On 11/6/13, 9:50 AM, Steinke, Leland J Sr CTR DISA FSO (US) wrote:
The NIST SCAP Content Validation Tool threw errors on the
system_info_architecture_x86* definitions (requirement ID 208). This patch corrects the
errors.
Regards,
--
Leland Steinke, Security+
DISA FSO Technical Support Contractor
tapestry technologies, Inc
717-267-5797 (DSN 570)
leland.j.steinke.ctr(a)mail.mil (gov't)
lsteinke(a)tapestrytech.com (com'l)
---
.../input/checks/system_info_architecture_x86.xml | 2 +-
.../checks/system_info_architecture_x86_64.xml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/RHEL6/input/checks/system_info_architecture_x86.xml
b/RHEL6/input/checks/system_info_architecture_x86.xml
index f05260a..393c4d6 100644
--- a/RHEL6/input/checks/system_info_architecture_x86.xml
+++ b/RHEL6/input/checks/system_info_architecture_x86.xml
@@ -1,5 +1,5 @@
<def-group>
- <definition class="miscellaneous"
id="system_info_architecture_x86"
+ <definition class="compliance"
id="system_info_architecture_x86"
version="1">
<!-- Note that this does not meet requirements for class=inventory as
that only tests for patches per 5.10.1 Revision 1 -->
diff --git a/RHEL6/input/checks/system_info_architecture_x86_64.xml
b/RHEL6/input/checks/system_info_architecture_x86_64.xml
index d4e681f..08481b5 100644
--- a/RHEL6/input/checks/system_info_architecture_x86_64.xml
+++ b/RHEL6/input/checks/system_info_architecture_x86_64.xml
@@ -1,5 +1,5 @@
<def-group>
- <definition class="miscellaneous"
id="system_info_architecture_x86_64"
+ <definition class="compliance"
id="system_info_architecture_x86_64"
version="1">
<!-- Note that this does not meet requirements for class=inventory as
that only tests for patches per 5.10.1 Revision 1 -->
I'm not sure this is an error after reviewing the OVAL spec:
http://oval.mitre.org/language/version5.10/ovaldefinition/documentation/o...
- Compliance definitions are meant to describe "the state of a machine
when in compliance with a specific policy."
- Miscellaneous definitions are used "to categorize a definition that
doesn't fit into one of the other four classes," with the other four
being compliance, inventory, patch, and vulnerability.
Since the system_info_architecture_x86* checks are called from other
OVAL checks, such as audit_*, to test system architecture (versus
testing for the /compliance/ of being a specific architecture), the
class definition of miscellaneous seems appropriate.
Or am I interpreting the spec incorrectly (....which is totally possible)?