User:Delimiter/Projects/FreeBSD CVE

From ConShell
Jump to navigation Jump to search

Introduction

This page is for notes, definitions and references regarding the conversion of FreeBSD vulnerability data (a.k.a. vuxml) to and from SCAP OVAL.

So what is needed is something like oval2portaudit (similar to vuxml2portaudit) see auditfile in auditfile.tar within /var/db/portaudit/auditfile.tbz


Tasks

  • figure out how vxquery really works
  • get my hands on the oval.xml file and start a parser to convert to
  • portaudit format
  • tweak portaudit to allow polling of OVAL data also.
  • Download, compile and run the OVAL interpreter

vxquery

vxquery /tmp/auditfile mt-daapd
Parsing failed @ line 1:
not well-formed (invalid token)

validation notes

Install /usr/ports/textproc/libxml2/ 

fetch http://cve.mitre.org/data/downloads/allitems.xml.gz
gunzip allitems.xml.gz
fetch http://cve.mitre.org/schema/cve/cve_1.0.xsd
/usr/local/bin/xmllint --valid --noout --schema cve_1.0.xsd allitems.xml

OVAL Specifics

What are the valid/relevant platforms for FreeBSD?

TBD

Details of the OVAL xml data for FreeBSD

Definitions

ISAP

Information Security Automation Program (ISAP) is a U.S. government multi-agency initiative to enable automation and standardization of technical security operations.

SCAP

Security Content Automation Protocol (SCAP) is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation (e.g., FISMA compliance).

NVD

NVD is the U.S. government content repository for ISAP and SCAP.

Authenticated Vulnerability and Patch Scanner

A product with the ability to scan a target system to locate and identify the presence of known software flaws and evaluate the software patch status to determine compliance with a defined patch policy using target system logon privileges.

portaudit qualifies as this

Vulnerability Database

A SCAP vulnerability database is a product that contains a catalog of security related software flaw issues labeled with CVEs where applicable. This data is made accessible to users through a search capability or data feed and contains descriptions of software flaws, references to additional information (e.g., links to patches or vulnerability advisories), and impact scores. The user-to-database interaction is provided independent of any scans, intrusion detection, or reporting activities. Thus, a product that only scans to find vulnerabilities and then stores the results in a database does not meet the requirements for an SCAP vulnerability database (such a product would map to a different SCAP capability). A product that presents the user general knowledge about vulnerabilities, independent of a particular environment, would meet the definition of an SCAP vulnerability database.


vuxml qualifies as this

Open Vulnerability Assessment Language (OVAL)

An XML-based language used for communicating the details of vulnerabilities, patches, security configuration settings, and other machine states in a machine-readable form.


OVAL ID

An identifier for a specific OVAL definition that conforms to the format for OVAL IDs. For more information please see the OVAL specification reference in Section 2.1.


References

Other URLs and references

Retrieved from "https://conshell.net/wiki/index.php?title=User:Delimiter/Projects/FreeBSD_CVE&oldid=5531"