Linux ns8.secondary29.go.th 2.6.32-754.28.1.el6.x86_64 #1 SMP Wed Mar 11 18:38:45 UTC 2020 x86_64
Apache/2.2.15 (CentOS)
: 122.154.134.11 | : 122.154.134.9
Cant Read [ /etc/named.conf ]
5.6.40
apache
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
README
+ Create Folder
+ Create File
/
usr /
share /
openscap /
schemas /
oval /
5.11 /
[ HOME SHELL ]
Name
Size
Permission
Action
aix-definitions-schema.xsd
52.12
KB
-rw-r--r--
aix-system-characteristics-sch...
24.24
KB
-rw-r--r--
android-definitions-schema.xsd
99.3
KB
-rw-r--r--
android-system-characteristics...
58.82
KB
-rw-r--r--
apache-definitions-schema.xsd
13.31
KB
-rw-r--r--
apache-system-characteristics-...
5.7
KB
-rw-r--r--
apple-ios-definitions-schema.x...
39.87
KB
-rw-r--r--
apple-ios-system-characteristi...
29.22
KB
-rw-r--r--
asa-definitions-schema.xsd
119.2
KB
-rw-r--r--
asa-system-characteristics-sch...
55.82
KB
-rw-r--r--
catos-definitions-schema.xsd
37.94
KB
-rw-r--r--
catos-system-characteristics-s...
15.92
KB
-rw-r--r--
esx-definitions-schema.xsd
51.7
KB
-rw-r--r--
esx-system-characteristics-sch...
20.37
KB
-rw-r--r--
freebsd-definitions-schema.xsd
13.63
KB
-rw-r--r--
freebsd-system-characteristics...
7.02
KB
-rw-r--r--
hpux-definitions-schema.xsd
66.97
KB
-rw-r--r--
hpux-system-characteristics-sc...
19.47
KB
-rw-r--r--
independent-definitions-schema...
250.86
KB
-rw-r--r--
independent-system-characteris...
86.93
KB
-rw-r--r--
ios-definitions-schema.xsd
183.57
KB
-rw-r--r--
ios-system-characteristics-sch...
78.97
KB
-rw-r--r--
iosxe-definitions-schema.xsd
135.61
KB
-rw-r--r--
iosxe-system-characteristics-s...
62.13
KB
-rw-r--r--
junos-definitions-schema.xsd
35.04
KB
-rw-r--r--
junos-system-characteristics-s...
14.05
KB
-rw-r--r--
linux-definitions-schema.xsd
226.33
KB
-rw-r--r--
linux-system-characteristics-s...
104.75
KB
-rw-r--r--
macos-definitions-schema.xsd
227.51
KB
-rw-r--r--
macos-system-characteristics-s...
90.36
KB
-rw-r--r--
netconf-definitions-schema.xsd
11.07
KB
-rw-r--r--
netconf-system-characteristics...
3.93
KB
-rw-r--r--
oval-common-schema.xsd
74.93
KB
-rw-r--r--
oval-definitions-schema.xsd
175.93
KB
-rw-r--r--
oval-definitions-schematron.xs...
646.85
KB
-rw-r--r--
oval-directives-schema.xsd
7.56
KB
-rw-r--r--
oval-directives-schematron.xsl
69.75
KB
-rw-r--r--
oval-results-schema.xsd
70.5
KB
-rw-r--r--
oval-results-schematron.xsl
69.69
KB
-rw-r--r--
oval-system-characteristic-sch...
36.56
KB
-rw-r--r--
oval-system-characteristics-sc...
56.49
KB
-rw-r--r--
oval-variables-schema.xsd
7.47
KB
-rw-r--r--
oval-variables-schematron.xsl
6.62
KB
-rw-r--r--
pixos-definitions-schema.xsd
17.41
KB
-rw-r--r--
pixos-system-characteristics-s...
6.9
KB
-rw-r--r--
sharepoint-definitions-schema....
197.36
KB
-rw-r--r--
sharepoint-system-characterist...
93.89
KB
-rw-r--r--
solaris-definitions-schema.xsd
175.55
KB
-rw-r--r--
solaris-system-characteristics...
68.64
KB
-rw-r--r--
unix-definitions-schema.xsd
269.79
KB
-rw-r--r--
unix-system-characteristics-sc...
123.24
KB
-rw-r--r--
windows-definitions-schema.xsd
1.02
MB
-rw-r--r--
windows-system-characteristics...
456.07
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : unix-definitions-schema.xsd
<?xml version="1.0" encoding="utf-8"?> <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:unix-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" xmlns:sch="http://purl.oclc.org/dsdl/schematron" targetNamespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" elementFormDefault="qualified" version="5.11"> <xsd:import namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5" schemaLocation="oval-definitions-schema.xsd"/> <xsd:annotation> <xsd:documentation>The following is a description of the elements, types, and attributes that compose generic UNIX tests found in Open Vulnerability and Assessment Language (OVAL). Each test is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here.</xsd:documentation> <xsd:documentation>The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.</xsd:documentation> <xsd:appinfo> <schema>UNIX Definition</schema> <version>5.11:5.11</version> <date>12/18/2014 09:00:00 AM</date> <terms_of_use>Copyright (c) 2002-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.</terms_of_use> <sch:ns prefix="oval-def" uri="http://oval.mitre.org/XMLSchema/oval-definitions-5"/> <sch:ns prefix="unix-def" uri="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"/> <sch:ns prefix="xsi" uri="http://www.w3.org/2001/XMLSchema-instance"/> </xsd:appinfo> </xsd:annotation> <!-- =============================================================================== --> <!-- =============================== DNS CACHE TEST ============================== --> <!-- =============================================================================== --> <xsd:element name="dnscache_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>The dnscache_test is used to check the time to live and IP addresses associated with a domain name. The time to live and IP addresses for a particular domain name are retrieved from the DNS cache on the local system. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a dnscache_object and the optional state element specifies the metadata to check.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>dnscache_test</oval:test> <oval:object>dnscache_object</oval:object> <oval:state>dnscache_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#unix">dnscache_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="unix-def_dnscachetst"> <sch:rule context="unix-def:dnscache_test/unix-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/unix-def:dnscache_object/@id"><sch:value-of select="../@id"/> - the object child element of a dnscache_test must reference a dnscache_object</sch:assert> </sch:rule> <sch:rule context="unix-def:dnscache_test/unix-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/unix-def:dnscache_state/@id"><sch:value-of select="../@id"/> - the state child element of a dnscache_test must reference a dnscache_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType" /> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="dnscache_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The dnscache_object is used by the dnscache_test to specify the domain name(s) that should be collected from the DNS cache on the local system. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation> <xsd:appinfo> <sch:pattern id="unix-def_dnscache_object_verify_filter_state"> <sch:rule context="unix-def:dnscache_object//oval-def:filter"> <sch:let name="parent_object" value="ancestor::unix-def:dnscache_object"/> <sch:let name="parent_object_id" value="$parent_object/@id"/> <sch:let name="state_ref" value="."/> <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/> <sch:let name="state_name" value="local-name($reffed_state)"/> <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/> <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#unix') and ($state_name='dnscache_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type. </sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set"/> <xsd:sequence> <xsd:element name="domain_name" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The domain_name element specifies the domain name(s) that should be collected from the DNS cache on the local system.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="dnscache_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The dnscache_state contains three entities that are used to check the domain name, time to live, and IP addresses associated with the DNS cache entry.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="domain_name" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The domain_name element contains a string that represents a domain name that was collected from the DNS cache on the local system.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="ttl" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The ttl element contains an integer that represents the time to live in seconds of the DNS cache entry.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="ip_address" type="oval-def:EntityStateIPAddressStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The ip_address element contains a string that represents an IP address associated with the specified domain name that was collected from the DNS cache on the local system. Note that the IP address can be IPv4 or IPv6.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ================================= FILE TEST ================================= --> <!-- =============================================================================== --> <xsd:element name="file_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>The file test is used to check metadata associated with UNIX files, of the sort returned by either an ls command, stat command or stat() system call. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a file_object and the optional state element specifies the metadata to check.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>file_test</oval:test> <oval:object>file_object</oval:object> <oval:state>file_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#unix">file_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="unix-def_filetst"> <sch:rule context="unix-def:file_test/unix-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/unix-def:file_object/@id"><sch:value-of select="../@id"/> - the object child element of a file_test must reference a file_object</sch:assert> </sch:rule> <sch:rule context="unix-def:file_test/unix-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/unix-def:file_state/@id"><sch:value-of select="../@id"/> - the state child element of a file_test must reference a file_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType" /> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="file_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The file_object element is used by a file test to define the specific file(s) to be evaluated. The file_object will collect all UNIX file types (directory, regular file, character device, block device, fifo, symbolic link, and socket). Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation> <xsd:documentation>A file object defines the path and filename of the file(s). In addition, a number of behaviors may be provided that help guide the collection of objects. Please refer to the FileBehaviors complex type for more information about specific behaviors.</xsd:documentation> <xsd:documentation>The set of files to be evaluated may be identified with either a complete filepath or a path and filename. Only one of these options may be selected.</xsd:documentation> <xsd:documentation>It is important to note that the 'max_depth' and 'recurse_direction' attributes of the 'behaviors' element do not apply to the 'filepath' element, only to the 'path' and 'filename' elements. This is because the 'filepath' element represents an absolute path to a particular file and it is not possible to recurse over a file.</xsd:documentation> <xsd:appinfo> <sch:pattern id="unix-def_file_object_verify_filter_state"> <sch:rule context="unix-def:file_object//oval-def:filter"> <sch:let name="parent_object" value="ancestor::unix-def:file_object"/> <sch:let name="parent_object_id" value="$parent_object/@id"/> <sch:let name="state_ref" value="."/> <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/> <sch:let name="state_name" value="local-name($reffed_state)"/> <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/> <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#unix') and ($state_name='file_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type. </sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set"/> <xsd:sequence> <xsd:element name="behaviors" type="unix-def:FileBehaviors" minOccurs="0" maxOccurs="1"/> <xsd:choice> <xsd:element name="filepath" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.</xsd:documentation> <xsd:appinfo> <sch:pattern id="unix-def_fileobjfilepath"> <sch:rule context="unix-def:file_object/unix-def:filepath"> <sch:assert test="not(preceding-sibling::unix-def:behaviors[@max_depth or @recurse or @recurse_direction])"><sch:value-of select="../@id"/> - the max_depth, recurse, and recurse_direction behaviors are not allowed with a filepath entity</sch:assert> </sch:rule> </sch:pattern> <sch:pattern id="unix-def_fileobjfilepath2"> <sch:rule context="unix-def:file_object/unix-def:filepath[not(@operation='equals' or not(@operation))]"> <sch:assert test="not(preceding-sibling::unix-def:behaviors[@recurse_file_system='defined'])"><sch:value-of select="../@id"/> - the recurse_file_system behavior MUST not be set to 'defined' when a pattern match is used with a filepath entity.</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:sequence> <xsd:element name="path" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The path element specifies the directory component of the absolute path to a file on the machine.</xsd:documentation> <xsd:appinfo> <sch:pattern id="unix-def_fileobjpath"> <sch:rule context="unix-def:file_object/unix-def:path[not(@operation='equals' or not(@operation))]"> <sch:assert test="not(preceding-sibling::unix-def:behaviors[@recurse_file_system='defined'])"><sch:value-of select="../@id"/> - the recurse_file_system behavior MUST not be set to 'defined' when a pattern match is used with a path entity.</sch:assert> <sch:assert test="not(preceding-sibling::unix-def:behaviors[@max_depth])"><sch:value-of select="../@id"/> - the max_depth behavior MUST not be used when a pattern match is used with a path entity.</sch:assert> <sch:assert test="not(preceding-sibling::unix-def:behaviors[@recurse_direction])"><sch:value-of select="../@id"/> - the recurse_direction behavior MUST not be used when a pattern match is used with a path entity.</sch:assert> <sch:assert test="not(preceding-sibling::unix-def:behaviors[@recurse])"><sch:value-of select="../@id"/> - the recurse behavior MUST not be used when a pattern match is used with a path entity.</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="filename" type="oval-def:EntityObjectStringType" nillable="true"> <xsd:annotation> <xsd:documentation>The filename element specifies the name of a file to evaluate. If the xsi:nil attribute is set to true, then the object being specified is the higher level directory object (not all the files in the directory). In this case, the filename element should not be used during collection and would result in the unique set of items being the directories themselves. For example, one would set xsi:nil to true if the desire was to test the attributes or permissions associated with a directory. Setting xsi:nil equal to true is different than using a .* pattern match, which says to collect every file under a given path.</xsd:documentation> <xsd:appinfo> <sch:pattern id="unix-def_file_objectfilename"> <sch:rule context="unix-def:file_object/unix-def:filename"> <sch:assert test="(@var_ref and .='') or (@xsi:nil='1' or @xsi:nil='true') or not(.='') or (.='' and @operation = 'pattern match')"><sch:value-of select="../@id"/> - filename entity cannot be empty unless the xsi:nil attribute is set to true or a var_ref is used</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:choice> <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="file_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The file_state element defines the different metadata associate with a UNIX file. This includes the path, filename, type, group id, user id, size, etc. In addition, the permission associated with the file are also included. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="filepath" type="oval-def:EntityStateStringType" minOccurs="0"> <xsd:annotation> <xsd:documentation>The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="path" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The path element specifies the directory component of the absolute path to a file on the machine.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="filename" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The name of the file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="type" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the file's type: regular file (regular), directory, named pipe (fifo), symbolic link, socket or block special.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="group_id" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The group_id entity represents the group owner of a file, by group number.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="user_id" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The numeric user id, or uid, is the third column of each user's entry in /etc/passwd. This element represents the owner of the file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="a_time" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the time that the file was last accessed, in seconds since the Unix epoch. The Unix epoch is the time 00:00:00 UTC on January 1, 1970.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="c_time" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the time of the last change to the file's inode, in seconds since the Unix epoch. The Unix epoch is the time 00:00:00 UTC on January 1, 1970. An inode is a Unix data structure that stores all of the information about a particular file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="m_time" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the time of the last change to the file's contents, in seconds since the Unix epoch. The Unix epoch is the time 00:00:00 UTC on January 1, 1970.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="size" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the size of the file in bytes.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="suid" type="oval-def:EntityStateBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Does the program run with the uid (thus privileges) of the file's owner, rather than the calling user?</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="sgid" type="oval-def:EntityStateBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Does the program run with the gid (thus privileges) of the file's group owner, rather than the calling user's group?</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="sticky" type="oval-def:EntityStateBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Can users delete each other's files in this directory, when said directory is writable by those users?</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="uread" type="oval-def:EntityStateBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Can the owner (user owner) of the file read this file or, if a directory, read the directory contents?</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="uwrite" type="oval-def:EntityStateBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Can the owner (user owner) of the file write to this file or, if a directory, write to the directory?</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="uexec" type="oval-def:EntityStateBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Can the owner (user owner) of the file execute it or, if a directory, change into the directory?</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="gread" type="oval-def:EntityStateBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Can the group owner of the file read this file or, if a directory, read the directory contents?</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="gwrite" type="oval-def:EntityStateBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Can the group owner of the file write to this file or, if a directory, write to the directory?</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="gexec" type="oval-def:EntityStateBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Can the group owner of the file execute it or, if a directory, change into the directory?</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="oread" type="oval-def:EntityStateBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Can all other users read this file or, if a directory, read the directory contents?</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="owrite" type="oval-def:EntityStateBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Can the other users write to this file or, if a directory, write to the directory?</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="oexec" type="oval-def:EntityStateBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Can the other users execute this file or, if a directory, change into the directory?</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="has_extended_acl" type="oval-def:EntityStateBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Does the file or directory have ACL permissions applied to it? If the file or directory doesn't have an ACL, or it matches the standard UNIX permissions, the value will be 'false'. Otherwise, if a file or directory has an ACL, the value will be 'true'.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:complexType name="FileBehaviors"> <xsd:annotation> <xsd:documentation>The FileBehaviors complex type defines a number of behaviors that allow a more detailed definition of the file_object being specified. Note that using these behaviors may result in some unique results. For example, a double negative type condition might be created where an object entity says include everything except a specific item, but a behavior is used that might then add that item back in.</xsd:documentation> <xsd:documentation>It is important to note that the 'max_depth' and 'recurse_direction' attributes of the 'behaviors' element do not apply to the 'filepath' element, only to the 'path' and 'filename' elements. This is because the 'filepath' element represents an absolute path to a particular file and it is not possible to recurse over a file.</xsd:documentation> </xsd:annotation> <xsd:attribute name="max_depth" use="optional" default="-1"> <xsd:annotation> <xsd:documentation>'max_depth' defines the maximum depth of recursion to perform when a recurse_direction is specified. A value of '0' is equivalent to no recursion, '1' means to step only one directory level up/down, and so on. The default value is '-1' meaning no limitation. For a 'max_depth' of -1 or any value of 1 or more the starting directory must be considered in the recursive search.</xsd:documentation> <xsd:documentation>Note that the default recurse_direction behavior is 'none' so even though max_depth specifies no limitation by default, the recurse_direction behavior turns recursion off.</xsd:documentation> <xsd:documentation>Note that this behavior only applies with the equality operation on the path entity.</xsd:documentation> </xsd:annotation> <xsd:simpleType> <xsd:restriction base="xsd:integer"> <xsd:fractionDigits value="0"/> <xsd:minInclusive value="-1"/> </xsd:restriction> </xsd:simpleType> </xsd:attribute> <xsd:attribute name="recurse" use="optional" default="symlinks and directories"> <xsd:annotation> <xsd:documentation>'recurse' defines how to recurse into the path entity, in other words what to follow during recursion. Options include symlinks, directories, or both. Note that a max-depth other than 0 has to be specified for recursion to take place and for this attribute to mean anything.</xsd:documentation> <xsd:documentation>Note that this behavior only applies with the equality operation on the path entity.</xsd:documentation> <xsd:appinfo> <sch:pattern id="unix-def_recurse_value_file_dep"> <sch:rule context="oval-def:oval_definitions/oval-def:objects/unix-def:file_object/unix-def:behaviors"> <sch:report test="@recurse='files'">DEPRECATED ATTRIBUTE VALUE IN: <sch:value-of select="name()"/> ATTRIBUTE VALUE: <sch:value-of select="@recurse"/></sch:report> <sch:report test="@recurse='files and directories'">DEPRECATED ATTRIBUTE VALUE IN: <sch:value-of select="name()"/> ATTRIBUTE VALUE: <sch:value-of select="@recurse"/></sch:report> <sch:report test="@recurse='none'"> DEPRECATED ATTRIBUTE VALUE IN: <sch:value-of select="name()"/> ATTRIBUTE VALUE: <sch:value-of select="@recurse"/></sch:report> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:simpleType> <xsd:restriction base="xsd:string"> <xsd:enumeration value="none"> <xsd:annotation> <xsd:appinfo> <oval:deprecated_info> <oval:version>5.4</oval:version> <oval:reason>The values 'files', 'files and directories', and 'none' are being removed because it is not possible to recurse files and the value 'none' was intended to mean no recursion, however, this is already covered by the recurse_direction attribute.</oval:reason> <oval:comment>These values have been deprecated and will be removed in version 6.0 of the language.</oval:comment> </oval:deprecated_info> </xsd:appinfo> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="files"> <xsd:annotation> <xsd:appinfo> <oval:deprecated_info> <oval:version>5.4</oval:version> <oval:reason>The values 'files', 'files and directories', and 'none' are being removed because it is not possible to recurse files and the value 'none' was intended to mean no recursion, however, this is already covered by the recurse_direction attribute.</oval:reason> <oval:comment>These values have been deprecated and will be removed in version 6.0 of the language.</oval:comment> </oval:deprecated_info> </xsd:appinfo> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="directories"/> <xsd:enumeration value="files and directories"> <xsd:annotation> <xsd:appinfo> <oval:deprecated_info> <oval:version>5.4</oval:version> <oval:reason>The values 'files', 'files and directories', and 'none' are being removed because it is not possible to recurse files and the value 'none' was intended to mean no recursion, however, this is already covered by the recurse_direction attribute.</oval:reason> <oval:comment>These values have been deprecated and will be removed in version 6.0 of the language.</oval:comment> </oval:deprecated_info> </xsd:appinfo> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="symlinks"/> <xsd:enumeration value="symlinks and directories"/> </xsd:restriction> </xsd:simpleType> </xsd:attribute> <xsd:attribute name="recurse_direction" use="optional" default="none"> <xsd:annotation> <xsd:documentation>'recurse_direction' defines the direction to recurse, either 'up' to parent directories, or 'down' into child directories. The default value is 'none' for no recursion.</xsd:documentation> <xsd:documentation>Note that this behavior only applies with the equality operation on the path entity.</xsd:documentation> </xsd:annotation> <xsd:simpleType> <xsd:restriction base="xsd:string"> <xsd:enumeration value="none"/> <xsd:enumeration value="up"/> <xsd:enumeration value="down"/> </xsd:restriction> </xsd:simpleType> </xsd:attribute> <xsd:attribute name="recurse_file_system" use="optional" default="all"> <xsd:annotation> <xsd:documentation>'recurse_file_system' defines the file system limitation of any searching and applies to all operations as specified on the path or filepath entity. The value of 'local' limits the search scope to local file systems (as opposed to file systems mounted from an external system). The value of 'defined' keeps any recursion within the file system that the file_object (path+filename or filepath) has specified. For example, if the path specified was "/", you would search only the filesystem mounted there, not other filesystems mounted to descendant paths. The value of 'defined' only applies when an equality operation is used for searching because the path or filepath entity must explicitly define a file system. The default value is 'all' meaning to search all available file systems for data collection.</xsd:documentation> <xsd:documentation>Note that in most cases it is recommended that the value of 'local' be used to ensure that file system searching is limited to only the local file systems. Searching 'all' file systems may have performance implications.</xsd:documentation> </xsd:annotation> <xsd:simpleType> <xsd:restriction base="xsd:string"> <xsd:enumeration value="all"/> <xsd:enumeration value="local"/> <xsd:enumeration value="defined"/> </xsd:restriction> </xsd:simpleType> </xsd:attribute> </xsd:complexType> <!-- ================================================================================ --> <!-- ========================== FILE EXTENDED ATTRIBUTE TEST ====================== --> <!-- ================================================================================ --> <xsd:element name="fileextendedattribute_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>The file extended attribute test is used to check extended attribute values associated with UNIX files, of the sort returned by the getfattr command or getxattr() system call. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a fileextendedattribute_object and the optional state element specifies the extended attributes to check.</xsd:documentation> <xsd:documentation>NOTE: Solaris has a very different implementation of "extended attributes" in which the attributes are really an orthogonal directory hierarchy of files. See the Solaris documentation for more details. The file extended attribute test only handles simple name/value pairs as implemented by most other UNIX derived operating systems.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>fileextendedattribute_test</oval:test> <oval:object>fileextendedattribute_object</oval:object> <oval:state>fileextendedattribute_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#unix">fileextendedattribute_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="unix-def_file_ea_tst"> <sch:rule context="unix-def:filextendedattribute_test/unix-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/unix-def:fileextendedattribute_object/@id"><sch:value-of select="../@id"/> - the object child element of a fileextendedattribute_test must reference a fileextendedattribute_object</sch:assert> </sch:rule> <sch:rule context="unix-def:fileextendedattribute_test/unix-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/unix-def:fileextendedattribute_state/@id"><sch:value-of select="../@id"/> - the state child element of a fileextendedattribute_test must reference a fileextendedattribute_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType" /> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="fileextendedattribute_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The fileextendedattribute_object element is used by a file extended attribute test to define the specific file(s) and attribute(s) to be evaluated. The fileextendedattribute_object will collect all UNIX file types (directory, regular file, character device, block device, fifo, symbolic link, and socket). Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation> <xsd:documentation>A file extended attribute object defines the path, filename and attribute name. In addition, a number of behaviors may be provided that help guide the collection of objects. Please refer to the FileExtendedAttributeBehaviors complex type for more information about specific behaviors.</xsd:documentation> <xsd:documentation>The set of files to be evaluated may be identified with either a complete filepath or a path and filename. Only one of these options may be selected.</xsd:documentation> <xsd:documentation>It is important to note that the 'max_depth' and 'recurse_direction' attributes of the 'behaviors' element do not apply to the 'filepath' element, only to the 'path' and 'filename' elements. This is because the 'filepath' element represents an absolute path to a particular file and it is not possible to recurse over a file.</xsd:documentation> <xsd:appinfo> <sch:pattern id="unix-def_fileextendedattribute_object_verify_filter_state"> <sch:rule context="unix-def:fileextendedattribute_object//oval-def:filter"> <sch:let name="parent_object" value="ancestor::unix-def:fileextendedattribute_object"/> <sch:let name="parent_object_id" value="$parent_object/@id"/> <sch:let name="state_ref" value="."/> <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/> <sch:let name="state_name" value="local-name($reffed_state)"/> <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/> <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#unix') and ($state_name='fileextendedattribute_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type. </sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set"/> <xsd:sequence> <xsd:element name="behaviors" type="unix-def:FileBehaviors" minOccurs="0" maxOccurs="1"/> <xsd:choice> <xsd:element name="filepath" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.</xsd:documentation> <xsd:appinfo> <sch:pattern id="unix-def_file_ea_objfilepath"> <sch:rule context="unix-def:fileextendedattribute_object/unix-def:filepath"> <sch:assert test="not(preceding-sibling::unix-def:behaviors[@max_depth or @recurse or @recurse_direction])"><sch:value-of select="../@id"/> - the max_depth, recurse, and recurse_direction behaviors are not allowed with a filepath entity</sch:assert> </sch:rule> </sch:pattern> <sch:pattern id="unix-def_file_ea_objfilepath2"> <sch:rule context="unix-def:fileextendedattribute_object/unix-def:filepath[not(@operation='equals' or not(@operation))]"> <sch:assert test="not(preceding-sibling::unix-def:behaviors[@recurse_file_system='defined'])"><sch:value-of select="../@id"/> - the recurse_file_system behavior MUST not be set to 'defined' when a pattern match is used with a filepath entity.</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:sequence> <xsd:element name="path" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The path element specifies the directory component of the absolute path to a file on the machine.</xsd:documentation> <xsd:appinfo> <sch:pattern id="unix-def_file_ea_objpath"> <sch:rule context="unix-def:fileextendedattribute_object/unix-def:path[not(@operation='equals' or not(@operation))]"> <sch:assert test="not(preceding-sibling::unix-def:behaviors[@recurse_file_system='defined'])"><sch:value-of select="../@id"/> - the recurse_file_system behavior MUST not be set to 'defined' when a pattern match is used with a path entity.</sch:assert> <sch:assert test="not(preceding-sibling::unix-def:behaviors[@max_depth])"><sch:value-of select="../@id"/> - the max_depth behavior MUST not be used when a pattern match is used with a path entity.</sch:assert> <sch:assert test="not(preceding-sibling::unix-def:behaviors[@recurse_direction])"><sch:value-of select="../@id"/> - the recurse_direction behavior MUST not be used when a pattern match is used with a path entity.</sch:assert> <sch:assert test="not(preceding-sibling::unix-def:behaviors[@recurse])"><sch:value-of select="../@id"/> - the recurse behavior MUST not be used when a pattern match is used with a path entity.</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="filename" type="oval-def:EntityObjectStringType" nillable="true"> <xsd:annotation> <xsd:documentation>The filename element specifies the name of a file to evaluate. If the xsi:nil attribute is set to true, then the object being specified is the higher level directory object (not all the files in the directory). In this case, the filename element should not be used during collection and would result in the unique set of items being the directories themselves. For example, one would set xsi:nil to true if the desire was to test the attributes associated with a directory. Setting xsi:nil equal to true is different than using a .* pattern match, which says to collect every file under a given path.</xsd:documentation> <xsd:appinfo> <sch:pattern id="unix-def_fileextendedattribute_objectfilename"> <sch:rule context="unix-def:fileextendedattribute_object/unix-def:filename"> <sch:assert test="(@var_ref and .='') or ((@xsi:nil='1' or @xsi:nil='true') and .='') or not(.='') or (.='' and @operation = 'pattern match')"><sch:value-of select="../@id"/> - filename entity cannot be empty unless the xsi:nil attribute is set to true or a var_ref is used</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:choice> <xsd:element name="attribute_name" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The attribute_name element specifies the name of an extended attribute to evaluate.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="fileextendedattribute_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The fileextendedattribute_state element defines an extended attribute associated with a UNIX file. This includes the path, filename, attribute name, and attribute value.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="filepath" type="oval-def:EntityStateStringType" minOccurs="0"> <xsd:annotation> <xsd:documentation>The filepath element specifies the absolute path for a file on the machine. A directory can be specified as a filepath.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="path" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The path element specifies the directory component of the absolute path to a file on the machine.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="filename" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The name of the file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="attribute_name" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the extended attribute's name, identifier or key.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="value" type="oval-def:EntityStateAnySimpleType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The value entity represents the extended attribute's value or contents. To test for an attribute with no value assigned to it, this entity would be used with an empty value.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ================================= GCONF TEST ================================ --> <!-- =============================================================================== --> <xsd:element name="gconf_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>The gconf_test is used to check the attributes and value(s) associated with GConf preference keys. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a gconf_object and the optional gconf_state element specifies the data to check.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>gconf_test</oval:test> <oval:object>gconf_object</oval:object> <oval:state>gconf_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#unix">gconf_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="unix-def_gconf_test"> <sch:rule context="unix-def:gconf_test/unix-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/unix-def:gconf_object/@id"><sch:value-of select="../@id"/> - the object child element of a gconf_test must reference an gconf_object</sch:assert> </sch:rule> <sch:rule context="unix-def:gconf_test/unix-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/unix-def:gconf_state/@id"><sch:value-of select="../@id"/> - the state child element of a gconf_test must reference an gconf_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType" /> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="gconf_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The gconf_object element is used by a gconf_test to define the preference keys to collect and the sources from which to collect the preference keys. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation> <xsd:appinfo> <sch:pattern id="unix-def_gconf_object_verify_filter_state"> <sch:rule context="unix-def:gconf_object//oval-def:filter"> <sch:let name="parent_object" value="ancestor::unix-def:gconf_object"/> <sch:let name="parent_object_id" value="$parent_object/@id"/> <sch:let name="state_ref" value="."/> <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/> <sch:let name="state_name" value="local-name($reffed_state)"/> <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/> <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#unix') and ($state_name='gconf_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type. </sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set"/> <xsd:sequence> <xsd:element name="key" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>This is the preference key to check.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="source" type="oval-def:EntityObjectStringType" nillable="true"> <xsd:annotation> <xsd:documentation>The source element specifies the source from which to collect the preference key. The source is represented by the absolute path to a GConf XML file as XML is the current backend for GConf. Note that other backends may become available in the future. If the xsi:nil attribute is set to 'true', the preference key is looked up using the GConf daemon. Otherwise, the preference key is looked up using the values specified in this entity.</xsd:documentation> <xsd:appinfo> <sch:pattern id="unix-def_gconfobjsource"> <sch:rule context="unix-def:gconf_object/unix-def:source"> <sch:assert test="not(@operation) or @operation='equals'"> <sch:value-of select="../@id"/> - operation attribute for the source entity of a gconf_object should be 'equals' </sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="gconf_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The gconf_state element defines the different information that can be used to evaluate the specified GConf preference key. This includes the preference key, source, type, whether it's writable, the user who last modified it, the time it was last modified, whether it's the default value, as well as the preference key's value. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="key" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The preference key to check.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="source" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The source used to look up the preference key.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="type" type="unix-def:EntityStateGconfTypeType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The type of the preference key.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="is_writable" type="oval-def:EntityStateBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Is the preference key writable? If true, the preference key is writable. If false, the preference key is not writable.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="mod_user" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The user who last modified the preference key.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="mod_time" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The time the preference key was last modified in seconds since the Unix epoch. The Unix epoch is the time 00:00:00 UTC on January 1, 1970.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="is_default" type="oval-def:EntityStateBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Is the preference key value the default value. If true, the preference key value is the default value. If false, the preference key value is not the default value.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="value" type="oval-def:EntityStateAnySimpleType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The value of the preference key.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ================================ INETD TEST ================================= --> <!-- =============================================================================== --> <xsd:element name="inetd_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>The inetd test is used to check information associated with different Internet services. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an inetd_object and the optional state element specifies the information to check.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>inetd_test</oval:test> <oval:object>inetd_object</oval:object> <oval:state>inetd_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#unix">inetd_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="unix-def_inetdtst"> <sch:rule context="unix-def:inetd_test/unix-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/unix-def:inetd_object/@id"><sch:value-of select="../@id"/> - the object child element of an inetd_test must reference an inetd_object</sch:assert> </sch:rule> <sch:rule context="unix-def:inetd_test/unix-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/unix-def:inetd_state/@id"><sch:value-of select="../@id"/> - the state child element of an inetd_test must reference an inetd_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType" /> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="inetd_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The inetd_object element is used by an inetd test to define the specific protocol-service to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation> <xsd:documentation>An inetd object consists of a protocol entity and a service_name entity that identifies the specific service to be tested.</xsd:documentation> <xsd:appinfo> <sch:pattern id="unix-def_inetd_object_verify_filter_state"> <sch:rule context="unix-def:inetd_object//oval-def:filter"> <sch:let name="parent_object" value="ancestor::unix-def:inetd_object"/> <sch:let name="parent_object_id" value="$parent_object/@id"/> <sch:let name="state_ref" value="."/> <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/> <sch:let name="state_name" value="local-name($reffed_state)"/> <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/> <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#unix') and ($state_name='inetd_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type. </sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set"/> <xsd:sequence> <xsd:element name="protocol" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>A recognized protocol listed in the file /etc/inet/protocols.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="service_name" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The name of a valid service listed in the services file. For RPC services, the value of the service-name field consists of the RPC service name or program number, followed by a '/' (slash) and either a version number or a range of version numbers (for example, rstatd/2-4).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="inetd_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The inetd_state element defines the different information associated with a specific Internet service. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="protocol" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>A recognized protocol listed in the file /etc/inet/protocols.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="service_name" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The name of a valid service listed in the services file. For RPC services, the value of the service-name field consists of the RPC service name or program number, followed by a '/' (slash) and either a version number or a range of version numbers (for example, rstatd/2-4).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="server_program" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Either the pathname of a server program to be invoked by inetd to perform the requested service, or the value internal if inetd itself provides the service.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="server_arguments" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The arguments for running the service. These are either passed to the server program invoked by inetd, or used to configure a service provided by inetd. In the case of server programs, the arguments shall begin with argv[0], which is typically the name of the program. In the case of a service provided by inted, the first argument shall be the word "internal".</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="endpoint_type" type="unix-def:EntityStateEndpointType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The endpoint type (aka, socket type) associated with the service.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="exec_as_user" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The user id of the user the server program should run under. (This allows for running with less permission than root.)</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="wait_status" type="unix-def:EntityStateWaitStatusType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This field has values wait or nowait. This entry specifies whether the server that is invoked by inetd will take over the listening socket associated with the service, and whether once launched, inetd will wait for that server to exit, if ever, before it resumes listening for new service requests.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ============================== INTERFACE TEST =============================== --> <!-- =============================================================================== --> <xsd:element name="interface_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>The interface test enumerates various attributes about the interfaces on a system. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an interface_object and the optional state element specifies the interface information to check.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>interface_test</oval:test> <oval:object>interface_object</oval:object> <oval:state>interface_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#unix">interface_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="unix-def_interfacetst"> <sch:rule context="unix-def:interface_test/unix-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/unix-def:interface_object/@id"><sch:value-of select="../@id"/> - the object child element of an interface_test must reference an interface_object</sch:assert> </sch:rule> <sch:rule context="unix-def:interface_test/unix-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/unix-def:interface_state/@id"><sch:value-of select="../@id"/> - the state child element of an interface_test must reference an interface_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType" /> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="interface_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The interface_object element is used by an interface test to define the specific interfaces(s) to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation> <xsd:documentation>An interface object consists of a single name entity that identifies which interface is being specified.</xsd:documentation> <xsd:appinfo> <sch:pattern id="unix-def_interface_object_verify_filter_state"> <sch:rule context="unix-def:interface_object//oval-def:filter"> <sch:let name="parent_object" value="ancestor::unix-def:interface_object"/> <sch:let name="parent_object_id" value="$parent_object/@id"/> <sch:let name="state_ref" value="."/> <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/> <sch:let name="state_name" value="local-name($reffed_state)"/> <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/> <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#unix') and ($state_name='interface_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type. </sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set"/> <xsd:sequence> <xsd:element name="name" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The name element is the interface (eth0, eth1, fw0, etc.) name to check.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="interface_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The interface_state element enumerates the different properties associate with a Unix interface. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="name" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The name element is the interface (eth0, eth1, fw0, etc.) name to check.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="type" type="unix-def:EntityStateInterfaceType" minOccurs="0"> <xsd:annotation> <xsd:documentation>The type element specifies the type of interface.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="hardware_addr" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The hardware_addr element is the hardware or MAC address of the physical network card. MAC addresses should be formatted according to the IEEE 802-2001 standard which states that a MAC address is a sequence of six octet values, separated by hyphens, where each octet is represented by two hexadecimal digits. Uppercase letters should also be used to represent the hexadecimal digits A through F.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="inet_addr" type="oval-def:EntityStateIPAddressStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the IP address of the interface. Note that the IP address can be IPv4 or IPv6. If the IP address is an IPv6 address, this entity will be expressed as an IPv6 address prefix using CIDR notation and the netmask entity will not be collected.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="broadcast_addr" type="oval-def:EntityStateIPAddressStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the broadcast IP address for this interface's network. Note that the IP address can be IPv4 or IPv6.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="netmask" type="oval-def:EntityStateIPAddressStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the bitmask used to calculate the interface's IP network. The network number is calculated by bitwise-ANDing this with the IP address. The host number on that network is calculated by bitwise-XORing this with the IP address. Note that if the inet_addr entity contains an IPv6 address prefix, this entity will not be collected.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="flag" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The flag entity represents the interface flag line, which generally contains flags like "UP" to denote an active interface, "PROMISC" to note that the interface is listening for Ethernet frames not specifically addressed to it, and others. This element can be included multiple times in a system characteristic item in order to record a multitude of flags. Note that the entity_check attribute associated with EntityStateStringType guides the evaluation of entities like this that refer to items that can occur an unbounded number of times.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ============================== PASSWORD TEST ================================ --> <!-- =============================================================================== --> <xsd:element name="password_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>/etc/passwd. See passwd(4).</xsd:documentation> <xsd:documentation>The password test is used to check metadata associated with the UNIX password file, of the sort returned by the passwd command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a password_object and the optional state element specifies the metadata to check.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>password_test</oval:test> <oval:object>password_object</oval:object> <oval:state>password_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#unix">password_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="unix-def_passwordtst"> <sch:rule context="unix-def:password_test/unix-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/unix-def:password_object/@id"><sch:value-of select="../@id"/> - the object child element of a password_test must reference a password_object</sch:assert> </sch:rule> <sch:rule context="unix-def:password_test/unix-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/unix-def:password_state/@id"><sch:value-of select="../@id"/> - the state child element of a password_test must reference a password_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType" /> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="password_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The password_object element is used by a password test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation> <xsd:documentation>A password object consists of a single username entity that identifies the user(s) whose password is to be evaluated.</xsd:documentation> <xsd:appinfo> <sch:pattern id="unix-def_password_object_verify_filter_state"> <sch:rule context="unix-def:password_object//oval-def:filter"> <sch:let name="parent_object" value="ancestor::unix-def:password_object"/> <sch:let name="parent_object_id" value="$parent_object/@id"/> <sch:let name="state_ref" value="."/> <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/> <sch:let name="state_name" value="local-name($reffed_state)"/> <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/> <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#unix') and ($state_name='password_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type. </sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set"/> <xsd:sequence> <xsd:element name="username" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The user(s) account whose password is to be evaluated.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="password_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The password_state element defines the different information associated with the system passwords. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation> <xsd:documentation>See documentation on /etc/passwd for more details on the fields.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="username" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The UNIX account name.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="password" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the encrypted version of the user's password.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="user_id" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The numeric user id, or uid, is the third column of each user's entry in /etc/passwd.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="group_id" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The id of the primary UNIX group the user belongs to.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="gcos" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The GECOS (or GCOS) field from /etc/passwd; typically contains the user's full name.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="home_dir" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The user's home directory.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="login_shell" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The user's shell program.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="last_login" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The date and time when the last login occurred. This value is stored as the number of seconds that have elapsed since 00:00:00, January 1, 1970, UTC.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- =============================== PROCESS TEST ================================ --> <!-- =============================================================================== --> <xsd:element name="process_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>The process test is used to check information found in the UNIX processes. It is equivalent to parsing the output of the ps command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a process_object and the optional state element specifies the process information to check.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>process_test</oval:test> <oval:object>process_object</oval:object> <oval:state>process_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#unix">process_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <oval:deprecated_info> <oval:version>5.8</oval:version> <oval:reason>The process_test has been deprecated and replaced by the process58_test. The command line of a process cannot be used to uniquely identify a process. As a result, the pid entity was added to the process58_object. Please see the process58_test for additional information.</oval:reason> </oval:deprecated_info> <sch:pattern id="unix-def_processtst_dep"> <sch:rule context="unix-def:process_test"> <sch:report test="true()">DEPRECATED TEST: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report> </sch:rule> </sch:pattern> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="unix-def_processtst"> <sch:rule context="unix-def:process_test/unix-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/unix-def:process_object/@id"><sch:value-of select="../@id"/> - the object child element of a process_test must reference a process_object</sch:assert> </sch:rule> <sch:rule context="unix-def:process_test/unix-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/unix-def:process_state/@id"><sch:value-of select="../@id"/> - the state child element of a process_test must reference a process_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType" /> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="process_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The process_object element is used by a process test to define the specific process(es) to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation> <xsd:documentation>A process object defines the command line used to start the process(es).</xsd:documentation> <xsd:appinfo> <oval:deprecated_info> <oval:version>5.8</oval:version> <oval:reason>The process_object has been deprecated and replaced by the process58_object. The command line of a process cannot be used to uniquely identify a process. As a result, the pid entity was added to the process58_object. Please see the process58_object for additional information.</oval:reason> </oval:deprecated_info> <sch:pattern id="unix-def_processobj_dep"> <sch:rule context="unix-def:process_object"> <sch:report test="true()">DEPRECATED OBJECT: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set"/> <xsd:element name="command" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The command element specifies the command/program name to check.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="process_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The process_state element defines the different metadata associated with a UNIX process. This includes the command line, pid, ppid, priority, and user id. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation> <xsd:appinfo> <oval:deprecated_info> <oval:version>5.8</oval:version> <oval:reason>The process_state has been deprecated and replaced by the process58_state. The command line of a process cannot be used to uniquely identify a process. As a result, the pid entity was added to the process58_object. Please see the process58_state for additional information.</oval:reason> </oval:deprecated_info> <sch:pattern id="unix-def_processste_dep"> <sch:rule context="unix-def:process_state"> <sch:report test="true()">DEPRECATED STATE: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="command" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The command element specifies the command/program name to check.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="exec_time" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the cumulative CPU time, formatted in [DD-]HH:MM:SS where DD is the number of days when execution time is 24 hours or more.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="pid" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the process ID of the process.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="ppid" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the process ID of the process's parent process.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="priority" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the scheduling priority with which the process runs. This can be adjusted with the nice command or nice() system call.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="ruid" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the real user id which represents the user who has created the process.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="scheduling_class" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>A platform specific characteristic maintained by the scheduler: RT (real-time), TS (timeshare), FF (fifo), SYS (system), etc.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="start_time" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the time of day the process started formatted in HH:MM:SS if the same day the process started or formatted as MMM_DD (Ex.: Feb_5) if process started the previous day or further in the past.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="tty" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the TTY on which the process was started, if applicable.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="user_id" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the effective user id which represents the actual privileges of the process.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ============================ PROCESS TEST (58) ============================== --> <!-- =============================================================================== --> <xsd:element name="process58_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>The process58_test is used to check information found in the UNIX processes. It is equivalent to parsing the output of the ps command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a process58_object and the optional state element references a process58_state that specifies the process information to check.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>process58_test</oval:test> <oval:object>process58_object</oval:object> <oval:state>process58_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#unix">process58_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="unix-def_process58tst"> <sch:rule context="unix-def:process58_test/unix-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/unix-def:process58_object/@id"><sch:value-of select="../@id"/> - the object child element of a process58_test must reference a process58_object</sch:assert> </sch:rule> <sch:rule context="unix-def:process58_test/unix-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/unix-def:process58_state/@id"><sch:value-of select="../@id"/> - the state child element of a process58_test must reference a process58_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType" /> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="process58_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The process58_object element is used by a process58_test to define the specific process(es) to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation> <xsd:documentation>A process58_object defines the command line used to start the process(es) and pid.</xsd:documentation> <xsd:appinfo> <sch:pattern id="unix-def_process58_object_verify_filter_state"> <sch:rule context="unix-def:process58_object//oval-def:filter"> <sch:let name="parent_object" value="ancestor::unix-def:process58_object"/> <sch:let name="parent_object_id" value="$parent_object/@id"/> <sch:let name="state_ref" value="."/> <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/> <sch:let name="state_name" value="local-name($reffed_state)"/> <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/> <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#unix') and ($state_name='process58_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type. </sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set"/> <xsd:sequence> <xsd:element name="command_line" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The command_line entity is the string used to start the process. This includes any parameters that are part of the command line.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="pid" type="oval-def:EntityObjectIntType"> <xsd:annotation> <xsd:documentation>The pid entity is the process ID of the process.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="process58_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The process58_state element defines the different metadata associated with a UNIX process. This includes the command line, pid, ppid, priority, and user id. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="command_line" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the string used to start the process. This includes any parameters that are part of the command line.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="exec_time" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the cumulative CPU time, formatted in [DD-]HH:MM:SS where DD is the number of days when execution time is 24 hours or more.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="pid" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the process ID of the process.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="ppid" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the process ID of the process's parent process.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="priority" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the scheduling priority with which the process runs. This can be adjusted with the nice command or nice() system call.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="ruid" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the real user id which represents the user who has created the process.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="scheduling_class" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>A platform specific characteristic maintained by the scheduler: RT (real-time), TS (timeshare), FF (fifo), SYS (system), etc.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="start_time" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the time of day the process started formatted in HH:MM:SS if the same day the process started or formatted as MMM_DD (Ex.: Feb_5) if process started the previous day or further in the past.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="tty" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the TTY on which the process was started, if applicable.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="user_id" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the effective user id which represents the actual privileges of the process.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="exec_shield" type="oval-def:EntityStateBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>A boolean that when true would indicates that ExecShield is enabled for the process.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="loginuid" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The loginuid shows which account a user gained access to the system with. The /proc/XXXX/loginuid shows this value.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="posix_capability" type="unix-def:EntityStateCapabilityType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>An effective capability associated with the process. See linux/include/linux/capability.h for more information.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="selinux_domain_label" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>An selinux domain label associated with the process.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="session_id" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The session ID of the process.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ============================= ROUTING TABLE TEST ============================ --> <!-- =============================================================================== --> <xsd:element name="routingtable_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>The routingtable_test is used to check information about the IPv4 and IPv6 routing table entries found in a system's primary routing table. It is important to note that only numerical addresses will be collected and that their symbolic representations will not be resolved. This equivalent to using the '-n' option with route(8) or netstat(8). It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a routingtable_object and the optional routingtable_state element specifies the data to check.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>routingtable_test</oval:test> <oval:object>routingtable_object</oval:object> <oval:state>routingtable_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#unix">routingtable_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="unix-def_routingtable_test"> <sch:rule context="unix-def:routingtable_test/unix-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/unix-def:routingtable_object/@id"><sch:value-of select="../@id"/> - the object child element of a routingtable_test must reference an routingtable_object</sch:assert> </sch:rule> <sch:rule context="unix-def:routingtable_test/unix-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/unix-def:routingtable_state/@id"><sch:value-of select="../@id"/> - the state child element of a routingtable_test must reference an routingtable_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType" /> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="routingtable_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The routingtable_object element is used by a routingtable_test to define the destination IP address(es), found in a system's primary routing table, to collect. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation> <xsd:appinfo> <sch:pattern id="unix-def_routingtable_object_verify_filter_state"> <sch:rule context="unix-def:routingtable_object//oval-def:filter"> <sch:let name="parent_object" value="ancestor::unix-def:routingtable_object"/> <sch:let name="parent_object_id" value="$parent_object/@id"/> <sch:let name="state_ref" value="."/> <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/> <sch:let name="state_name" value="local-name($reffed_state)"/> <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/> <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#unix') and ($state_name='routingtable_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type. </sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set"/> <xsd:sequence> <xsd:element name="destination" type="oval-def:EntityObjectIPAddressType"> <xsd:annotation> <xsd:documentation>This is the destination IP address of the routing table entry to check.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="routingtable_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The routingtable_state element defines the different information that can be used to check an entry found in a system's primary routing table. This includes the destination IP address, gateway, netmask, flags, and the name of the interface associated with it. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="destination" type="oval-def:EntityStateIPAddressType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The destination IP address prefix of the routing table entry. This is the destination IP address and netmask/prefix-length expressed using CIDR notation.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="gateway" type="oval-def:EntityStateIPAddressType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The gateway of the specified routing table entry.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="flags" type="unix-def:EntityStateRoutingTableFlagsType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The flags associated with the specified routing table entry.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="interface_name" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The name of the interface associated with the routing table entry.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- =============================== RUNLEVEL TEST =============================== --> <!-- =============================================================================== --> <xsd:element name="runlevel_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>The runlevel test is used to check information about which runlevel specified services are scheduled to exist at. For more information see the output generated by a chkconfig --list. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a runlevel_object and the optional state element specifies the data to check.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>runlevel_test</oval:test> <oval:object>runlevel_object</oval:object> <oval:state>runlevel_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#unix">runlevel_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="unix-def_runleveltst"> <sch:rule context="unix-def:runlevel_test/unix-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/unix-def:runlevel_object/@id"><sch:value-of select="../@id"/> - the object child element of a runlevel_test must reference a runlevel_object</sch:assert> </sch:rule> <sch:rule context="unix-def:runlevel_test/unix-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/unix-def:runlevel_state/@id"><sch:value-of select="../@id"/> - the state child element of a runlevel_test must reference a runlevel_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType" /> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="runlevel_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The runlevel_object element is used by a runlevel_test to define the specific service(s)/runlevel combination to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation> <xsd:appinfo> <sch:pattern id="unix-def_runlevel_object_verify_filter_state"> <sch:rule context="unix-def:runlevel_object//oval-def:filter"> <sch:let name="parent_object" value="ancestor::unix-def:runlevel_object"/> <sch:let name="parent_object_id" value="$parent_object/@id"/> <sch:let name="state_ref" value="."/> <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/> <sch:let name="state_name" value="local-name($reffed_state)"/> <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/> <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#unix') and ($state_name='runlevel_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type. </sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set"/> <xsd:sequence> <xsd:element name="service_name" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The service_name entity refers to the name associated with a service. This name is usually the filename of the script file located in the /etc/init.d directory.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="runlevel" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The system runlevel to examine. A runlevel is defined as a software configuration of the system that allows only a selected group of processes to exist.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="runlevel_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The runlevel_state element holds information about whether a specific service is scheduled to start or stop at a given runlevel. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="service_name" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The service_name entity refers the name associated with a service. This name is usually the filename of the script file located in the /etc/init.d directory.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="runlevel" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The runlevel entity refers to the system runlevel associated with a service. A runlevel is defined as a software configuration of the system that allows only a selected group of processes to exist.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="start" type="oval-def:EntityStateBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The start entity determines if the process is scheduled to be spawned at the specified runlevel.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="kill" type="oval-def:EntityStateBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The kill entity determines if the process is supposed to be killed at the specified runlevel.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ================================= SCCS TEST ================================= --> <!-- =============================================================================== --> <xsd:element name="sccs_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation/> <xsd:appinfo> <oval:element_mapping> <oval:test>sccs_test</oval:test> <oval:object>sccs_object</oval:object> <oval:state>sccs_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#unix">sccs_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <oval:deprecated_info> <oval:version>5.10</oval:version> <oval:reason>The sccs_test has been deprecated because the Source Code Control System (SCCS) is obsolete. The sccs_test may be removed in a future version of the language.</oval:reason> </oval:deprecated_info> <sch:pattern id="unix-def_sccstst_dep"> <sch:rule context="unix-def:sccs_test"> <sch:report test="true()">DEPRECATED TEST: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report> </sch:rule> </sch:pattern> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="unix-def_sccstst"> <sch:rule context="unix-def:sccs_test/unix-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/unix-def:sccs_object/@id"><sch:value-of select="../@id"/> - the object child element of a sccs_test must reference a sccs_object</sch:assert> </sch:rule> <sch:rule context="unix-def:sccs_test/unix-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/unix-def:sccs_state/@id"><sch:value-of select="../@id"/> - the state child element of a sccs_test must reference a sccs_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType" /> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="sccs_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The set of files to be evaluated may be identified with either a complete filepath or a path and filename. Only one of these options may be selected.</xsd:documentation> <xsd:documentation>It is important to note that the 'max_depth' and 'recurse_direction' attributes of the 'behaviors' element do not apply to the 'filepath' element, only to the 'path' and 'filename' elements. This is because the 'filepath' element represents an absolute path to a particular file and it is not possible to recurse over a file.</xsd:documentation> <xsd:appinfo> <oval:deprecated_info> <oval:version>5.10</oval:version> <oval:reason>The sccs_object has been deprecated because the Source Code Control System (SCCS) is obsolete. The sccs_object may be removed in a future version of the language.</oval:reason> </oval:deprecated_info> <sch:pattern id="unix-def_sccsobj_dep"> <sch:rule context="unix-def:sccs_object"> <sch:report test="true()">DEPRECATED OBJECT: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report> </sch:rule> </sch:pattern> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="unix-def_sccs_object_verify_filter_state"> <sch:rule context="unix-def:sccs_object//oval-def:filter"> <sch:let name="parent_object" value="ancestor::unix-def:sccs_object"/> <sch:let name="parent_object_id" value="$parent_object/@id"/> <sch:let name="state_ref" value="."/> <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/> <sch:let name="state_name" value="local-name($reffed_state)"/> <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/> <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#unix') and ($state_name='sccs_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type. </sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set"/> <xsd:sequence> <xsd:element name="behaviors" type="unix-def:FileBehaviors" minOccurs="0" maxOccurs="1"/> <xsd:choice> <xsd:element name="filepath" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.</xsd:documentation> <xsd:appinfo> <sch:pattern id="unix-def_sccsobjfilepath"> <sch:rule context="unix-def:sccs_object/unix-def:filepath"> <sch:assert test="not(preceding-sibling::unix-def:behaviors[@max_depth or @recurse or @recurse_direction])"><sch:value-of select="../@id"/> - the max_depth, recurse, and recurse_direction behaviors are not allowed with a filepath entity</sch:assert> </sch:rule> </sch:pattern> <sch:pattern id="unix-def_sccsobjfilepath2"> <sch:rule context="unix-def:sccs_object/unix-def:filepath[not(@operation='equals' or not(@operation))]"> <sch:assert test="not(preceding-sibling::unix-def:behaviors[@recurse_file_system='defined'])"><sch:value-of select="../@id"/> - the recurse_file_system behavior MUST not be set to 'defined' when a pattern match is used with a filepath entity.</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:sequence> <xsd:element name="path" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The path element specifies the directory component of the absolute path to an SCCS file.</xsd:documentation> <xsd:appinfo> <sch:pattern id="unix-def_sccsobjpath"> <sch:rule context="unix-def:sccs_object/unix-def:path[not(@operation='equals' or not(@operation))]"> <sch:assert test="not(preceding-sibling::unix-def:behaviors[@recurse_file_system='defined'])"><sch:value-of select="../@id"/> - the recurse_file_system behavior MUST not be set to 'defined' when a pattern match is used with a path entity.</sch:assert> <sch:assert test="not(preceding-sibling::unix-def:behaviors[@max_depth])"><sch:value-of select="../@id"/> - the max_depth behavior MUST not be used when a pattern match is used with a path entity.</sch:assert> <sch:assert test="not(preceding-sibling::unix-def:behaviors[@recurse_direction])"><sch:value-of select="../@id"/> - the recurse_direction behavior MUST not be used when a pattern match is used with a path entity.</sch:assert> <sch:assert test="not(preceding-sibling::unix-def:behaviors[@recurse])"><sch:value-of select="../@id"/> - the recurse behavior MUST not be used when a pattern match is used with a path entity.</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="filename" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The name of an SCCS file.</xsd:documentation> <xsd:appinfo> <sch:pattern id="unix-def_sccs_objectfilename"> <sch:rule context="unix-def:sccs_object/unix-def:filename"> <sch:assert test="(@var_ref and .='') or not(.='') or (.='' and @operation = 'pattern match')"><sch:value-of select="../@id"/> - filename entity cannot be empty unless the xsi:nil attribute is set to true or a var_ref is used</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:choice> <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="sccs_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation/> <xsd:appinfo> <oval:deprecated_info> <oval:version>5.10</oval:version> <oval:reason>The sccs_state has been deprecated because the Source Code Control System (SCCS) is obsolete. The sccs_state may be removed in a future version of the language.</oval:reason> </oval:deprecated_info> <sch:pattern id="unix-def_sccsste_dep"> <sch:rule context="unix-def:sccs_state"> <sch:report test="true()">DEPRECATED STATE: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="filepath" type="oval-def:EntityStateStringType" minOccurs="0"> <xsd:annotation> <xsd:documentation>The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="path" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The path element specifies the directory component of the absolute path to an SCCS file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="filename" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the name of a SCCS file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="module_name" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="module_type" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="release" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="level" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="branch" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="sequence" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="what_string" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ================================ SHADOW TEST ================================ --> <!-- =============================================================================== --> <xsd:element name="shadow_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>The shadow test is used to check information from the /etc/shadow file for a specific user. This file contains a user's password, but also their password aging and lockout information. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an shadow_object and the optional state element specifies the information to check.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>shadow_test</oval:test> <oval:object>shadow_object</oval:object> <oval:state>shadow_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#unix">shadow_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="unix-def_shadowtst"> <sch:rule context="unix-def:shadow_test/unix-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/unix-def:shadow_object/@id"><sch:value-of select="../@id"/> - the object child element of a shadow_test must reference a shadow_object</sch:assert> </sch:rule> <sch:rule context="unix-def:shadow_test/unix-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/unix-def:shadow_state/@id"><sch:value-of select="../@id"/> - the state child element of a shadow_test must reference a shadow_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType" /> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="shadow_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The shadow_object element is used by a shadow test to define the shadow file to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation> <xsd:documentation>A shdow object consists of a single user entity that identifies the username associted with the shadow file.</xsd:documentation> <xsd:appinfo> <sch:pattern id="unix-def_shadow_object_verify_filter_state"> <sch:rule context="unix-def:shadow_object//oval-def:filter"> <sch:let name="parent_object" value="ancestor::unix-def:shadow_object"/> <sch:let name="parent_object_id" value="$parent_object/@id"/> <sch:let name="state_ref" value="."/> <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/> <sch:let name="state_name" value="local-name($reffed_state)"/> <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/> <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#unix') and ($state_name='shadow_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type. </sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set"/> <xsd:sequence> <xsd:element name="username" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="shadow_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The shadows_state element defines the different information associated with the system shadow file. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="username" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the name of the user being checked.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="password" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the encrypted version of the user's password.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="chg_lst" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the date of the last password change in days since 1/1/1970.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="chg_allow" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This specifies how often in days a user may change their password. It can also be thought of as the minimum age of a password.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="chg_req" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This describes how long a user can keep a password before the system forces her to change it.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="exp_warn" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This describes how long before password expiration the system begins warning the user. The system will warn the user at each login.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="exp_inact" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The exp_inact entity describes how many days of account inactivity the system will wait after a password expires before locking the account. Unix systems are generally configured to only allow a given password to last for a fixed period of time. When this time, the chg_req parameter, is near running out, the system begins warning the user at each login. How soon before the expiration the user receives these warnings is specified in exp_warn. The only hiccup in this design is that a user may not login in time to ever receive a warning before account expiration. The exp_inact parameter gives the sysadmin flexibility so that a user who reaches the end of their expiration time gains exp_inact more days to login and change their password manually.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="exp_date" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This specifies when will the account's password expire, in days since 1/1/1970.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="flag" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is a reserved field that the shadow file may use in the future.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="encrypt_method" type="unix-def:EntityStateEncryptMethodType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The encrypt_method entity describes method that is used for hashing passwords.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ================================ SYMLINK TEST =============================== --> <!-- =============================================================================== --> <xsd:element name="symlink_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>The symlink_test is used to obtain canonical path information for symbolic links.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>symlink_test</oval:test> <oval:object>symlink_object</oval:object> <oval:state>symlink_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#unix">symlink_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="unix-def_symlinktst"> <sch:rule context="unix-def:symlink_test/unix-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/unix-def:symlink_object/@id"><sch:value-of select="../@id"/> - the object child element of a symlink_test must reference a symlink_object</sch:assert> </sch:rule> <!-- OpenSCAP change of official OVAL 5.11 schema. It is a known issue, see https://github.com/OVALProject/Language/issues/235 It will be fixed in OVAL 5.11.1 --> <sch:rule context="unix-def:symlink_test/unix-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/unix-def:symlink_state/@id"><sch:value-of select="../@id"/> - the state child element of a symlink_test must reference a symlink_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType"/> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="symlink_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The symlink_object element is used by a symlink_test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation> <xsd:documentation>A symlink_object consists of a filepath entity that contains the path to a symbolic link file. The resulting item identifies the canonical path of the link target (followed to its final destination, if there are intermediate links), an error if the link target does not exist or is a circular link (e.g., a link to itself). If the file located at filepath is not a symlink, or if there is no file located at the filepath, then any resulting item would itself have a status of does not exist.</xsd:documentation> <xsd:appinfo> <!-- OpenSCAP change of official OVAL 5.11 schema. It is a known issue, see https://github.com/OVALProject/Language/issues/235 It will be fixed in OVAL 5.11.1 --> <sch:pattern id="unix-def_symlink_object_verify_filter_state"> <sch:rule context="unix-def:symlink_object//oval-def:filter"> <sch:let name="parent_object" value="ancestor::unix-def:symlink_object"/> <sch:let name="parent_object_id" value="$parent_object/@id"/> <sch:let name="state_ref" value="."/> <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/> <sch:let name="state_name" value="local-name($reffed_state)"/> <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/> <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#unix') and ($state_name='symlink_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type. </sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set"/> <xsd:sequence> <xsd:element name="filepath" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>Specifies the filepath for the symbolic link.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="symlink_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The symlink_state element defines a value used to evaluate the result of a specific symlink_object item.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="filepath" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the filepath used to create the object.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="canonical_path" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the canonical path for the target of a symbolic link file specified by the filepath.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ================================= SYSCTL TEST =============================== --> <!-- =============================================================================== --> <xsd:element name="sysctl_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>The sysctl_test is used to check the values associated with the kernel parameters that are used by the local system. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a sysctl_object and the optional state element references a sysctl_state that specifies the information to check.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>sysctl_test</oval:test> <oval:object>sysctl_object</oval:object> <oval:state>sysctl_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#unix">sysctl_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="unix-def_sysctltst"> <sch:rule context="unix-def:sysctl_test/unix-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/unix-def:sysctl_object/@id"><sch:value-of select="../@id"/> - the object child element of a sysctl_test must reference a sysctl_object</sch:assert> </sch:rule> <sch:rule context="unix-def:sysctl_test/unix-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/unix-def:sysctl_state/@id"><sch:value-of select="../@id"/> - the state child element of a sysctl_test must reference a sysctl_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType" /> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="sysctl_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The sysctl_object is used by a sysctl_test to define which kernel parameters on the local system should be collected. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation> <xsd:appinfo> <sch:pattern id="unix-def_sysctl_object_verify_filter_state"> <sch:rule context="unix-def:sysctl_object//oval-def:filter"> <sch:let name="parent_object" value="ancestor::unix-def:sysctl_object"/> <sch:let name="parent_object_id" value="$parent_object/@id"/> <sch:let name="state_ref" value="."/> <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/> <sch:let name="state_name" value="local-name($reffed_state)"/> <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/> <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#unix') and ($state_name='sysctl_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type. </sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set"/> <xsd:sequence> <xsd:element name="name" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The name element specifies the name(s) of the kernel parameter(s) that should be collected from the local system.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="sysctl_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The sysctl_state contains two entities that are used to check the kernel parameter name and value(s).</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="name" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The name element contains a string that represents the name of a kernel parameter that was collected from the local system.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="value" type="oval-def:EntityStateAnySimpleType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The value element contains a string that represents the value(s) associated with the specified kernel parameter.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ================================ UNAME TEST ================================= --> <!-- =============================================================================== --> <xsd:element name="uname_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>The uname test reveals information about the hardware the machine is running on. This information is the parsed equivalent of uname -a. For example: "Linux quark 2.6.5-7.108-default #1 Wed Aug 25 13:34:40 UTC 2004 i686 i686 i386 GNU/Linux" or "Darwin TestHost 7.7.0 Darwin Kernel Version 7.7.0: Sun Nov 7 16:06:51 PST 2004; root:xnu/xnu-517.9.5.obj~1/RELEASE_PPC Power Macintosh powerpc". It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a uname_object and the optional state element specifies the metadata to check.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>uname_test</oval:test> <oval:object>uname_object</oval:object> <oval:state>uname_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#unix">uname_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="unix-def_unametst"> <sch:rule context="unix-def:uname_test/unix-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/unix-def:uname_object/@id"><sch:value-of select="../@id"/> - the object child element of a uname_test must reference a uname_object</sch:assert> </sch:rule> <sch:rule context="unix-def:uname_test/unix-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/unix-def:uname_state/@id"><sch:value-of select="../@id"/> - the state child element of a uname_test must reference a uname_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType" /> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="uname_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The uname_object element is used by an uname test to define those objects to evaluated based on a specified state. There is actually only one object relating to uname and this is the system as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check uname will reference the same uname_object which is basically an empty object element.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"/> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="uname_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The uname_state element defines the information about the hardware the machine is running one. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="machine_class" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This entity specifies a machine hardware name. This corresponds to the command uname -m.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="node_name" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This entity specifies a host name. This corresponds to the command uname -n.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="os_name" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This entity specifies an operating system name. This corresponds to the command uname -s.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="os_release" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This entity specifies a build version. This corresponds to the command uname -r.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="os_version" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This entity specifies an operating system version. This corresponds to the command uname -v.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="processor_type" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This entity specifies a processor type. This corresponds to the command uname -p.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ================================ XINETD TEST ================================ --> <!-- =============================================================================== --> <xsd:element name="xinetd_test" substitutionGroup="oval-def:test"> <xsd:annotation> <xsd:documentation>The xinetd test is used to check information associated with different Internet services. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an inetd_object and the optional state element specifies the information to check.</xsd:documentation> <xsd:appinfo> <oval:element_mapping> <oval:test>xinetd_test</oval:test> <oval:object>xinetd_object</oval:object> <oval:state>xinetd_state</oval:state> <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#unix">xinetd_item</oval:item> </oval:element_mapping> </xsd:appinfo> <xsd:appinfo> <sch:pattern id="unix-def_xinetdtst"> <sch:rule context="unix-def:xinetd_test/unix-def:object"> <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/unix-def:xinetd_object/@id"><sch:value-of select="../@id"/> - the object child element of a xinetd_test must reference a xinetd_object</sch:assert> </sch:rule> <sch:rule context="unix-def:xinetd_test/unix-def:state"> <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/unix-def:xinetd_state/@id"><sch:value-of select="../@id"/> - the state child element of a xinetd_test must reference a xinetd_state</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:TestType"> <xsd:sequence> <xsd:element name="object" type="oval-def:ObjectRefType" /> <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="xinetd_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>The xinetd_object element is used by an xinetd test to define the specific protocol-service to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation> <xsd:documentation>An xinetd object consists of a protocol entity and a service_name entity that identifies the specific service to be tested.</xsd:documentation> <xsd:appinfo> <sch:pattern id="unix-def_xinetd_object_verify_filter_state"> <sch:rule context="unix-def:xinetd_object//oval-def:filter"> <sch:let name="parent_object" value="ancestor::unix-def:xinetd_object"/> <sch:let name="parent_object_id" value="$parent_object/@id"/> <sch:let name="state_ref" value="."/> <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/> <sch:let name="state_name" value="local-name($reffed_state)"/> <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/> <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#unix') and ($state_name='xinetd_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type. </sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set"/> <xsd:sequence> <xsd:element name="protocol" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The protocol entity specifies the protocol that is used by the service. The list of valid protocols can be found in /etc/protocols.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="service_name" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The service_name entity specifies the name of the service.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="xinetd_state" substitutionGroup="oval-def:state"> <xsd:annotation> <xsd:documentation>The xinetd_state element defines the different information associated with a specific Internet service. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:StateType"> <xsd:sequence> <xsd:element name="protocol" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The protocol entity specifies the protocol that is used by the service. The list of valid protocols can be found in /etc/protocols.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="service_name" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The service_name entity specifies the name of the service.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="flags" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The flags entity specifies miscellaneous settings associated with the service.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="no_access" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The no_access entity specifies the remote hosts to which the service is unavailable. Please see the xinetd.conf(5) man page for information on the different formats that can be used to describe a host.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="only_from" type="oval-def:EntityStateIPAddressStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The only_from entity specifies the remote hosts to which the service is available. Please see the xinetd.conf(5) man page for information on the different formats that can be used to describe a host.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="port" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The port entity specifies the port used by the service.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="server" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The server entity specifies the executable that is used to launch the service.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="server_arguments" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The server_arguments entity specifies the arguments that are passed to the executable when launching the service.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="socket_type" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The socket_type entity specifies the type of socket that is used by the service. Possible values include: stream, dgram, raw, or seqpacket.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="type" type="unix-def:EntityStateXinetdTypeStatusType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The type entity specifies the type of the service.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="user" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The user entity specifies the user identifier of the process that is running the service. The user identifier may be expressed as a numerical value or as a user name that exists in /etc/passwd.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="wait" type="oval-def:EntityStateBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The wait entity specifies whether or not the service is single-threaded or multi-threaded and whether or not xinetd accepts the connection or the service accepts the connection. A value of 'true' indicates that the service is single-threaded and the service will accept the connection. A value of 'false' indicates that the service is multi-threaded and xinetd will accept the connection.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="disabled" type="oval-def:EntityStateBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The disabled entity specifies whether or not the service is disabled. A value of 'true' indicates that the service is disabled and will not start. A value of 'false' indicates that the service is not disabled.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- =============================================================================== --> <!-- =============================================================================== --> <xsd:complexType name="EntityStateCapabilityType"> <xsd:annotation> <xsd:documentation>The EntityStateCapabilityType complex type restricts a string value to a specific set of values that describe POSIX capability types associated with a process service. This list is based off the values defined in linux/include/linux/capability.h. Documentation on each allowed value can be found in capability.h. The empty string is also allowed to support empty elements associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-def:EntityStateStringType"> <xsd:enumeration value="CAP_CHOWN"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_DAC_OVERRIDE"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_DAC_READ_SEARCH"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_FOWNER"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_FSETID"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_KILL"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_SETGID"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_SETUID"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_SETPCAP"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_LINUX_IMMUTABLE"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_NET_BIND_SERVICE"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_NET_BROADCAST"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_NET_ADMIN"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_NET_RAW"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_IPC_LOCK"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_IPC_OWNER"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_SYS_MODULE"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_SYS_RAWIO"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_SYS_CHROOT"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_SYS_PTRACE"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_SYS_ADMIN"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_SYS_BOOT"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_SYS_NICE"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_SYS_RESOURCE"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_SYS_TIME"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_SYS_TTY_CONFIG"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_MKNOD"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_LEASE"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_AUDIT_WRITE"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_AUDIT_CONTROL"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_SETFCAP"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_MAC_OVERRIDE"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_MAC_ADMIN"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_SYS_PACCT"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_SYSLOG"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_WAKE_ALARM"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_BLOCK_SUSPEND"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CAP_AUDIT_READ"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityStateEndpointType"> <xsd:annotation> <xsd:documentation>The EntityStateEndpointType complex type restricts a string value to a specific set of values that describe endpoint types associated with an Internet service. The empty string is also allowed to support empty elements associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-def:EntityStateStringType"> <xsd:enumeration value="stream"> <xsd:annotation> <xsd:documentation>The stream value is used to describe a stream socket.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="dgram"> <xsd:annotation> <xsd:documentation>The dgram value is used to describe a datagram socket.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="raw"> <xsd:annotation> <xsd:documentation>The raw value is used to describe a raw socket.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="seqpacket"> <xsd:annotation> <xsd:documentation>The seqpacket value is used to describe a sequenced packet socket.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="tli"> <xsd:annotation> <xsd:documentation>The tli value is used to describe all TLI endpoints.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityStateGconfTypeType"> <xsd:annotation> <xsd:documentation>The EntityStateGconfTypeType complex type restricts a string value to the seven values GCONF_VALUE_STRING, GCONF_VALUE_INT, GCONF_VALUE_FLOAT, GCONF_VALUE_BOOL, GCONF_VALUE_SCHEMA, GCONF_VALUE_LIST, and GCONF_VALUE_PAIR that specify the datatype of the value associated with a GConf preference key. The empty string is also allowed to support empty elements associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-def:EntityStateStringType"> <xsd:enumeration value="GCONF_VALUE_STRING"> <xsd:annotation> <xsd:documentation>The GCONF_VALUE_STRING type is used to describe a preference key that has a string value.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="GCONF_VALUE_INT"> <xsd:annotation> <xsd:documentation>The GCONF_VALUE_INT type is used to describe a preference key that has a integer value.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="GCONF_VALUE_FLOAT"> <xsd:annotation> <xsd:documentation>The GCONF_VALUE_FLOAT type is used to describe a preference key that has a float value.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="GCONF_VALUE_BOOL"> <xsd:annotation> <xsd:documentation>The GCONF_VALUE_BOOL type is used to describe a preference key that has a boolean value.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="GCONF_VALUE_SCHEMA"> <xsd:annotation> <xsd:documentation>The GCONF_VALUE_SCHEMA type is used to describe a preference key that has a schema value. The actual value will be the default value as specified in the GConf schema.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="GCONF_VALUE_LIST"> <xsd:annotation> <xsd:documentation>The GCONF_VALUE_LIST type is used to describe a preference key that has a list of values. The actual values will be one of the primitive GConf datatypes GCONF_VALUE_STRING, GCONF_VALUE_INT, GCONF_VALUE_FLOAT, GCONF_VALUE_BOOL, and GCONF_VALUE_SCHEMA. Note that all of the values associated with a GCONF_VALUE_LIST are required to have the same type.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="GCONF_VALUE_PAIR"> <xsd:annotation> <xsd:documentation>The GCONF_VALUE_PAIR type is used to describe a preference key that has a pair of values. The actual values will consist of the primitive GConf datatypes GCONF_VALUE_STRING, GCONF_VALUE_INT, GCONF_VALUE_FLOAT, GCONF_VALUE_BOOL, and GCONF_VALUE_SCHEMA. Note that the values associated with a GCONF_VALUE_PAIR are not required to have the same type.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityStateRoutingTableFlagsType"> <xsd:annotation> <xsd:documentation>The EntityStateRoutingTableFlagsType complex type restricts a string value to a specific set of values that describe the flags associated with a routing table entry. This list is based off the values defined in the man pages of various platforms. For Linux, please see route(8). For Solaris, please see netstat(1M). For HP-UX, please see netstat(1). For Mac OS, please see netstat(1). For FreeBSD, please see netstat(1). Documentation on each allowed value can be found in the previously listed man pages. The empty string is also allowed to support empty elements associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.</xsd:documentation> <xsd:appinfo> <evaluation_documentation>The following table is a mapping between the generic flag enumeration values and the actual flag values found on the various platforms. If the flag value is not specified, for a particular generic flag enumeration value, the flag value is not defined for that platform.</evaluation_documentation> <evaluation_chart xml:space="preserve"> Name Linux Solaris HPUX Mac OS FreeBSD AIX UP U U U U U U GATEWAY G G G G G G HOST H H H H H H REINSTATE R DYNAMIC D D D D D MODIFIED M M M M ADDRCONF A A CACHE C e REJECT ! R R R REDUNDANT M (>=9) SETSRC S BROADCAST B b b b LOCAL L l PROTOCOL_1 1 1 1 PROTOCOL_2 2 2 2 PROTOCOL_3 3 3 3 BLACK_HOLE B B CLONING C C c PROTOCOL_CLONING c c INTERFACE_SCOPE I LINK_LAYER L L L MULTICAST m m STATIC S S S WAS_CLONED W W W XRESOLVE X X USABLE u PINNED P ACTIVE_DEAD_GATEWAY_DETECTION A (>=5.1) </evaluation_chart> </xsd:appinfo> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-def:EntityStateStringType"> <xsd:enumeration value="UP"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="GATEWAY"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="HOST"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="REINSTATE"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="DYNAMIC"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="MODIFIED"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADDRCONF"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CACHE"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="REJECT"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="REDUNDANT"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SETSRC"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="BROADCAST"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="LOCAL"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="PROTOCOL_1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="PROTOCOL_2"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="PROTOCOL_3"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="BLACK_HOLE"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="CLONING"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="PROTOCOL_CLONING"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="INTERFACE_SCOPE"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="LINK_LAYER"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="MULTICAST"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="STATIC"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="WAS_CLONED"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="XRESOLVE"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="USABLE"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="PINNED"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ACTIVE_DEAD_GATEWAY_DETECTION"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityStateXinetdTypeStatusType"> <xsd:annotation> <xsd:documentation>The EntityStateXinetdTypeStatusType complex type restricts a string value to five values, either RPC, INTERNAL, UNLISTED, TCPMUX, or TCPMUXPLUS that specify the type of service registered in xinetd. The empty string is also allowed to support empty elements associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-def:EntityStateStringType"> <xsd:enumeration value="INTERNAL"> <xsd:annotation> <xsd:documentation>The INTERNAL type is used to describe services like echo, chargen, and others whose functionality is supplied by xinetd itself.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="RPC"> <xsd:annotation> <xsd:documentation>The RPC type is used to describe services that use remote procedure call ala NFS.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="UNLISTED"> <xsd:annotation> <xsd:documentation>The UNLISTED type is used to describe services that aren't listed in /etc/protocols or /etc/rpc.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="TCPMUX"> <xsd:annotation> <xsd:documentation>The TCPMUX type is used to describe services that conform to RFC 1078. This type indiciates that the service is responsible for handling the protocol handshake.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="TCPMUXPLUS"> <xsd:annotation> <xsd:documentation>The TCPMUXPLUS type is used to describe services that conform to RFC 1078. This type indicates that xinetd is responsible for handling the protocol handshake.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityStateWaitStatusType"> <xsd:annotation> <xsd:documentation>The EntityStateWaitStatusType complex type restricts a string value to two values, either wait or nowait, that specify whether the server that is invoked by inetd will take over the listening socket associated with the service, and whether once launched, inetd will wait for that server to exit, if ever, before it resumes listening for new service requests. The empty string is also allowed to support empty elements associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-def:EntityStateStringType"> <xsd:enumeration value="wait"> <xsd:annotation> <xsd:documentation>The value of 'wait' specifies that the server that is invoked by inetd will take over the listening socket associated with the service, and once launched, inetd will wait for that server to exit, if ever, before it resumes listening for new service requests.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="nowait"> <xsd:annotation> <xsd:documentation>The value of 'nowait' specifies that the server that is invoked by inetd will not wait for any existing server to finish before taking over the listening socket associated with the service.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityStateEncryptMethodType"> <xsd:annotation> <xsd:documentation>The EntityStateEncryptMethodType complex type restricts a string value to a set that corresponds to the allowed encrypt methods used for protected passwords in a shadow file. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-def:EntityStateStringType"> <xsd:enumeration value="DES"> <xsd:annotation> <xsd:documentation>The DES method corresponds to the (none) prefix.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="BSDi"> <xsd:annotation> <xsd:documentation>The BSDi method corresponds to BSDi modified DES or the '_' prefix. </xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="MD5"> <xsd:annotation> <xsd:documentation>The MD5 method corresponds to MD5 for Linux/BSD or the $1$ prefix.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="Blowfish"> <xsd:annotation> <xsd:documentation>The Blowfish method corresponds to Blowfish (OpenBSD) or the $2$ or $2a$ prefixes.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="Sun MD5"> <xsd:annotation> <xsd:documentation>The Sun MD5 method corresponds to the $md5$ prefix.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SHA-256"> <xsd:annotation> <xsd:documentation>The SHA-256 method corresponds to the $5$ prefix.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SHA-512"> <xsd:annotation> <xsd:documentation>The SHA-512 method corresponds to the $6$ prefix.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityStateInterfaceType"> <xsd:annotation> <xsd:documentation>The EntityStateInterfaceType complex type restricts a string value to a specific set of values. These values describe the different interface types which are defined in 'if_arp.h'. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-def:EntityStateStringType"> <xsd:enumeration value="ARPHRD_ETHER"> <xsd:annotation> <xsd:documentation>The ARPHRD_ETHER type is used to describe ethernet interfaces.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ARPHRD_FDDI"> <xsd:annotation> <xsd:documentation>The ARPHRD_FDDI type is used to describe fiber distributed data interfaces (FDDI).</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ARPHRD_LOOPBACK"> <xsd:annotation> <xsd:documentation>The ARPHRD_LOOPBACK type is used to describe loopback interfaces.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ARPHRD_VOID"> <xsd:annotation> <xsd:documentation>The ARPHRD_VOID type is used to describe unknown interfaces.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ARPHRD_PPP"> <xsd:annotation> <xsd:documentation>The ARPHRD_PPP type is used to describe point-to-point protocol interfaces (PPP).</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ARPHRD_SLIP"> <xsd:annotation> <xsd:documentation>The ARPHRD_SLIP type is used to describe serial line internet protocol interfaces (SLIP).</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ARPHRD_PRONET"> <xsd:annotation> <xsd:documentation>The ARPHRD_PRONET type is used to describe PROnet token ring interfaces.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> </xsd:schema>
Close
