Linux ns8.secondary29.go.th 2.6.32-754.28.1.el6.x86_64 #1 SMP Wed Mar 11 18:38:45 UTC 2020 x86_64
Apache/2.2.15 (CentOS)
: 122.154.134.11 | : 122.154.134.9
Cant Read [ /etc/named.conf ]
5.6.40
apache
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
README
+ Create Folder
+ Create File
/
usr /
share /
openscap /
schemas /
oval /
5.11 /
[ HOME SHELL ]
Name
Size
Permission
Action
aix-definitions-schema.xsd
52.12
KB
-rw-r--r--
aix-system-characteristics-sch...
24.24
KB
-rw-r--r--
android-definitions-schema.xsd
99.3
KB
-rw-r--r--
android-system-characteristics...
58.82
KB
-rw-r--r--
apache-definitions-schema.xsd
13.31
KB
-rw-r--r--
apache-system-characteristics-...
5.7
KB
-rw-r--r--
apple-ios-definitions-schema.x...
39.87
KB
-rw-r--r--
apple-ios-system-characteristi...
29.22
KB
-rw-r--r--
asa-definitions-schema.xsd
119.2
KB
-rw-r--r--
asa-system-characteristics-sch...
55.82
KB
-rw-r--r--
catos-definitions-schema.xsd
37.94
KB
-rw-r--r--
catos-system-characteristics-s...
15.92
KB
-rw-r--r--
esx-definitions-schema.xsd
51.7
KB
-rw-r--r--
esx-system-characteristics-sch...
20.37
KB
-rw-r--r--
freebsd-definitions-schema.xsd
13.63
KB
-rw-r--r--
freebsd-system-characteristics...
7.02
KB
-rw-r--r--
hpux-definitions-schema.xsd
66.97
KB
-rw-r--r--
hpux-system-characteristics-sc...
19.47
KB
-rw-r--r--
independent-definitions-schema...
250.86
KB
-rw-r--r--
independent-system-characteris...
86.93
KB
-rw-r--r--
ios-definitions-schema.xsd
183.57
KB
-rw-r--r--
ios-system-characteristics-sch...
78.97
KB
-rw-r--r--
iosxe-definitions-schema.xsd
135.61
KB
-rw-r--r--
iosxe-system-characteristics-s...
62.13
KB
-rw-r--r--
junos-definitions-schema.xsd
35.04
KB
-rw-r--r--
junos-system-characteristics-s...
14.05
KB
-rw-r--r--
linux-definitions-schema.xsd
226.33
KB
-rw-r--r--
linux-system-characteristics-s...
104.75
KB
-rw-r--r--
macos-definitions-schema.xsd
227.51
KB
-rw-r--r--
macos-system-characteristics-s...
90.36
KB
-rw-r--r--
netconf-definitions-schema.xsd
11.07
KB
-rw-r--r--
netconf-system-characteristics...
3.93
KB
-rw-r--r--
oval-common-schema.xsd
74.93
KB
-rw-r--r--
oval-definitions-schema.xsd
175.93
KB
-rw-r--r--
oval-definitions-schematron.xs...
646.85
KB
-rw-r--r--
oval-directives-schema.xsd
7.56
KB
-rw-r--r--
oval-directives-schematron.xsl
69.75
KB
-rw-r--r--
oval-results-schema.xsd
70.5
KB
-rw-r--r--
oval-results-schematron.xsl
69.69
KB
-rw-r--r--
oval-system-characteristic-sch...
36.56
KB
-rw-r--r--
oval-system-characteristics-sc...
56.49
KB
-rw-r--r--
oval-variables-schema.xsd
7.47
KB
-rw-r--r--
oval-variables-schematron.xsl
6.62
KB
-rw-r--r--
pixos-definitions-schema.xsd
17.41
KB
-rw-r--r--
pixos-system-characteristics-s...
6.9
KB
-rw-r--r--
sharepoint-definitions-schema....
197.36
KB
-rw-r--r--
sharepoint-system-characterist...
93.89
KB
-rw-r--r--
solaris-definitions-schema.xsd
175.55
KB
-rw-r--r--
solaris-system-characteristics...
68.64
KB
-rw-r--r--
unix-definitions-schema.xsd
269.79
KB
-rw-r--r--
unix-system-characteristics-sc...
123.24
KB
-rw-r--r--
windows-definitions-schema.xsd
1.02
MB
-rw-r--r--
windows-system-characteristics...
456.07
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : asa-definitions-schema.xsd
<?xml version="1.0" encoding="utf-8"?> <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:asa-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#asa" xmlns:sch="http://purl.oclc.org/dsdl/schematron" targetNamespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#asa" elementFormDefault="qualified" version="5.11"> <xsd:import namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5" schemaLocation="oval-definitions-schema.xsd" /> <xsd:annotation> <xsd:documentation>The following is a description of the elements, types, and attributes that compose the Cisco ASA specific tests found in Open Vulnerability and Assessment Language (OVAL). Each test is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here.</xsd:documentation> <xsd:documentation>The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.</xsd:documentation> <xsd:documentation>Thanks to Omar Santos and Panos Kampanakis of Cisco for providing these tests.</xsd:documentation> <xsd:appinfo> <schema>Cisco ASA Definition</schema> <version>5.11:5.11</version> <date>12/18/2014 09:00:00 AM</date> <terms_of_use>Copyright (c) 2002-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.</terms_of_use> <sch:ns prefix="oval-def" uri="http://oval.mitre.org/XMLSchema/oval-definitions-5" /> <sch:ns prefix="asa-def" uri="http://oval.mitre.org/XMLSchema/oval-definitions-5#asa" /> <sch:ns prefix="xsi" uri="http://www.w3.org/2001/XMLSchema-instance" /> </xsd:appinfo> </xsd:annotation> <!-- =============================================================================== --> <!-- ================================ ASA ACL TEST ================================ --> <!-- =============================================================================== --> <xsd:element name="acl_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>The acl test is used to check the properties of specific output lines from an ACL configuration.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>acl_test</oval:test> <oval:object>acl_object</oval:object> <oval:state>acl_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#asa">acl_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="asa_acltst"> <sch:rule context="asa-def:acl_test/asa-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/asa-def:acl_object/@id"> <sch:value-of select="../@id" /> - the object child element of a acl_test must reference a acl_object</sch:assert> </sch:rule> <sch:rule context="asa-def:acl_test/asa-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/asa-def:acl_state/@id"> <sch:value-of select="../@id" /> - the state child element of a acl_test must reference a acl_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType" /> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded" /> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="acl_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The acl_object element is used by an acl_test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation> <xsd:documentation>An acl object consists of a an acl name and an IP version entity that is the name and the IP protocol version of the access-list to be tested.</xsd:documentation> <xsd:appinfo> <sch:pattern id="asa_acl_object_verify_filter_state"> <sch:rule context="asa-def:acl_object//oval-def:filter"> <sch:let name="parent_object" value="ancestor::asa-def:acl_object" /> <sch:let name="parent_object_id" value="$parent_object/@id" /> <sch:let name="state_ref" value="." /> <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]" /> <sch:let name="state_name" value="local-name($reffed_state)" /> <sch:let name="state_namespace" value="namespace-uri($reffed_state)" /> <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#asa') and ($state_name='acl_state'))">State referenced in filter for <sch:value-of select="name($parent_object)" /> '<sch:value-of select="$parent_object_id" />' is of the wrong type.</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set" /> <xsd:sequence> <xsd:element name="name" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The name of the ACL.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="ip_version" type="asa-def:EntityObjectAccessListIPVersionType"> <xsd:annotation> <xsd:documentation>The IP version of the ACL.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded" /> </xsd:sequence> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="acl_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The acl_state element defines the different information that can be used to evaluate the result of a specific ACL configuration. This includes the name of ths ACL and the corresponding config lines. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="name" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The name of the ACL.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="ip_version" type="asa-def:EntityStateAccessListIPVersionType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The IP version of the ACL (i.e. IPv4 or IPv6 or both for UACLs).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="use" type="asa-def:EntityStateAccessListUseType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The feature where the ACL is used.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="used_in" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The name of where the ACL is used. For example if use is 'INTERFACE', use_in will be the name of the interface.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="interface_direction" type="asa-def:EntityStateAccessListInterfaceDirectionType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The direction the ACL is applied by using the access-group command. Inbound access lists apply to traffic as it enters an interface.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="acl_config_lines" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The value returned with all config lines of the ACL.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="config_line" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The value returned with one ACL config line at a time.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ========================== ASA MPF CLASS-MAP TEST ============================= --> <!-- =============================================================================== --> <xsd:element name="class_map_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>The class_map test is used to check the properties of specific output lines from an MPF class-map configuration.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>class_map_test</oval:test> <oval:object>class_map_object</oval:object> <oval:state>class_map_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#asa">class_map_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="asa-class_maptst"> <sch:rule context="asa-def:class_map_test/asa-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/asa-def:class_map_object/@id"><sch:value-of select="../@id"/> - the object child element of an class_map_test must reference an class_map_object</sch:assert> </sch:rule> <sch:rule context="asa-def:class_map_test/asa-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/asa-def:class_map_state/@id"><sch:value-of select="../@id"/> - the state child element of an class_map_test must reference an class_map_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType"/> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="class_map_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The class_map_object element is used by an class_map test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation> <xsd:documentation>A class_map object consists of a name entity that is the name of the ASA 'class-map' configuration to be tested.</xsd:documentation> <xsd:appinfo> <sch:pattern id="asa_class_map_object_verify_filter_state"> <sch:rule context="asa-def:class_map_object//oval-def:filter"> <sch:let name="parent_object" value="ancestor::asa-def:class_map_object"/> <sch:let name="parent_object_id" value="$parent_object/@id"/> <sch:let name="state_ref" value="."/> <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/> <sch:let name="state_name" value="local-name($reffed_state)"/> <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/> <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#asa') and ($state_name='class_map_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type.</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set"/> <xsd:sequence> <xsd:element name="name" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The MPF class-map name.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="class_map_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The class_map_state element defines the different information that can be used to evaluate the result of a specific 'class-map' ASA command. This includes the name, the type, the inspection type, the match type, the match commands, the policy-map or class-map it is used and the action in the policy-map. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="name" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The name of the class-map.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="type" type="asa-def:EntityStateClassMapType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The type of the 'class-map nameX type' command.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="type_inspect" type="asa-def:EntityStateInpsectionType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The inspection type of the class-map ('class-map nameX type inspect').</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="match_all_any" type="asa-def:EntityStateMatchType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The 'match-all' or 'match-any' type of the class-map. ASA defaults to 'match-any'.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="match" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The 'match' commands in the class-map.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="used_in_class_map" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The name of the class-map (for nested class-maps) that this class-map is used in.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="used_in_policy_map" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The name of the policy-map that this class-map is used in.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="policy_map_action" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The command that identifies the action for the class. For example that could be 'inspect protocolX', 'drop' or 'police 1000' or 'set connection advanced-options tcpmapX'.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- =============================== INTERFACE TEST ============================== --> <!-- =============================================================================== --> <xsd:element name="interface_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>The interface test is used to check for the existence of a particular interface on the Cisco ASA device. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a interface_object and the optional state element specifies the data to check.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>interface_test</oval:test> <oval:object>interface_object</oval:object> <oval:state>interface_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#asa">interface_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="asa-def_interfacetst"> <sch:rule context="asa-def:interface_test/asa-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/asa-def:interface_object/@id"><sch:value-of select="../@id"/> - the object child element of an interface_test must reference an interface_object</sch:assert> </sch:rule> <sch:rule context="asa-def:interface_test/asa-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/asa-def:interface_state/@id"><sch:value-of select="../@id"/> - the state child element of an interface_test must reference an interface_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType" /> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="interface_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The interface_object element is used by an interface_test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation> <xsd:documentation>An interface_object consists of a name entity that is the name of the ASA interface to be tested.</xsd:documentation> <xsd:appinfo> <sch:pattern id="asa_interface_object_verify_filter_state"> <sch:rule context="asa-def:interface_object//oval-def:filter"> <sch:let name="parent_object" value="ancestor::asa-def:interface_object"/> <sch:let name="parent_object_id" value="$parent_object/@id"/> <sch:let name="state_ref" value="."/> <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/> <sch:let name="state_name" value="local-name($reffed_state)"/> <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/> <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#asa') and ($state_name='interface_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type.</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set"/> <xsd:sequence> <xsd:element name="name" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The interface name.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="interface_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The interface_state element defines the different information that can be used to evaluate the result of a specific ASA interface. This includes the name, status, and address information about the interface. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="name" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The interface name.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="proxy_arp" type="oval-def:EntityStateBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Proxy arp enabled on the interface. The default is true.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="shutdown" type="oval-def:EntityStateBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Interface is shut down.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="hardware_addr" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The interface hardware (MAC) address.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="ipv4_address" type="oval-def:EntityStateIPAddressStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The interface IPv4 address and mask. This element should only allow 'ipv4_address' of the oval:SimpleDatatypeEnumeration.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="ipv6_address" type="oval-def:EntityStateIPAddressStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The interface IPv6 address and mask. This element should only allow 'ipv6_address' of the oval:SimpleDatatypeEnumeration.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="ipv4_access_list" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The ingress or egress IPv4 ACL name applied on the interface.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="ipv6_access_list" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The ingress or egress IPv6 ACL name applied on the interface.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="ipv4_v6_access_list" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The ingress or egress UACL name applied on the interface.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="crypto_map" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The crypto map name applied to the interface.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="urpf_command" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The uRPF command under the interface.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ================================= LINE TEST ================================= --> <!-- =============================================================================== --> <xsd:element name="line_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>The line_test is used to check the properties of specific output lines from a SHOW command, such as SHOW RUNNING-CONFIG. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a line_object and the optional state element specifies the data to check.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>line_test</oval:test> <oval:object>line_object</oval:object> <oval:state>line_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#asa">line_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="asa_linetst"> <sch:rule context="asa-def:line_test/asa-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/asa-def:line_object/@id"><sch:value-of select="../@id"/> - the object child element of a line_test must reference a line_object</sch:assert> </sch:rule> <sch:rule context="asa-def:line_test/asa-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/asa-def:line_state/@id"><sch:value-of select="../@id"/> - the state child element of a line_test must reference a line_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType" /> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="line_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The line_object element is used by a line_test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation> <xsd:documentation>A line object consists of a show_subcommand entity that is the name of a SHOW sub-command to be tested.</xsd:documentation> <xsd:appinfo> <sch:pattern id="asa_line_object_verify_filter_state"> <sch:rule context="asa-def:line_object//oval-def:filter"> <sch:let name="parent_object" value="ancestor::asa-def:line_object"/> <sch:let name="parent_object_id" value="$parent_object/@id"/> <sch:let name="state_ref" value="."/> <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/> <sch:let name="state_name" value="local-name($reffed_state)"/> <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/> <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#asa') and ($state_name='line_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type. </sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set"/> <xsd:sequence> <xsd:element name="show_subcommand" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The name of a SHOW sub-command.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="line_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The line_state element defines the different information that can be used to evaluate the result of a specific SHOW sub-command. This includes the name of ths sub-command and the corresponding config line. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="show_subcommand" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The name of the SHOW sub-command.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="config_line" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The value returned from by the specified SHOW sub-command.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- =========================== ASA MPF POLICY-MAP TEST =========================== --> <!-- =============================================================================== --> <xsd:element name="policy_map_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>The policy_map test is used to check the properties of specific output lines from an policy-map ASA configuration.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>policy_map_test</oval:test> <oval:object>policy_map_object</oval:object> <oval:state>policy_map_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#asa">policy_map_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="asa-policy_maptst"> <sch:rule context="asa-def:policy_map_test/asa-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/asa-def:policy_map_object/@id"><sch:value-of select="../@id"/> - the object child element of an policy_map_test must reference an policy_map_object</sch:assert> </sch:rule> <sch:rule context="asa-def:policy_map_test/asa-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/asa-def:policy_map_state/@id"><sch:value-of select="../@id"/> - the state child element of an policy_map_test must reference an policy_map_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType"/> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="policy_map_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The policy_map_object element is used by an policy_map test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation> <xsd:documentation>A policy_map object consists of a name entity that is the name of the ASA 'policy-map' configuration to be tested.</xsd:documentation> <xsd:appinfo> <sch:pattern id="asa_policy_map_object_verify_filter_state"> <sch:rule context="asa-def:policy_map_object//oval-def:filter"> <sch:let name="parent_object" value="ancestor::asa-def:policy_map_object"/> <sch:let name="parent_object_id" value="$parent_object/@id"/> <sch:let name="state_ref" value="."/> <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/> <sch:let name="state_name" value="local-name($reffed_state)"/> <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/> <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#asa') and ($state_name='policy_map_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type.</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set"/> <xsd:sequence> <xsd:element name="name" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The MPF policy-map name.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="policy_map_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The policy_map_state element defines the different information that can be used to evaluate the result of a 'policy-map' ASA configuration. This includes the policy-map name, the inspection type, the paremeters, the match and action commands, the policy-map it is used in and the service-policy that applies it. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="name" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The policy-map name.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="type_inspect" type="asa-def:EntityStateInpsectionType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The inspection type of the class-map.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="parameters" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The parameter commands of the policy-map.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="match_action" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The in-line match command and the action in the policy-map seperated by delimeter '_-_'. For example an http inspect policy-map could have 'match body regex regexnameX' and the action be 'drop'. Then this element would be 'body regex regexnameX_-_drop'.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="used_in" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The name of policy-map that includes the policy-map('policy-map type inspect' in this case) or the service-policy that applies the policy-map (non 'type inspect' in this case). For example, the former could be when a http inspection policy-map policymapnameX is used in a policy-map policymapnameY as its 'inspect http policymapnameX' command. The latter could be when policymapnameY is applied globally with 'service-policy policymapnameY global'. There is no chance where a policy-map can be used in both a policy-map and a service policy at the same time.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ======================== ASA MPF SERVICE-POLICY TEST ========================== --> <!-- =============================================================================== --> <xsd:element name="service_policy_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>The service_policy test is used to check the properties of specific output lines from an MPF service-policy configuration.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>service_policy_test</oval:test> <oval:object>service_policy_object</oval:object> <oval:state>service_policy_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#asa">service_policy_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="asa-service_policytst"> <sch:rule context="asa-def:service_policy_test/asa-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/asa-def:service_policy_object/@id"><sch:value-of select="../@id"/> - the object child element of an service_policy_test must reference an service_policy_object</sch:assert> </sch:rule> <sch:rule context="asa-def:service_policy_test/asa-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/asa-def:service_policy_state/@id"><sch:value-of select="../@id"/> - the state child element of an service_policy_test must reference an service_policy_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType"/> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="service_policy_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The service_policy_object element is used by an service_policy test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation> <xsd:documentation>A service_policy object consists of a name entity that is the name of the ASA 'service-policy' configurate to be tested.</xsd:documentation> <xsd:appinfo> <sch:pattern id="asa_service_policy_object_verify_filter_state"> <sch:rule context="asa-def:service_policy_object//oval-def:filter"> <sch:let name="parent_object" value="ancestor::asa-def:service_policy_object"/> <sch:let name="parent_object_id" value="$parent_object/@id"/> <sch:let name="state_ref" value="."/> <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/> <sch:let name="state_name" value="local-name($reffed_state)"/> <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/> <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#asa') and ($state_name='service_policy_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type.</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set"/> <xsd:sequence> <xsd:element name="name" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The MPF service-policy name.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="service_policy_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The service_policy_state element defines the different information that can be used to evaluate service-policy ASA configuration. This includes the service-policy name, where it is applied and the interface it is applied (if applicable). Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="name" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The service-policy name.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="applied" type="asa-def:EntityStateApplyServicePolicyType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Where he service-policy is applied.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="interface" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The interface the service-policy is applied (of the 'applied' element has value "INTERFACE').</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ============================= ASA SNMP HOST TEST ============================== --> <!-- =============================================================================== --> <xsd:element name="snmp_host_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>The snmp_host test is used to check the properties of specific output lines from an SNMP configuration.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>snmp_host_test</oval:test> <oval:object>snmp_host_object</oval:object> <oval:state>snmp_host_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#asa">snmp_host_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="asa_hosttst"> <sch:rule context="asa-def:snmp_host_test/asa-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/asa-def:snmp_host_object/@id"><sch:value-of select="../@id"/> - the object child element of an snmp_host_test must reference an snmp_host_object</sch:assert> </sch:rule> <sch:rule context="asa-def:snmp_host_test/asa-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/asa-def:snmp_host_state/@id"><sch:value-of select="../@id"/> - the state child element of an snmp_host_test must reference an snmp_host_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType"/> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="snmp_host_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The snmp_host_object element is used by an snmp_host test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation> <xsd:documentation>A snmp_host object consists of a host entity that is the host of the 'snmp host' ASA command to be tested.</xsd:documentation> <xsd:appinfo> <sch:pattern id="asa_snmp_host_object_verify_filter_state"> <sch:rule context="asa-def:snmp_host_object//oval-def:filter"> <sch:let name="parent_object" value="ancestor::asa-def:snmp_host_object"/> <sch:let name="parent_object_id" value="$parent_object/@id"/> <sch:let name="state_ref" value="."/> <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/> <sch:let name="state_name" value="local-name($reffed_state)"/> <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/> <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#asa') and ($state_name='snmp_host_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type.</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set"/> <xsd:sequence> <xsd:element name="host" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The SNMP host address or hostname.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="snmp_host_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The snmp_host_state element defines the different information that can be used to evaluate the result of a specific 'snmp host' ASA command. This includes the host and the corresponding options. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="interface" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The interface configured for the host.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="host" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The SNMP host address or hostname.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="snmpv3_user" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The community SNMPv3 user configured for the host.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="version" type="asa-def:EntityStateSNMPVersionStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The SNMP version.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="poll" type="oval-def:EntityStateBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>SNMP polls enabled for the host.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="traps" type="oval-def:EntityStateBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>SNMP traps enabled for the host.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="udp_port" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>SNMP port configured for the host.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ============================= ASA SNMP USER TEST ============================== --> <!-- =============================================================================== --> <xsd:element name="snmp_user_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>The snmp_user test is used to check the properties of specific output lines from an SNMP user configuration.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>snmp_user_test</oval:test> <oval:object>snmp_user_object</oval:object> <oval:state>snmp_user_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#asa">snmp_user_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="asa_usertst"> <sch:rule context="asa-def:snmp_user_test/asa-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/asa-def:snmp_user_object/@id"><sch:value-of select="../@id"/> - the object child element of an snmp_user_test must reference an snmp_user_object</sch:assert> </sch:rule> <sch:rule context="asa-def:snmp_user_test/asa-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/asa-def:snmp_user_state/@id"><sch:value-of select="../@id"/> - the state child element of an snmp_user_test must reference an snmp_user_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType"/> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="snmp_user_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The snmp_user_object element is used by an snmp_user test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation> <xsd:documentation>A snmp_user object consists of a name entity that is the name of the SNMP user to be tested.</xsd:documentation> <xsd:appinfo> <sch:pattern id="asa_snmp_user_object_verify_filter_state"> <sch:rule context="asa-def:snmp_user_object//oval-def:filter"> <sch:let name="parent_object" value="ancestor::asa-def:snmp_user_object"/> <sch:let name="parent_object_id" value="$parent_object/@id"/> <sch:let name="state_ref" value="."/> <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/> <sch:let name="state_name" value="local-name($reffed_state)"/> <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/> <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#asa') and ($state_name='snmp_user_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type.</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set"/> <xsd:sequence> <xsd:element name="name" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The SNMP user name.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="snmp_user_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The snmp_user_state element defines the different information that can be used to evaluate the result of a specific 'show snmp-serveruser' ASA command. This includes the user name and the corresponding options. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="name" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The SNMP user name.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="group" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The SNMP group the user belongs to.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="priv" type="asa-def:EntityStateSNMPPrivStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The SNMP encryption type for the user (for SNMPv3).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="auth" type="asa-def:EntityStateSNMPAuthStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The SNMP authentication type for the user (for SNMPv3).</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ============================= ASA SNMP GROUP TEST ============================= --> <!-- =============================================================================== --> <xsd:element name="snmp_group_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>The snmp_group test is used to check the properties of specific output lines from an SNMP group configuration.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>snmp_group_test</oval:test> <oval:object>snmp_group_object</oval:object> <oval:state>snmp_group_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#asa">snmp_group_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="asa_grouptst"> <sch:rule context="asa-def:snmp_group_test/asa-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/asa-def:snmp_group_object/@id"><sch:value-of select="../@id"/> - the object child element of an snmp_group_test must reference an snmp_group_object</sch:assert> </sch:rule> <sch:rule context="asa-def:snmp_group_test/asa-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/asa-def:snmp_group_state/@id"><sch:value-of select="../@id"/> - the state child element of an snmp_group_test must reference an snmp_group_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType"/> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="snmp_group_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The snmp_group_object element is used by an snmp_group test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation> <xsd:documentation>A snmp_group object consists of a name entity that is the name of the SNMP group to be tested.</xsd:documentation> <xsd:appinfo> <sch:pattern id="asa_snmp_group_object_verify_filter_state"> <sch:rule context="asa-def:snmp_group_object//oval-def:filter"> <sch:let name="parent_object" value="ancestor::asa-def:snmp_group_object"/> <sch:let name="parent_object_id" value="$parent_object/@id"/> <sch:let name="state_ref" value="."/> <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/> <sch:let name="state_name" value="local-name($reffed_state)"/> <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/> <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#asa') and ($state_name='snmp_group_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type.</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set"/> <xsd:sequence> <xsd:element name="name" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The SNMP group name.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="snmp_group_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The snmp_group_state element defines the different information that can be used to evaluate the result of a specific 'snmp-server group' ASA command. This includes the user name and the corresponding options. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="name" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The SNMP group name.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="snmpv3_sec_level" type="asa-def:EntityStateSNMPSecLevelStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The SNMPv3 security configured for the group.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ============================ ASA MPF TCP-MAP TEST ============================= --> <!-- =============================================================================== --> <xsd:element name="tcp_map_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>The tcp_map test is used to check the properties of specific output lines from a tcp-map ASA configuration.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>tcp_map_test</oval:test> <oval:object>tcp_map_object</oval:object> <oval:state>tcp_map_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#asa">tcp_map_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="asatst"> <sch:rule context="asa-def:tcp_map_test/asa-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/asa-def:service_policy_object/@id"><sch:value-of select="../@id"/> - the object child element of an service_policy_test must reference an service_policy_object</sch:assert> </sch:rule> <sch:rule context="asa-def:tcp_map_test/asa-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/asa-def:service_policy_state/@id"><sch:value-of select="../@id"/> - the state child element of an service_policy_test must reference an service_policy_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType"/> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="tcp_map_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The tcp-map_object element is used by an tcp_map test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation> <xsd:documentation>A service_policy object consists of a name entity that is the name of the ASA 'tcp-map' configuration to be tested.</xsd:documentation> <xsd:appinfo> <sch:pattern id="asa_service_policy_object_verify_filter_state"> <sch:rule context="asa-def:tcp_map_object//oval-def:filter"> <sch:let name="parent_object" value="ancestor::asa-def:tcp_map_object"/> <sch:let name="parent_object_id" value="$parent_object/@id"/> <sch:let name="state_ref" value="."/> <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/> <sch:let name="state_name" value="local-name($reffed_state)"/> <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/> <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#asa') and ($state_name='service_policy_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type.</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set"/> <xsd:sequence> <xsd:element name="name" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The MPF tcp-map name.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="tcp_map_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The tcp_map_state element defines the different information that can be used to evaluate the result of a specific 'tcp-map' ASA configuration. This includes the tcp-map name and its configured options. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="name" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The tcp-map name.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="options" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The configured commends in the tcp-map. These could include TCP options, flags and other options of the tcp-map.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ================================ VERSION TEST =============================== --> <!-- =============================================================================== --> <xsd:element name="version_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>The version test is used to check the version of the ASA operating system. It is based off of the SHOW VERSION command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a version_object and the optional state element specifies the data to check.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>version_test</oval:test> <oval:object>version_object</oval:object> <oval:state>version_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#asa">version_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="asa_vertst"> <sch:rule context="asa-def:version_test/asa-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/asa-def:version_object/@id"><sch:value-of select="../@id"/> - the object child element of a version_test must reference a version_object</sch:assert> </sch:rule> <sch:rule context="asa-def:version_test/asa-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/asa-def:version_state/@id"><sch:value-of select="../@id"/> - the state child element of a version_test must reference a version_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType" /> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="version_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The version_object element is used by a version test to define the different version information associated with a ASA system. There is actually only one object relating to version and this is the system as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check version will reference the same version_object which is basically an empty object element.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"/> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="version_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The version_state element defines the version information held within a Cisco ASA software release. The asa_release element specifies the whole ASA version information. The asa_major_release, asa_minor_release and asa_build elements specify seperated parts of ASA software version information. For instance, if the ASA version is 8.4(2.3)49, then asa_release is 8.4(2.3)49, asa_major_release is 8.4, asa_minor_release is 2.3 and asa_build is 49. See the SHOW VERSION command within ASA for more information.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="asa_release" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The asa_release element specifies the whole ASA version information.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="asa_major_release" type="oval-def:EntityStateVersionType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The asa_major_release is the dotted version that starts a version string. For example the asa_release 8.4(2.3)49 has a asa_major_release of 8.4.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="asa_minor_release" type="oval-def:EntityStateVersionType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The asa_minor_release is the dotted version that starts a version string. For example the asa_release 8.4(2.3)49 has a asa_minor_release of 2.3.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="asa_build" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The asa_build is an integer. For example the asa_release 8.4(2.3)49 has a asa_build of 49.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- =============================================================================== --> <!-- =============================================================================== --> <xsd:complexType name="EntityObjectAccessListIPVersionType"> <xsd:annotation> <xsd:documentation>The EntityObjectAccessListIPVersionType complex type restricts a string value to a specific set of values: IPV4, IPV6 or IPV4_V6 (both). These values describe if an ACL is for IPv4 or IPv6 or both for UACLs in a Cisco ASA configuration. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-def:EntityObjectStringType"> <xsd:enumeration value="IPV4" /> <xsd:enumeration value="IPV6" /> <xsd:enumeration value="IPV4_V6" /> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityStateAccessListIPVersionType"> <xsd:annotation> <xsd:documentation>The EntityStateAccessListIPVersionType complex type restricts a string value to a specific set of values: IPV4, IPV6 or IPV4_V6 (both). These values describe if an ACL is for IPv4 or IPv6 or both for UACLs in a Cisco ASA configuration. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-def:EntityStateStringType"> <xsd:enumeration value="IPV4" /> <xsd:enumeration value="IPV6" /> <xsd:enumeration value="IPV4_V6" /> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityStateAccessListUseType"> <xsd:annotation> <xsd:documentation>The EntityStateAccessListUseType complex type restricts a string value to a specific set of values: INTERFACE, INTERFACE_CP (control plane interface ACL), CRYPTO_MAP_MATCH, CLASS_MAP_MATCH, ROUTE_MAP_MATCH, IGMP_FILTER, NONE. These values describe the ACL use in a Cisco ASA configuration. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-def:EntityStateStringType"> <xsd:enumeration value="INTERFACE" /> <xsd:enumeration value="INTERFACE_CP" /> <xsd:enumeration value="CRYPTO_MAP_MATCH" /> <xsd:enumeration value="CLASS_MAP_MATCH" /> <xsd:enumeration value="ROUTE_MAP_MATCH" /> <xsd:enumeration value="IGMP_FILTER" /> <xsd:enumeration value="NONE" /> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityStateAccessListInterfaceDirectionType"> <xsd:annotation> <xsd:documentation>The EntityStateAccessListInterfaceDirectionType complex type restricts a string value to a specific set of values: IN, OUT. These values describe the inbound or outbound ACL direction on an interface in a Cisco ASA configuration. These values are defined with the access-group command. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-def:EntityStateStringType"> <xsd:enumeration value="IN" /> <xsd:enumeration value="OUT" /> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityStateClassMapType"> <xsd:annotation> <xsd:documentation>The EntityStateClassMapType complex type restricts a string value to a specific set of values: INSPECT, REGEX, MANAGEMENT. These values describe the MPF class-map types in Cisco ASA MPF configurations. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-def:EntityStateStringType"> <xsd:enumeration value="INSPECT"/> <xsd:enumeration value="REGEX"/> <xsd:enumeration value="MANAGEMENT"/> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityStateInpsectionType"> <xsd:annotation> <xsd:documentation>The EntityStateInpsectionType complex type restricts a string value to a specific set of values. These values describe the MPF inspection types of class-map and policy-map configurations in Cisco ASA MPF configurations. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-def:EntityStateStringType"> <xsd:enumeration value="DCERPC"/> <xsd:enumeration value="DNS"/> <xsd:enumeration value="ESMTP"/> <xsd:enumeration value="FTP"/> <xsd:enumeration value="GTP"/> <xsd:enumeration value="H323"/> <xsd:enumeration value="HTTP"/> <xsd:enumeration value="IM"/> <xsd:enumeration value="IPV6"/> <xsd:enumeration value="MGCP"/> <xsd:enumeration value="NETBIOS"/> <xsd:enumeration value="RADIUS-ACCOUNTING"/> <xsd:enumeration value="RTSP"/> <xsd:enumeration value="SCANSAFE"/> <xsd:enumeration value="SIP"/> <xsd:enumeration value="SKINNY"/> <xsd:enumeration value="SNMP"/> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityStateApplyServicePolicyType"> <xsd:annotation> <xsd:documentation>The EntityStateApplyServicePolicyType complex type restricts a string value to a specific set of values: GLOBAL, INTERFACE. These values describe where a service-policy is applied in a Cisco ASA MPF configuration. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-def:EntityStateStringType"> <xsd:enumeration value="GLOBAL"/> <xsd:enumeration value="INTERFACE"/> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityStateMatchType"> <xsd:annotation> <xsd:documentation>The EntityStateMatchType complex type restricts a string value to a specific set of values: ANY, ALL. These values describe the match type of a class-map in a Cisco ASA MPF configuration. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-def:EntityStateStringType"> <xsd:enumeration value="ANY"/> <xsd:enumeration value="ALL"/> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityStateSNMPVersionStringType"> <xsd:annotation> <xsd:documentation>The EntityStateSNMPVersionStringType complex type restricts a string value to a specific set of values: 1, 2c, 3. These values describe the SNMP version in a Cisco ASA configuration. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-def:EntityStateStringType"> <xsd:enumeration value="1"/> <xsd:enumeration value="2C"/> <xsd:enumeration value="3"/> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityStateSNMPSecLevelStringType"> <xsd:annotation> <xsd:documentation>The EntityStateSNMPSecLevelStringType complex type restricts a string value to a specific set of values: PRIV, AUTH, NO_AUTH. These values describe the SNMP security level (encryption, Authentication, None) in a Cisco ASA SNMPv3 related configurations. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-def:EntityStateStringType"> <xsd:enumeration value="PRIV"/> <xsd:enumeration value="AUTH"/> <xsd:enumeration value="NO_AUTH"/> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityStateSNMPAuthStringType"> <xsd:annotation> <xsd:documentation>The EntityStateSNMPAuthStringType complex type restricts a string value to a specific set of values: MD5, SHA. These values describe the authentication algorithm in a Cisco ASA SNMPv3 related configurations. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-def:EntityStateStringType"> <xsd:enumeration value="MD5"/> <xsd:enumeration value="SHA"/> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityStateSNMPPrivStringType"> <xsd:annotation> <xsd:documentation>The EntityStateSNMPPrivStringType complex type restricts a string value to a specific set of values: DES, 3DES, AES128, AES192, and AES256. These values describe the encryption algorithm in a Cisco ASA SNMPv3 related configurations. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-def:EntityStateStringType"> <xsd:enumeration value="DES"/> <xsd:enumeration value="3DES"/> <xsd:enumeration value="AES128"/> <xsd:enumeration value="AES192"/> <xsd:enumeration value="AES256"/> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> </xsd:schema>
Close
