Date: Sat, 15 Nov 2008 00:20:45 +0300 From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: Mark Foster <mark@foster.cc> Cc: freebsd-security@freebsd.org Subject: Re: portaudit, vuxml & OVAL data Message-ID: <p/hL1QF4rue/TSu70FpkcOD/sjs@ykrtuxHTE1IQdhZczhCXP24/%2B%2BA> In-Reply-To: <491DA571.2060105@foster.cc> References: <491DA571.2060105@foster.cc>
next in thread | previous in thread | raw e-mail | index | archive | help
--6zdv2QT/q3FMhpsV Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Mark, good day. Fri, Nov 14, 2008 at 08:21:05AM -0800, Mark Foster wrote: > I have a project idea regarding the extension of portaudit (which now > solely relies on the vuxml data from security/vuxml) to additionally > parse OVAL (CVE) data from the SCAP project. > http://nvd.nist.gov/scap.cfm > http://oval.mitre.org/ >=20 > I see that they already have a schema definition for FreeBSD found here: > http://oval.mitre.org/language/download/schema/version5.5/index.html I had glanced over this: there are FreeBSD-specific test definitions, but currently there are no FreeBSD-specific vulnerability data at OVAL. At least I had not found one. > I could see this turning into a oval2portaudit tool accompanied by a > modification of portaudit (if necessary) to accomodate > additional/disparate data sources. I could be a bit stupid, but I don't understand how the data from CVE is pushed to the OVAL. From what I had seen, there should be some person who will do it: looking at the sources of OVAL data for the different OSes, I had found that one should still write some tests to see if the vulnerability is applicable to the current system state. If it is really so, then writing such tests is more-or-less equal to the creation of a new VuXML entry. I have another idea: use CVE XML feeds, http://nvd.nist.gov/download.cfm#CVE_FEED to create drafts of the VuXML entries that will be passed to the human for the inspection. Such inspection is needed anyway, because, for example, FreeBSD could have the port with the backported patch. So, feed contents will tell us that the program is vulnerable, but the reality will be different. --=20 Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual =20 )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook=20 {_.-``-' {_/ # --6zdv2QT/q3FMhpsV Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkkd660ACgkQthUKNsbL7Yi7XgCeJ0NtfOIr6NARpJZTwxXU1ip1 pYcAn1nvTOmghQk9YOUx0CnD1rCrZPsx =Ot81 -----END PGP SIGNATURE----- --6zdv2QT/q3FMhpsV--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p/hL1QF4rue/TSu70FpkcOD/sjs>