NAME
ovaldi - a reference interpreter for the Open Vulnerability and
Assessment Language
SYNOPSIS
ovaldi [-a dir name] [-c filename] [-d filename] [-e <string>] [-f
filename] [-i filename] [-l <integer>] [-o filename] [-r filename] [-t
filename] [-v filename] [-x filename] [-hmnpsyz] [MD5Hash]
DESCRIPTION
The MITRE Corporation developed the Open Vulnerability and Assessment
Language (OVAL) Interpreter to provide the OVAL Community with an open
source reference implementation of the OVAL Language. The OVAL
Interpreter uses OVAL Definitions to gather security relevant
configuration information on a computer (e.g., rpm parameters, registry
keys, file information, etc.), analyze the information for
vulnerabilities and configuration issues, and report the results of the
analysis for each OVAL Definition.
OPTIONS
-h Displays command line options.
-o filename
Specifies the pathname of the OVAL Definition document to use.
If none is specified then the OVAL Interpreter will default to
"definitions.xml" in the current directory.
-v filename
Specifies the pathname of the OVAL Variables document to use.
If none is specified then the OVAL Interpreter will default to
"external-variables.xml" in the current directory.
-e definition id list
Specifies a list of OVAL Definition ids to evaluate in the input
OVAL Definitions document. Supply OVAL Definition ids as a comma
separated list like:
oval:com.example:def:123,oval:com.example:def:234
-f filename
Path to a file containing a list of OVAL Definitions to be
evaluated. The file must comply with the evaluation-id schema.
-m Run without requiring an MD5 checksum. Running the OVAL
Interpreter with this option DISABLES an important security
feature. In normal usage, a trusted checksum provided on the
command line is used to verify the integrity of the OVAL
Definitions document.
Use of this option is recommended only when testing your own
draft OVAL Definitions before submitting them to the OVAL
Community Forum for public review.
-n Perform Schematron validation of the OVAL Definitions document.
-c filename
Specifies the pathname of the oval-definitions-schematron.xsl to
be used for Schematron validation. If none is specified then the
OVAL Interpreter will default to "oval-definitions-
schematron.xsl" in the /usr/share/ovaldi/xml directory.
-a dir name
Specifies the pathname of the directory that contains the OVAL
Language Schema and other XML resources.
DEFAULT="/usr/share/ovaldi"
-i filename
Specifies the pathname of a OVAL System Characteristics document
that is to be used as the basis of the analysis. In this mode,
the OVAL Interpreter does not perform data collection on the
local system, but relies upon the input file, which may have
been generated on another system.
-d filename
Specifies the pathname of the file to which collected
configuration data is to be saved. This data is stored in the
format defined by the OVAL Systems Characteristics Schema.
-g filename
Specifies the pathname of the file containing the directives
which are used to control what information is included in the
generated OVAL Results document. The file must comply with the
OVAL Directives schema.
-r filename
Specifies the pathname of the file to which analysis results are
to be saved. This data is stored according to the format
defined by the OVAL Results Schema. If none is specified than
the OVAL Interpreter will default to "results.xml" in the
current directory.
-s If set do not apply the XSL to the OVAL Results xml.
-t filename
Specifies the pathname of the XSL file which should be used to
transform the OVAL Results document. If none is specified then
the OVAL Interpreter will default to "results_to_html.xsl" in
the /usr/share/ovaldi/xml directory.
-x filename
Specifies the pathname of the file which XSL transform results
are to be saved. If none is specified then the OVAL Interpreter
will default to "results.html" in the current directory.
-l <integer>
Logging level. Log messages at the specified level. (DEBUG =
1, INFO = 2, MESSAGE = 3, FATAL = 4). DEFAULT=2
-p Verbose output. Print all information and error message to the
console.
-y dir name
Save the ovaldi.log file to a specific location. The default
location is the current working directory when the executable is
run.
-z Calculates and prints to the screen the MD5 checksum of the
current data file (definitions.xml by default, or as specified
by the -o option). This can be used to manually compare the
current file with the trusted checksum available from the OVAL
Web site.
EXAMPLES
Run the OVAL Interpreter against an Debian example definitions
document, without
verifying MD5 checksum: ovaldi -a /usr/share/ovaldi/xml -o
/usr/share/doc/ovaldi/examples/package_example.xml -m
FILES
/usr/share/ovaldi/xml/*.xsd
The OVAL Language scheam files.
AUTHORS
Man page written by Jonathan Baker (bakerj@mitre.org)
Man page adapted for Debian by Pavel Vinogradov
(Pavel.Vinogradov@nixdev.net)