Reply to comment

OVALdi - an open-source local vulnerability assessment scanner

OVALdi, also named the OVAL Interpreter, is an open-source tool developed by MITRE to demonstrate how the OVAL language may be used to scan a computer for vulnerabilities. This article provides a few hints about how to use this tool.

For now OVALdi is only a command-line tool with very limited documentation.

Download and install

Download the ovaldi package or installer from: http://sourceforge.net/projects/ovaldi/
On Windows, the installer is a simple auto-unzipper: Just click "unzip" and files should be copied in a folder such as "c:\Program Files\OVAL\ovaldi-5.x.x\".

Update vulnerability definitions

It is recommended to update the XML file containing vulnerability check definitions every time you run the tool:

download XML definitions for your system: http://oval.mitre.org/rep-data/org.mitre.oval/v/index.html
- For example, pick this file for Windows : http://oval.mitre.org/rep-data/org.mitre.oval/v/family/windows.xml
then copy the XML file in the same directory as ovaldi. For example on Windows it should be similar to "c:\Program Files\OVAL\ovaldi-5.x.x\".

Scan

Open a shell or CMD window, go to the ovaldi folder, then run the following command (using the XML file name you have just downloaded):

ovaldi.exe -m -o windows.xml

The scanner will first validate the XML data according to the OVAL language schema, this can take a long time so be patient. At this stage, it may stop with an error message. This is usually due to a new version of the OVAL language which is not supported by the installed ovaldi version. In this case, just download a new ovaldi version to upgrade it.

At the end of the scanning process (which may take 5-10 minutes), several result files will be produced. Open the file results.html to look at results.

Known limitations

OVALdi is open-source and still under heavy development, so the results may not always be accurate:

The repository of OVAL definitions is not complete yet: Not all vulnerabilities will be detected.
Non-English versions of Windows do not seem to be supported as well as English versions: In practice you may encounter more false positives (reported vulnerabilities even when the patch is already installed).
Potential bugs.

Additional resources

Overview presentation: http://nvd.nist.gov/scap/docs/conference%20presentations/workshops/OVAL%...

Add new comment

Reply

Your name:

E-mail:

The content of this field is kept private and will not be shown publicly.

Homepage:

Subject:

Comment: *

Web page addresses and e-mail addresses turn into links automatically.
Allowed HTML tags: <a> <b> <address> <blockquote> <br> <caption> <center> <code> <dd> <del> <div> <dl> <dt> <em> <font> <h2> <h3> <h4> <h5> <h6> <hr> <i> <img> <li> <ol> <p> <pre> <span> <strong> <sub> <sup> <table> <tbody> <td> <tfoot> <th> <thead> <tr> <u> <ul> <tr>
Lines and paragraphs break automatically.
You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>. The supported tag styles are: <foo>, [foo].
Use [toc list: ol; title: Table of Contents; minlevel: 2; maxlevel: 3; attachments: yes;] to insert a mediawiki style collapsible table of contents. All the arguments are optional.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.

Languages

Navigation

Popular content

Today's:

All time: