OVAL Interpreter v5.6.3 released

Open Vulnerability and Assessment Language (OVAL) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services.

The OVAL Interpreter is a freely available reference implementation that demonstrates the evaluation of OVAL Definitions. Based on a set of Definitions the interpreter collects system information, evaluates it, and generates a detailed OVAL Results file.

The OVAL Interpreter has been updated to Version 5.6, Build 3.
Specific updates to the OVAL Interpreter included correcting some minor bugs.

GIF - 4.8 kb

Version 5.6 build 3

  • Added support for the win-def:group_sid_test.
  • Fixed a bug in the ProcessProbe::GetAllProcesses() method that was causing the Process32First() API call to fail.
  • Added support for ind-def:textfilecontent54_test
  • Added support for unix-def:shadow_test
  • Added support for oval-def:regex_capture
  • Fixed a bug in the AbsEffectiveRightsProbe::GetTrusteesForWindowsObject() method that was causing the owner and primary group trustees to be added as trustee SIDs when they should have been added as trustee names.
  • Added support for the win-def:fileauditedpermissions_test.
  • Added support for the win-def:fileauditedpermissions53_test.
  • Added support for the win-def:regkeyauditedpermissions_test.
  • Added support for the win-def:regkeyauditedpermissions53_test.
  • Fixed a bug in REGEX.cpp so that it supports the ’|’ regular expression meta-character.

Post scriptum

Compliance Mandates

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Comments

Related Articles

Configurations checks
Local auditing
OVAL
Vulnerability Scanner