:
router eigrp foo
and
router rip
alongside others which seem to match the “int” definition of the <id> field:
router ospf 1
and
router bgp 1
My question then becomes, what do we collect in the first cases? For the “router eigrp foo” case, I cannot collect “foo” as the <id> for obvious reasons. For the “router rip” case, would the <id> be marked as “does not exist”? If there’s the potential to not have an <id> element collected in the system characteristics, how can that be defined in the<router_object>, since a value for <id> is required in the object. Is the “xsi:nil” allowed in this case? How would I create the <router_object> to collect “router rip”?
Does the schema need to change to allow either a “string” or and “int” value for the <id> field?
Thanks for any comments!
Cheers,
-Bill M
Bill Munyan
Technical Product Executive; Security Controls & Automation
31 Tech Valley Drive
East Greenbush, NY 12061
william.munyan@cisecurity.orgmailto:william.munyan@cisecurity.org
518 880-0690
518 466-1160 (cell)
<image001.png>https://www.cisecurity.org/
<image002.png>https://www.facebook.com/CenterforIntSec <image003.png>https://twitter.com/CISecurity <image004.png>https://www.youtube.com/user/TheCISecurity <image005.png>https://www.linkedin.com/company/the-center-for-internet-security
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
OVAL_Developer mailing list
OVAL_Developer@lists.cisecurity.orgmailto:OVAL_Developer@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
.....
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.