This document outlines the items of the OVAL System Characteristics XML schema that are independent of any specific family or platform. Each iten is an extention of a basic System Characteristics item defined in the core System Characteristics XML schema. The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org. Independent System Characteristics 5.6 9/9/2009 9:44:34 AM Copyright (c) 2002-2009, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included. This element stores high level system OS type, otherwise known as the family. This element describes the name of an environment variable. item - datatype attribute for the family entity of a family_item should be 'string' This element stores md5 hash associated with a specific file. 5.1 Replaced by the filehash_item entity. The filehash_item entity should be used to allow for the verification of both MD5 and SHA1 hashes. See the filehash_item. This entity has been deprecated and will be removed in version 6.0 of the language. DEPRECATED ITEM: ID: The path element specifies the directory component of the absolute path to a file on the machine. item - datatype attribute for the path entity of a filemd5_item should be 'string' The name of the file. item - datatype attribute for the filename entity of a filemd5_item should be 'string' The md5 hash of the file item - datatype attribute for the md5 entity of a filemd5_item should be 'string' This element stores the different hash values associated with a specific file. Specifies the absolute path to a file on the machine. item - datatype attribute for the filepath entity of a filehash_item should be 'string' The path element specifies the directory component of the absolute path to a file on the machine. item - datatype attribute for the path entity of a filehash_item should be 'string' The name of the file. item - datatype attribute for the filename entity of a filehash_item should be 'string' The md5 hash of the file item - datatype attribute for the md5 entity of a filehash_item should be 'string' The sha1 hash of the file item - datatype attribute for the sha1 entity of a filehash_item should be 'string' This item stores information about environment variables and their values. This element describes the name of an environment variable. item - datatype attribute for the name entity of an environmentvariable_item should be 'string' The actual value of the specified environment variable. - The datatype has been set to 'int' but the value is not an integer. This element holds information about specific entries in the LDAP directory. It extends the standard ItemType as defined in the oval-system-characteristics schema and one should refer to the ItemType description for more information. Each object in an LDAP directory exists under a certain suffix (also known as a naming context or base distinguished name). A suffix is defined as a single object in the Directory Information Tree (DIT) along with every object in the tree subordinate to it. item - datatype attribute for the suffix entity of an ldap_item should be 'string' The relative_dn field is used to uniquely identify an item inside the specified suffix. It contains all of the parts of the item's distinguished name except those outlined by the suffix. If the nillable attribute is set to true, then the item being represented is the higher level suffix. Using xsi:nil here will result in a status of 'does not exist' for object_class, ldaptype, and value since these entities are not associated with a suffix by itself. Note that when nil is used for the relative dn element, the attribute element should also be nilled. item - datatype attribute for the relative_dn entity of an ldap_item should be 'string' - attribute entity must be nil when relative_dn is nil Specifies a named value contained by the object. If the nillable attribute is set to true, then the item being represented is the higher level relative distinguished name. Using xsi:nil here will result in a status of 'does not exist' for object_class, ldaptype, and value since these entities are not associated with a relative distinguished name by itself. item - datatype attribute for the attribute entity of an ldap_item should be 'string' The name of the class of which the object is an instance. item - datatype attribute for the object_class entity of an ldap_item should be 'string' Specifies the type of information that the specified attribute represents. item - datatype attribute for the ldaptype entity of an ldap_item should be 'string' The actual value of the specified LDAP attribute. - The datatype has been set to 'int' but the value is not an integer. The sql_item outlines information collected from a database via an SQL query. The engine entity identifies the specific database engine used to connect to the database. item - datatype attribute for the engine entity of an sql_item should be 'string' The version entity identifies the version of the database engine used to connect to the database. item - datatype attribute for the version entity of an sql_item should be 'string' The connection_string entity defines connection parameters used to connect to the specific database. item - datatype attribute for the connection_string entity of an sql_item should be 'string' The sql entity holds the specific query used to identify the object(s) in the database. item - datatype attribute for the sql entity of an sql_item should be 'string' The result entity specifies the result(s) of the given SQL query against the database. - The datatype has been set to 'int' but the value is not an integer. The textfilecontent_item looks at the contents of a text file (aka a configuration file) by looking at individual lines. Specifies the absolute path to a file on the machine. item - datatype attribute for the filepath entity of a textfilecontent_item should be 'string' The path element specifies the directory component of the absolute path to a file on the machine. item - datatype attribute for the path entity of a textfilecontent_item should be 'string' The filename entity specifies the name of the file (without the path) that is being represented. item - datatype attribute for the filename entity of a textfilecontent_item should be 'string' The pattern entity represents a regular expression that is used to define a block of text. Subexpression notation (parenthesis) is used to call out a value(s) to test against. For example, the pattern abc(.*)xyz would look for a block of text in the file that starts with abc and ends with xyz, with the subexpression being all the characters that exist inbetween. Note that if the pattern can match more than one block of text starting at the same point, then it matches the longest. Subexpressions also match the longest possible substrings, subject to the constraint that the whole match be as long as possible, with subexpressions starting earlier in the pattern taking priority over ones starting later. item - datatype attribute for the pattern entity of a textfilecontent_item should be 'string' The instance entity calls out which match of the pattern is being represented by this item. The first match is given an instance value of 1, the second match is given and instance value of 2, and so on. The main purpose of this entity is too provide uniqueness for different textfilecontent_items that results from multiple matches of a given pattern against the same file. item - datatype attribute for the instance entity of a textfilecontent_item should be 'int' The line element represents a line in the file and is represented using a regular expression. 5.4 Due to the fact that the TextFileContent54_test supports multi-line pattern matching, the line entity is no longer needed. This entity has been deprecated and will be removed in version 6.0 of the language. DEPRECATED ELEMENT: ID: item - datatype attribute for the line entity of a textfilecontent_item should be 'string' The text entity represents the block of text that matched the specified pattern. item - datatype attribute for the text entity of a textfilecontent_item should be 'string' The subexpression entity represents the value of a subexpression in the specified pattern. If multiple subexpressions are specified in the pattern, then multiple entities are presented. Note that the textfilecontent_state in the definition schema only allows a single subexpression entity. This means that the test will check that all (or at least one, none, etc.) the subexpressions pass the same check. This means that the order of multiple subexpression entities in the item does not matter. - The datatype has been set to 'int' but the value is not an integer. This item stores information about OVAL Variables and their values. The id of the variable. item - datatype attribute for the var_ref entity of a variable_item should be 'string' The value of the variable. If a variable represents and array of values, then multiple value elements should exist. - The datatype has been set to 'int' but the value is not an integer. This item stores results from checking the contents of an xml file. Specifies the absolute path to a file on the machine. item - datatype attribute for the filepath entity of a xmlfilecontent_item should be 'string' The path element specifies the directory component of the absolute path to a file on the machine. item - datatype attribute for the path entity of a xmlfilecontent_item should be 'string' The filename element specifies the name of the file. item - datatype attribute for the filename entity of a xmlfilecontent_item should be 'string' Specifies an Xpath expression describing the text node(s) or attribute(s) to look at. item - datatype attribute for the xpath entity of a xmlfilecontent_item should be 'string' The value_of element checks the value(s) of the text node(s) or attribute(s) found. How this is used is entirely controlled by operator attributes. item - datatype attribute for the value_of entity of a xmlfilecontent_item should be 'string' The EntityItemEngineType complex type defines a string entity value that is restricted to an enumeration. Each valid entry in the enumeration is a valid database engine. The access value describes the Microsoft Access database engine. The db2 value describes the IBM DB2 database engine. The cache value describes the InterSystems Cache database engine. The firebird value describes the Firebird database engine. The firstsql value describes the FirstSQL database engine. The foxpro value describes the Microsoft FoxPro database engine. The informix value describes the IBM Informix database engine. The ingres value describes the Ingres database engine. The interbase value describes the Embarcadero Technologies InterBase database engine. The lightbase value describes the Light Infocon LightBase database engine. The maxdb value describes the SAP MaxDB database engine. The monetdb value describes the MonetDB SQL database engine. The mimer value describes the Mimer SQL database engine. The oracle value describes the Oracle database engine. The paradox value describes the Paradox database engine. The pervasive value describes the Pervasive PSQL database engine. The postgre value describes the PostgreSQL database engine. The sqlbase value describes the Unify SQLBase database engine. The sqlite value describes the SQLite database engine. The sqlserver value describes the Microsoft SQL database engine. The sybase value describes the Sybase database engine. The empty string value is permitted here to allow for detailed error reporting. The EntityItemFamilyType complex type defines a string entity value that is restricted to a set of enumerations. Each valid enumeration is a high-level family of system operating system. The ios value describes the Cisco IOS operating system. The macos value describes the Mac operating system. The unix value describes the UNIX operating system. The windows value describes the Windows operating system. The empty string value is permitted here to allow for detailed error reporting. The EntityItemVariableRefType complex type defines a string item entity that has a valid OVAL variable id as the value. The EntityItemLdaptypeType complex type restricts a string value to a specific set of values that specify the different types of information that an ldap attribute can represent. The empty string value is permitted here to allow for detailed error reporting. The data type is the attribute type description. The string is of Distinguished Name (path) of a directory service object. The bit string type. The string is displayable on screen or in print. The string is of a numeral to be interpreted as text. The data is of a Boolean value. The data is of an integer value. The data is of the universal time as expressed in Universal Time Coordinate (UTC). The data is of generalized time. The directory string. The object class description type. The data is of a time stamp in seconds. The data is of an e-mail message. The empty string value is permitted here to allow for detailed error reporting.