Hello, I'm trying to learn my way around SCAP just now, with the main focus right now on scans of Linux-based systems using oscap and the related tools. I'm hitting a bit of a wall when it comes to writing OVAL content and just wondered if someone could point me to resources that unpack things from the perspective of someone accustomed to writing software in "normal" programming languages?
Some more-or-less specific questions: o In an object definition like this (condensed from OVAL found in SSG, where B is a local variable containing a set of file paths): <ind:textfilecontent54_object id="A" version="1"> <ind:filepath var_ref="B" var_check="at least one" /> <ind:pattern operation="pattern match">^0$</ind:pattern> <ind:instance datatype="int">1</ind:instance> </ind:textfilecontent54_object> what is the function of var_check="at least one"? I assume that this is a condition being applied to the value of the variable B, saying that it must have at least one member, but what happens if the variable B is an empty set? o Basic question: is the order in which entities appear in a file of OVAL content irrelevant? Given that they are all tagged with types and ID strings it seems like this would be the case, but OVAL is a new world where many things are not what they seem, so I thought I would check. o Is there a tool that allows you to debug OVAL at runtime? That is, much like any other debugger, to set breakpoints and examine the values of objects/variables/etc at runtime? o Is there a document/book/tutorial that guides a person through creating complex OVAL rules (preferably on Linux systems)? Most of the examples I've found on the web are of the very simple "Hello World" variety, so lead to more questions than they answer. Something that walks through even just how to *think* about solving problems in OVAL would be helpful at this point. Thanks! _______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list