1ovaldi(1) USER COMMANDS ovaldi(1)
2
6 ovaldi - a reference interpreter for the Open Vulnerability and Assess‐
7 ment Language
8
10 ovaldi [-a dir name] [-c filename] [-d filename] [-e <string>] [-f
11 filename] [-i filename] [-l <integer>] [-o filename] [-r filename] [-t
12 filename] [-v filename] [-x filename] [-hmnpsyz] [MD5Hash]
13
15 The MITRE Corporation developed the Open Vulnerability and Assessment
16 Language (OVAL) Interpreter to provide the OVAL Community with an open
17 source reference implementation of the OVAL Language. The OVAL Inter‐
18 preter uses OVAL Definitions to gather security relevant configuration
19 information on a computer (e.g., rpm parameters, registry keys, file
20 information, etc.), analyze the information for vulnerabilities and
21 configuration issues, and report the results of the analysis for each
22 OVAL Definition.
23
25 -h Displays command line options.
26 -o filename
28 Specifies the pathname of the OVAL Definition document to use.
29 If none is specified then the OVAL Interpreter will default to
30 "definitions.xml" in the OVAL Interpreter directory.
31 -v filename
33 Specifies the pathname of the OVAL Variables document to use.
34 If none is specified then the OVAL Interpreter will default to
35 "external-variables.xml" in the OVAL Interpreter directory.
36 -e definition id list
38 Specifies a list of OVAL Definition ids to evaluate in the input
39 OVAL Definitions document. Supply OVAL Definition ids as a comma
40 separated list like: oval:com.example:def:123,oval:com.exam‐
41 ple:def:234
42 -f filename
44 Path to a file containing a list of OVAL Definitions to be eval‐
45 uated. The file must comply with the evaluation-id schema.
46 -m Run without requiring an MD5 checksum. Running the OVAL Inter‐
48 preter with this option DISABLES an important security feature.
49 In normal usage, a trusted checksum provided on the command line
50 is used to verify the integrity of the OVAL Definitions docu‐
51 ment.
52 Use of this option is recommended only when testing your own
54 draft OVAL Definitions before submitting them to the OVAL Commu‐
55 nity Forum for public review.
56 -n Perform Schematron validation of the OVAL Definitions document.
58 -c filename
60 Specifies the pathname of the oval-definitions-schematron.xsl to
61 be used for Schematron validation. If none is specified then the
62 OVAL Interpreter will default to "oval-definitions-schema‐
63 tron.xsl" in the OVAL Interpreter directory.
64 -a dir name
66 Specifies the pathname of the directory that contains the OVAL
67 Language Schema and other XML resources. DEFAULT="xml"
68 -i filename
70 Specifies the pathname of a OVAL System Characteristics document
71 that is to be used as the basis of the analysis. In this mode,
72 the OVAL Interpreter does not perform data collection on the
73 local system, but relies upon the input file, which may have
74 been generated on another system.
75 -d filename
77 Specifies the pathname of the file to which collected configura‐
78 tion data is to be saved. This data is stored in the format
79 defined by the OVAL Systems Characteristics Schema.
80 -r filename
82 Specifies the pathname of the file to which analysis results are
83 to be saved. This data is stored according to the format
84 defined by the OVAL Results Schema. If none is specified than
85 the OVAL Interpreter will default to "results.xml" in the OVAL
86 Interpreter directory.
87 -s If set do not apply the XSL to the OVAL Results xml.
89 -t filename
91 Specifies the pathname of the XSL file which should be used to
92 transform the OVAL Results document. If none is specified then
93 the OVAL Interpreter will default to "results_to_html.xsl" in
94 the OVAL Interpreter directory.
95 -x filename
97 Specifies the pathname of the file which XSL transform results
98 are to be saved. If none is specified then the OVAL Interpreter
99 will default to "results.html" in the OVAL Interpreter direc‐
100 tory.
101 -l <integer>
103 Logging level. Log messages at the specified level. (DEBUG =
104 1, INFO = 2, MESSAGE = 3, FATAL = 4). DEFAULT=2
105 -p Verbose output. Print all information and error message to the
107 console.
108 -y dir name
110 Save the ovaldi.log file to a specific location. The default
111 location is the current working directory when the executable is
112 run.
113 -z Calculates and prints to the screen the MD5 checksum of the cur‐
115 rent data file (definitions.xml by default, or as specified by
116 the -o option). This can be used to manually compare the cur‐
117 rent file with the trusted checksum available from the OVAL Web
118 site.
119
121 Run the OVAL Interpreter against an OVAL Definitions document, without
122 verifying MD5 checksum: ovaldi -a /usr/share/ovaldi -o
123 linux.definitions.xml -m
124
126 /usr/share/ovaldi/*.xsd
127 The OVAL Language scheam files.
128
130 Man page written by Jonathan Baker (bakerj@mitre.org)
131Version 5.6.4 January 5, 2010 ovaldi(1)