There is some facts about current OVAL support in deb-based distributions (Debian and Ubuntu):
In next phase we plan to add official support status to OVAL definitions for Debian and Ubuntu distributions.
My task for GSoC 2007 was further integration of OVAL language and infrastructure with Debian project. OVAL language already include scheme for support Debian package system (dpkg), but this functionality was don’t implemented in referenced OVAL interpretator. Therefore my first task was implement this support, create Debian package for referenced OVAL interpretator, and submit resulted patches to upstream for inclusion in next official release.
My second task was improve script that convert DSA to OVAL definitions. This script was initially developed by my mentor Javier Fernandez-Sanguino, but was based on old OVAL version and generate only simple OVAL definition that not pass validation by OVAL definition scheme.
Implementing of this two task will allow to use OVAl interpretator to evaluate security status of Debian hosts according to issued DSA. Both of this task is finished now. During work on implementing DPKG support in referenced OVAL interpretator i was implement DPKGInfoProbe and TextFileContentProbe classes. This patches was included in ovaldi Debian package and sent to upstream. Currently this patches not fully applied to upstream source, but i will continue interaction with OVAL developers to include this feature in next release.
DSA to OVAL definitions converter was fully rewrite on python language and now produce valid OVAL definitions for most of DSA in Debian repository (some old DSA is ignored because have different naming scheme). We plan to use this script as part of oval-server package for in-place conversion of DSA and on security.debian.org web-site to provide Debian OVAL definitions feed corresponding to issued DSA. This converter require some updates to reduce memory usage on handling large DSA repository (like full DSA repository).
Second and very important task was implementing agent-server architecture over the OVAL interpretator to centralized handle security status of whole Debian networks. This task include development of oval-server program that must generate OVAL definitions repository (generate from DSA or download from official debian.org feed), generate per-client definitions to evaluate security status of Debian client hosts and generate security status reports for visual presentation of security status. Oval-agent tools was developed to work on client side and it purpose include receive OVAL definitions from server, evaluate them with OVAL interpretator and send results back to server.
At the first stage of project i will plan implement both tools in C++, but during work on this task i change my choice to python language due to time constraint and better integration with DSA2OVAL converter. Oval-server use SQLite as database engine to store information about clients and definitions, HTTP protocol to interact with oval-agents and currently support synchronization DSA repository over http, ftp, local fs (in plan mail and rss support, and support fetch prepared OVAL definitions from debian.org website).
Both, oval-agent and oval-server in working prototype stage. They implements most of required functional, but have some important issues which must be fixed before inclusion in Debian repository. I plan to keep list of this issues on DebianOval wiki page.
I plan to continue working and prepare oval-agent and oval-server packages to the end of this year or early.
During last month my life was greatly changed. I moved into other town, and set up my new work. Now i will work on Java EE stack and continue write my Ph.D. thesis on Multi-Agent Solutions. As for Oval Agent project — i will continue it development as SAMS project.
For Oval project i plan to focus on fixing bugs in oval-agent and oval-server. Improve performance and memory requirements for converting Debian DSA. After this i will update Debian packages for this module and ask my summer mentor Javier Fernandez-Sanguino to sponsoring this packages.
For SAMS project we plan to release SAMS 1.0 in next days after this i can focus on updating Debian package and improve analog log parser for squid access.log. Also we need to focus on updating English version of documentation.
This goals planed to the end of current year and i hope that i can finish this until Christmas.
Today i finished most work on adopting OVAL interpretator for work with Debian OVAL definitions. This include implementation of TextFileContentProbe DPKGInfoProbe classes. Now we have both —
Next targets:
Second part of my work in SoC was implement support of DEB-based distribution in OVAL interpreter. After discussion with my mentor i choice libapt for interacting with Debian package system.
But i have a troubles with this library because it have poor documentation. I start use regression test, which i found in library source but some of them seems broken. After some attempt to find problem i move to apt-get source and use them to build my first package querying program. apt-get use dpkg cache file to obtain information about all available packages. Therefor source for querying packages from dpkg cache file seems like:
bool checkExist (string package) { bool exist = false;
pkgCacheFile *Cache = new pkgCacheFile(); OpTextProgress Prog(*_config); if (Cache->Open(Prog, true) == false) { cerr << "I need more priveleges." << endl; } pkgCache::PkgIterator Pkg = (*Cache)->FindPkg (package); if (strcmp (Pkg.Name(), package.c_str()) == 0 and (Pkg.CurrentVer())) exist = true; Cache->Close(); return (exist);}
I think this approach is good and compact but have one lack in size of querying cache. Because we query over all available packages, not only installed. And for my machine this number about 20000.
My mentor Javier propose another approach based on apt-sort source code. This approach use dpkg status file for querying information about installed packages. There another version of checkExist function:
bool DPKGCheckExist (string name) { FileFd Fd(StatusFile, StatusFile::ReadOnly); pkgTagFile Tags(&Fd);
bool found = false; if (_error->PendingError() == true) return "false"; // Parse. vector List; pkgTagSection Section; unsigned long Offset = Tags.Offset(); while (Tags.Step(Section) == true && found == false) { PkgName Tmp; /* Fetch the name, auto-detecting if this is a source file or a package file */ Tmp.Name = Section.FindS("Package"); if (Tmp.Name.empty() == true) //return _error->Error("Unknown package record!"); return "false"; if ( stringcasecmp(Tmp.Name,name) == 0 ) { if (stringcasecmp(Tmp.Stat,"install ok installed") == 0 ) { return true; } else { cout << "Package not fully installed" << endl; return false; } found = true; } Tmp.Offset = Offset; Tmp.Length = Section.size(); Offset = Tags.Offset(); } if (found == false) return "ERROR"; if (_error->PendingError() == true) return "ERROR";}
This example contain more code, but also allow to extract more information about installed packages. And this fragments would move to other functions which used to extraction DPKG package information. Currently i use this example in my work.
If you would plan use of libapt in you project this two approach may help you get started in rigth way.
During last two weeks i work with Python and XML. This is my best time that i remember! I use my favorite tools, that i love for its universality, portability and expressiveness. But too long i have only theoretical experience. And now i forget many basic things. This is hard to recollect all this things and trick.
But everday i use it for practice things, and as my code is ugly yet, but i think after some time — i again start write good code.
And now — Let’s code continue.
One month pass since Google publish list af accepted GSOC 2007 project. This time call interim period. Time to start familiarity with people and code and time to Surprizes and Gifts!
Initial payment is our first gift. And it is realy cool. It is up our motivation level up to +10 and allow realize our wishes. Laptop — this is my main wish for last 2 years. And with initial payment — it is “my charm”:) I bye middle level laptop — Dell Latitude 120L. I search for Thinkpad, but can’t find any offers in our town now. I read forums and find what all things included WIFI works well in Linux.
Other surprize from Google — is a book. Nor author name, nor book title is called in maillist. They kept it in secrets for last moment. And i assumed what it “The C Programming Language”, and glad to see it on my bookshelf. And today i receive it, this is “Producing open source software” by Karl Fogel, one of subversion developers. And it also good, i read it with pleasure some time leter.
On this relaxation is over, from 28 May we start write a code and do it during all summer… So, Let’s code begin…
