Répondre au commentaire

OVALdi - an open-source local vulnerability assessment scanner

OVALdi, also named the OVAL Interpreter, is an open-source tool developed by MITRE to demonstrate how the OVAL language may be used to scan a computer for vulnerabilities. This article provides a few hints about how to use this tool.

For now OVALdi is only a command-line tool with very limited documentation.

Download and install

Download the ovaldi package or installer from: http://sourceforge.net/projects/ovaldi/
On Windows, the installer is a simple auto-unzipper: Just click "unzip" and files should be copied in a folder such as "c:\Program Files\OVAL\ovaldi-5.x.x\".

Update vulnerability definitions

It is recommended to update the XML file containing vulnerability check definitions every time you run the tool:

download XML definitions for your system: http://oval.mitre.org/rep-data/org.mitre.oval/v/index.html
- For example, pick this file for Windows : http://oval.mitre.org/rep-data/org.mitre.oval/v/family/windows.xml
then copy the XML file in the same directory as ovaldi. For example on Windows it should be similar to "c:\Program Files\OVAL\ovaldi-5.x.x\".

Scan

Open a shell or CMD window, go to the ovaldi folder, then run the following command (using the XML file name you have just downloaded):

ovaldi.exe -m -o windows.xml

The scanner will first validate the XML data according to the OVAL language schema, this can take a long time so be patient. At this stage, it may stop with an error message. This is usually due to a new version of the OVAL language which is not supported by the installed ovaldi version. In this case, just download a new ovaldi version to upgrade it.

At the end of the scanning process (which may take 5-10 minutes), several result files will be produced. Open the file results.html to look at results.

Known limitations

OVALdi is open-source and still under heavy development, so the results may not always be accurate:

The repository of OVAL definitions is not complete yet: Not all vulnerabilities will be detected.
Non-English versions of Windows do not seem to be supported as well as English versions: In practice you may encounter more false positives (reported vulnerabilities even when the patch is already installed).
Potential bugs.

Additional resources

Overview presentation: http://nvd.nist.gov/scap/docs/conference%20presentations/workshops/OVAL%...

Ajouter un commentaire

Répondre

Votre nom :

E-mail :

Le contenu de ce champ ne sera pas montré publiquement.

Page personnelle :

Sujet :

Commentaire : *

Les adresses de pages web et de messagerie électronique sont transformées en liens automatiquement.
Allowed HTML tags: <a> <b> <address> <blockquote> <br> <caption> <center> <code> <dd> <del> <div> <dl> <dt> <em> <font> <h2> <h3> <h4> <h5> <h6> <hr> <i> <img> <li> <ol> <p> <pre> <span> <strong> <sub> <sup> <table> <tbody> <td> <tfoot> <th> <thead> <tr> <u> <ul> <tr>
Les lignes et les paragraphes vont à la ligne automatiquement.
You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>. The supported tag styles are: <foo>, [foo].
Insérer [toc list: ol; title: Table of Contents; minlevel: 2; maxlevel: 3; attachments: yes;] pour afficher une table des matières déroulable de style MediaWiki. Tous les arguments sont optionnels.

Plus d'informations sur les options de formatage

By submitting this form, you accept the Mollom privacy policy.

Languages

Navigation

Contenu populaire

Aujourd'hui :

Depuis toujours :