Loren Bandiera’s weblog

Been hacking on the OVAL results code today. The first task was to clean up the hard coded values.

Next I started working on the system_info section of the results XML. One of the things I need to have do is get a list of interfaces on a machine and collect the interface name, ip address and MAC address. Not sure if this can be handled in managed code.

In Linux I can try and parse /proc/net/dev but that doesn’t get me the MAC address. I was also considering parsing the output of ifconfig(8) but then I remembered I hate writing parsers

I need to think about this some more. Suggestions are welcome.

The last part of the OvalResults.cs code I’ve been working on is the XML namespaces. If you look at the code in the above link you’ll see I’m just setting the data via XmlElement.SetAttribute.

If I try and set xsi:schemaLocation like that then I get an exception. There must be a better way to specify multiple namespaces of an XmlElement but I’m just not seeing it right now.

Been working on trying to have Sussen validate OVAL XML definition files. This should have been pretty straightforward:

public static void ValidateEventHandler
      (object sender, ValidationEventArgs e)
{
	Console.WriteLine ("Bad stuff happened");
	Console.WriteLine (e.Exception.Message);
	Console.WriteLine (e.Exception.LineNumber);
	Console.WriteLine ("Severity:{0}", e.Severity);
}

public static void Validate ()
{
	XmlTextReader reader = new XmlTextReader (filename);
	XmlValidatingReader vr = new XmlValidatingReader (reader);
	XmlSchemaCollection sc = new XmlSchemaCollection();

	sc.Add ("oval", "oval-schema.xsd");
	sc.Add ("redhat", "redhat-schema.xsd");

	vr.Schemas.Add (sc);
	vr.ValidationType = ValidationType.Schema;

	vr.ValidationEventHandler +=
            new ValidationEventHandler (ValidateEventHandler);

	Console.WriteLine ("Starting validation");

	while (vr.Read())
	{
	}

	Console.WriteLine ("Finished validation");
}

When I try and run this under Linux/Mono I get the following:

XmlSchema error: Referenced attribute
group http://oval.mitre.org/XMLSchema/oval:subtestAttributes
was not found in the corresponding schema.

Under Windows/.NET I get:

Reference to undeclared substitution group affiliation.

I’m not sure why this fails. I looked at the reference OVAL implementation source code but that offered no clues.

Back to the drawing board…

Renamed the assembly Sussen.Oval.Redhat to Sussen.Oval.Unix this morning. Started on two new tests (TextFileContent and XmlFileContent) which are needed for Debian and Solaris support.

I was going to start on the Shadow test but reading the Mono.Unix docs showed it doesn’t support the shadow(3) functions. I vaguely recall running into something like this before

Looks like I’ll need to do some Mono hacking. They were responsive to my patches last time.

Checked in some minor work into the code repository today. The first thing was to add a –help option to the agent, server and client so you can find out the command line options. Along those lines I also wrote the initial man pages too.

In OVAL news, I’ve been tinkering on support for Debian and Solaris definitions (although no official definitions have been released; the OVAL guys seemed to just have the schemas defined).

Looks like I’ll be creating a Sussen.Oval.Unix assembly and have the others (RedHat, Debian, Solaris) use that for a common base and implement just the specifics for each platform.

Sussen 0.11 has been released today. You can download a copy from www.sussen.org.

I noticed that VIA has (finally) released an updated Envy24 audio driver for 64-bit Windows systems. It’s listed as being v4.60 and dated May 20, 2005. I downloaded it and installed it. Looks better than the last beta where I needed ugly registry hacks to install the driver.

You can download the drivers from viaarena.com.

Now if only NVIDIA would release a final set of drivers for their Nforce4 chipset.

Spent some time yesterday hacking on LAT. The biggest changes would be that I got the copy/cut/pasting of entries in the browser working and there was the re-login feature I wrote a little while back.

I released LAT v0.5.3 today. Grab a fresh copy from the project site.