OVAL Checks

SAINT allows you to import OVAL checks from either the OVAL repository, or your own XML file containing OVAL checks. SAINT currently supports checks for the Microsoft Windows and IBM AIX platforms and includes support for definitions using any of the following test types:
 
An example list of supported OVAL repository definition files follows:

How to Import OVAL Checks

To import OVAL definitions, you may use the import/update link located on the scan policy page (shown below) to automatically download and import checks for you.
ss1.jpg
 

You may also manually import definitions by using the SCAP content importer which you can open by clicking on the "import other OVAL definitions" link shown above. The importer is also accessible via the Options -> Custom Checks page.

 

To specify two or more values for a variable used by one OVAL Definition, XCCDF can be used to run a definition multiple times—each time using a different variable set. For example, two rules are defined in an XCCDF benchmark, along with four values. In the first rule, values one and two are exported, in the second rule, values three and four are exported.

 

From the SCAP content importer form, you will be able to import any of the following:
 

After you have selected your input file, click Submit. The files will be validated, if necessary, and imported into SAINT. Info./Warning/Error messages will appear giving details about the progress and status of the file import.
 

OVAL External Variables

OVAL external variables will be stored in SAINT in a .var file where the format is:
 

                Var:id[tab]Value
 

                Var:id[tab]Value
 

                …

 

To import external variables, use either an OVAL external variable file, or a file with a .var extension in the above format and follow the directions in the section above titled "How To Import OVAL Checks." Once an external variable file has been imported into SAINT, you will have the option to modify it by clicking on the link under the Check Title/Actions column of the Existing Checks section located on the Options -> Custom Checks page, or by first selecting the file and then clicking the edit icon in the screen shot shown in the section above.

How to Run OVAL Checks

To run OVAL checks, go to the Scan icon. Select the Scan Policy tab. From the Filter By Category drop down menu select OVAL or Show all Policies. Select the OVAL definition file you want to use and if you have any external variables associated with the definition file you are using, select it from the External Variables drop down box. After you have selected your OVAL checks, you MUST enter authentication as all OVAL checks require authentication to run. From this point, the process is the same as running other scans. Once your scan setup is complete, select the Scan button to run your scan. Refer to the screen shot above.

How to Delete OVAL Checks

To delete an OVAL check file, simply click on the check box beside the name of the OVAL check on the Custom Checks page, and press Delete Selected.

How to View OVAL Scan Results

Note: Since data is stored on a per session basis, you need to be in the same session in which the scan was run.
 

To view the results of an OVAL scan, navigate to the Data Analysis page by clicking on the Data icon at the top of the application window and then click on SCAP Results. From there, you will be able to view and/or download the OVAL system characteristics and OVAL results files for each target, as depicted in the screen below.   

ovalxccdf-results.jpg