Integrating OVAL Interpreter into BackTrack 3.0
Open Vulnerability and Assessment Language (OVAL) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community
Many security researchers and testers may deal with the OVAL interpreter under the Windows environments. But, the OVAL community has tried hard to make it work under the Unix flavors. It extended then its real value.
The happy news came from the successful porting to Ubuntu, Fedora and debian.
Since, we have just tested the new BackTrack 3.0 on a MacOSX 10.5 as virtual image (that rocks), we tried to see if the newest unix OVAL versions runs on it (This is a part of the SSA Scanner Project to extend it to run under the Unix systems)
For this test, we choose the Fedora Redhat 4 OVAL Interpreter package. Some tunings were expected to make it run proprely.
Security-Database.com OVAL Integration into BackTrack 3.0 Final
- Download the Redhat el4 OVAL package and the OVAL libs from this location
- Use rpm2tgz to transform them into "slack" packages
- Use the "pkgtool" to install both packages (start to install libs first)
- Copy the following files libxerces-c.so.27.0, libxalan-c.so.110.0 and libxalanMsg.so.110.0 from /usr/lib/ovaldi to /lib
- Add this line "/usr/lib/ovaldi" to ld conf file (/etc/ld.so.conf). Apply ldconfig command line.
- Here is the little hack to make Ovaldi run under BT : copy these files librpm-4.2.so, librpmdb-4.2.so and librpmio-4.2.so from /usr/lib/ to /lib. But you should rename them : librpm-4.3.so, librpmdb-4.3.so and librpmio-4.3.so.
The fast way "Scriptable mode" (the script is attached for download)
echo " security-database - SSA Project - Testing the Integration of OVAL into BT3"
echo " * Downloading OVAL Intepreter ...."
echo " * Download OVAL libs ..."
echo " * Creating Ovaldi Interpreter TGZ file..."
echo " * Creating Ovaldi Libs TGZ file ..."
echo " * Installing packages using the pkgtool, please choose 'Current' ..."
echo " * Copying essential ovaldi libs to /lib ..."
cp /usr/lib/ovaldi/libxerces-c.so.27.0 /lib
cp /usr/lib/ovaldi/libxalan-c.so.110.0 /lib
cp /usr/lib/ovaldi/libxalanMsg.so.110.0 /lib
echo " * Adding lib to ld conf ..."
echo "/usr/lib/ovaldi" >> /etc/ld.so.conf
echo " * Copying some essential rpm libs to /lib ..."
cp /usr/lib/librpm-4.2.so /lib/librpm-4.3.so
cp /usr/lib/librpmdb-4.2.so /lib/librpmdb-4.3.so
cp /usr/lib/librpmio-4.2.so /lib/librpmio-4.3.so
echo "Run ovaldi intepreter, it should work."
echo "Dont forget to download xml definitions from either"
echo "oval.mitre.org or security-database.com .."
echo "Easy syntax : ovaldi -o here_a_linux_definition.xml -m"
The OVAL Definition Schema, System Characteristics, Results Schema should be located here : /usr/share/ovaldi
The ovaldi executable is located here /usr/sbin/
Dont forget to get an unix definition file (redhat, opensuse....)
ps : Bug detected - We’ve tested the OVAL interpreter with the unix.xml and oval.xml. We got the following error
Message: Type not found in http://oval.mitre.org/XMLSchema/oval-definitions-5:EntityStateVersionType
We will update this post as soon as we got answers from OVAL team.
Bug Status (response from OVAL Team)
Download OVAL 5.4 following schemas from oval.mitre.org :