Open
banners

From Openscap

[edit]

Compilation

Compilation is pretty straightforward. It follows linux standards(gcc,make).

  1. ./autogen.sh for those who get fresh sources from git repository. It requires: autoconf automake libtool. If you use release taball you can skip this step.
  2. ./configure && make build the library. Dependencies may very, it depends on enabled features(by configure). By default you need: swig, libxml2-devel, rpm-devel, libgcrypt-devel, pcre-devel, python-devel, perl-devel, libcurl-devel installed on your system.
  3. make check run library self-checks
  4. make install run installation procedure
[edit]

Simple OVAL scanner

Creating a simple scanning application by OpenSCAP library is very easy. I'll demonstrate it in following paragraphs in C.

First we need to take care of includes: 

#include <...>
#include <oval_agent_api.h>

This callback will print result for each definition: 

static int call(const struct oscap_reporter_message *msg, void *arg) {
    fprintf(stdout, "definition: %s: %s\n", oscap_reporter_message_get_user1str(msg),
                                            oval_result_get_text(oscap_reporter_message_get_user2num(msg)));
    return 0;
}

We gonna need definition model, results model, result directives and agent session: 

int main(int argc, char **argv)
{
    struct oval_definition_model    *def_model;
    struct oval_results_model       *res_model;
    struct oval_result_directives   *res_direct;
    oval_agent_session_t            *asession;

Usage: 

    if (argc != 3) {
            fprintf(stdout, "usage: ./agent oval_definition_file.xml oval_result_file.xml\n");
            return 1;
    }

Initialization: 

    def_model = oval_definition_model_import(argv[1]);
    asession = oval_agent_new_session(def_model);

Main loop where all definitions are evaluated and callback upon single evaluation is called: 

    oval_agent_eval_system(asession,call,NULL);

Report results: 

    res_model=oval_agent_get_results_model(asession);
    res_direct = oval_result_directives_new(res_model);
    oval_result_directives_set_reported(res_direct, OVAL_RESULT_TRUE | OVAL_RESULT_FALSE | OVAL_RESULT_UNKNOWN | OVAL_RESULT_ERROR |
                                                        OVAL_RESULT_NOT_EVALUATED | OVAL_RESULT_NOT_APPLICABLE , true);
    oval_result_directives_set_content(res_direct, OVAL_RESULT_TRUE | OVAL_RESULT_FALSE | OVAL_RESULT_ERROR , OVAL_DIRECTIVE_CONTENT_FULL);
    oval_results_model_export(res_model, res_direct, argv[2]);

Clean up: 

    oval_agent_destroy_session(asession);
    oval_definition_model_free(def_model);
    oval_result_directives_free(res_direct);
    oscap_cleanup();
    return 0;
}


[edit]

Usage

At this point we have OpenSCAP library installed and we have our "hello world" scanner written.

Let's compile the scanner: 

$gcc -o oval-agent -lopenscap -I/usr/include/openscap -g -Wall oval-agent.c

As an input for the scanner we need valid OVAL content. We can write our own (escape) or use one already created. Note that Fedora OVAL content is provided in OpenSCAP release tarball. 

$./oval-agent scap-fedora12-oval.xml scap-fedora12-oval-result.xml

The scanner will examines the system and evaluates OVAL definitions. The result of each definition is printed to standard output and OVAL Results are saved into scap-fedora12-oval-result.xml file

[edit]

Other examples

If you are interested in other examples, such as XCCDF scanner or content validator, we recommend to examine oscap tool that is available in tarball under utils subdirectory.

Retrieved from "http://www.open-scap.org/page/Tutorial"
Views Article Discussion Edit History
Personal tools:  Log in / create account
Toolbox What links here Related changes Upload file Special pages Printable version