ovaldi(1)

1ovaldi(1)                        USER COMMANDS                       ovaldi(1)
2
3
4

NAME

6       ovaldi  - a reference interpreter for the Open Vulnerability and Asess‐
7       ment Language
8

SYNOPSIS

10       ovaldi [-d filename] [-i filename]  [-o  filename]  [-r  filename]  [-t
11       filename] [-v filename] [-x filename] [-hmpzs] [MD5Hash]
12

DESCRIPTION

14       The  MITRE  Corporation developed the Open Vulnerability and Assessment
15       Language (OVAL) Interpreter to provide the OVAL Community with an  open
16       source  reference  implementation  of the language and its Definitions.
17       The OVAL Interpreter uses OVAL Definitions to gather security  relevant
18       configuration information on a computer (e.g., rpm parameters, registry
19       keys, file information, etc.), analyze the information for vulnerabili‐
20       ties  and  configuration issues, and report the results of the analysis
21       for each definition.
22

OPTIONS

24       -h     Displays command line options.
25
26       -o filename
27              Specifies the pathname of the OVAL Definition file to  use.   If
28              none  is specified than the Interpreter will default to "defini‐
29              tions.xml" in the Interpreter directory.
30
31       -d filename
32              Specifies the pathname of the file to which collected configura‐
33              tion  data  is  to  be  saved. This data is stored in the format
34              defined by the Systems Characteristics Schema.
35
36       -r filename
37              Specifies the pathname of the file to which analysis results are
38              to  be  saved.   This  data  is  stored  according to the format
39              defined by the OVAL Results Schema.  If none is  specified  than
40              the Interpreter will default to "results.xml" in the Interpreter
41              directory.
42
43       -v filename
44              Specifies the pathname of the external variable file to use.  If
45              none  is  specified than the Interpreter will default to "exter‐
46              nal-variables.xml" in the Interpreter directory.
47
48       -e definition id list
49              Specifies a list of definition ids  to  evaluate  in  the  input
50              oval-definitions  document.  Supply  definition  ids  as a comma
51              seperated  list  like:   oval:com.example:def:123,oval:com.exam‐
52              ple:def:234
53
54       -n     Perform Schematron validation of the oval-defiitions file.
55
56       -c filename
57              Specifies the pathname of the oval-definitions-schematron.xsl to
58              be used for Schematron validation. If none is specified then the
59              Interpreter will default to "oval-definitions-schematron.xsl" in
60              the Interpreter directory.
61
62       -i filename
63              Specifies the pathname of a System Characteristics file that  is
64              to  be  used  as  the  basis of the analysis.  In this mode, the
65              Interpreter does not perform data collection on the  local  sys‐
66              tem,  but relies upon the input file, which may have been gener‐
67              ated on another system.
68
69       -m     Run without requiring an MD5 checksum.  Running the  Interpreter
70              with  this  option  DISABLES  an important security feature.  In
71              normal usage, a trusted checksum provided on the command line is
72              used to verify the integrity of the OVAL Definitions file.
73
74              Use  of  this  option  is recommended only when testing your own
75              draft definitions before submitting them to the  OVAL  Community
76              Forum for public review.
77
78       -p     Verbose  output.  Print all information and error message to the
79              console.
80
81       -s     If set do not apply the xsl to the OVAL Results xml.
82
83       -t filename
84              Specifies the pathname of the xsl file which should be  used  to
85              transform the oval results. If none is specified then the Inter‐
86              preter will default to "results_to_html.xsl" in the  Interpreter
87              directory.
88
89       -x filename
90              Specifies  the  pathname of the file which xsl transform results
91              are to be saved.  If none is specified then the Interpreter will
92              default to "results.html" in the Interpreter directory.
93
94       -z     Calculates and prints to the screen the MD5 checksum of the cur‐
95              rent data file (definitions.xml by default, or as  specified  by
96              the  -o  option).  This can be used to manually compare the cur‐
97              rent file with the trusted checksum available from the OVAL  Web
98              site.
99

EXAMPLES

101       Run the interpreter against the Linux definitions file, without verify‐
102       ing MD5 checksum:
103              ovaldi -o linux.definitions.xml -m
104

FILES

106       /usr/share/ovaldi/*.xsd
107              The schema files for the OVAL language.
108

AUTHOR

110       Man page written by Brendan Jonathan Baker (bakerj@mitre.org)
111
112
113
114Version 5.3                      June 26, 2007                       ovaldi(1)