djhaynes
commented
11 years ago This item has been deferred from the Version 5.10 release.
Open djhaynes opened 11 years ago
djhaynes
commented
11 years ago This item has been deferred from the Version 5.10 release.
djhaynes
commented
11 years ago Recommend that this feature be prototyped using the xsd:any space within the OVAL System Characteristics element. it is unclear that the concept will apply to all tools. Some tools raise and lower their privileges based upon needed access at run time. For this capability to be useful it may need to reflect the privileges used when collecting each object.
As an output of the AI/OVAL Developer Days conversation (March 2011), it was proposed that the OVAL System Characteristics file would benefit from some construct that allowed the specification of the user that the scan was run as.
Outstanding questions that would need to be answered: 1.Would this simply record the user at a file level, or at a more detailed level. (There are cases where an Interpreter would raise privileges during the scan, and should that information also get recorded?) 2.Would use of AI be an appropriate implementation? Or something simpler?
Reference: Minutes from the Developer days conversation, available on the OVAL web site.
http://oval.mitre.org/community/docs/OVAL_Spring_2011_Developer_Days_Minutes.pdf