Policy interface to Extensible Configuration Checklist Description Format.
More...
Detailed Description
Policy interface to Extensible Configuration Checklist Description Format.
Purpose of this layer is to separate the transport syntax of the XCCDF XML from the processes of evaluating and scoring the policy content comprised by the XCCDF documents. XCCDF Policy model performs the loading, evaluation and scoring tasks of XCCDF.
Function Documentation
Return names of files that are used in checks of particular rules.
Every check needs this file to be evaluated properly. If this file will not be imported and bind to the XCCDF Policy system the result of rule after evaluation will be "Not checked"
Return names of files that are used in checks of particular rules.
Every check needs this file to be evaluated properly. If this file will not be imported and bind to the XCCDF Policy system the result of rule after evaluation will be "Not checked"
The resulting list should be freed with oscap_filelist_free.
Add rule to Policy.
- Returns:
- true if rule has been added succesfully
Add value binding to the Policy structure.
- Returns:
- true if rule has been added succesfully
Call the checking engine for each selected rule in given policy structure.
- Parameters:
-
policy | given Policy to evaluate |
- Returns:
- true if evaluation pass or false in case of error
- Example
- Before each policy evaluation user has to register callback that will be called for each check. Every checking engine must have registered callback or the particular check will be skipped. In the code below is used the predefined function oval_agent_eval_rule for evaluation OVAL checks:
- If you use this predefined OVAL callback, user data structure (last parameter of register function) MUST be of type oval_agent_session_t:
const char * xccdf_policy_get_id |
( |
struct xccdf_policy * |
policy | ) |
|
Get ID of XCCDF Profile that is implemented by XCCDF Policy.
- Parameters:
-
- Returns:
- ID of Policy's Profile
Get model from Policy (parent structure of Policy to access the benchmark)
- Parameters:
-
- Returns:
- Policy model
Get XCCDF Profile from Policy.
- Returns:
- XCCDF Profile
Get XCCDF Result structure by it's idetificator if there is one.
- Returns:
- structure xccdf_result if found, NULL otherwise
Get score of the XCCDF Benchmark.
- Parameters:
-
policy | XCCDF Policy |
test_result | Test Result model |
system | Score system |
- Returns:
- XCCDF Score
Add check export to the Value Binding structure.
- Returns:
- true if rule has been added succesfully Get select from policy by specified ID of XCCDF Item
-
XCCDF Select
Get selected rules from policy.
- Returns:
- Pointer to select iterator.
- Return values:
-
Add Policy to Policy Model.
- Returns:
- true if policy has been added succesfully
Get Benchmark from Policy Model.
- Parameters:
-
item | Policy model structure |
- Returns:
- XCCDF Benchmark for given policy model
Return names of files that are used in checks of particular rules.
Every check needs this file to be evaluated properly. If this file will not be imported and bind to the XCCDF Policy system the result of rule after evaluation will be "Not checked"
Get policies from Policy Model.
- Parameters:
-
- Returns:
- Iterator for list of policies
Get XCCDF Policy from Policy model by speciefied ID of Profile.
- Parameters:
-
policy_model | XCCDF Policy model |
id | ID of Profile |
- Returns:
- XCCDF Policy
Return names of files that are used in checks of particular rules.
Every check needs this file to be evaluated properly. If this file will not be imported and bind to the XCCDF Policy system the result of rule after evaluation will be "Not checked"
The resulting list should be freed with oscap_filelist_free.
bool xccdf_policy_model_register_engine_callback |
( |
struct xccdf_policy_model * |
model, |
|
|
char * |
sys, |
|
|
void * |
func, |
|
|
void * |
usr |
|
) |
| |
Function to register callback for checking system.
- Parameters:
-
model | XCCDF Policy Model |
sys | String representing given checking system |
func | Callback - pointer to function called by XCCDF Policy system when rule parsed |
usr | optional parameter for passing user data to callback |
- Returns:
- true if callback registered succesfully, false otherwise
Function to register output callback for checking system that will be called AFTER each rule evaluation.
- Parameters:
-
model | XCCDF Policy Model |
func | Callback - pointer to function called by XCCDF Policy system when rule parsed |
usr | optional parameter for passing user data to callback |
- Returns:
- true if callback registered succesfully, false otherwise
- Example
- With the first function below (register output callback) user registers the callback that will be called after each rule evalution is done. Second callback is registered as callback for evaluation itself and will be called during the evaluation. The example of callback:
{
printf("\n");
printf("Rule ID:\r\t\t\033[1m%s\033[0;0m\n", oscap_reporter_message_get_user1str(msg));
printf("Title:\r\t\t%s\n", oscap_reporter_message_get_user3str(msg));
printf(
"Result:\r\t\t\033[%sm%s\033[0m\n", RESULT_COLORS[result], xccdf_test_result_type_get_text((
xccdf_test_result_type_t) result));
return 0;
}
Function to register start callback for checking system that will be called BEFORE each rule evaluation.
- Parameters:
-
model | XCCDF Policy Model |
func | Callback - pointer to function called by XCCDF Policy system when rule parsed |
usr | optional parameter for passing user data to callback |
- Returns:
- true if callback registered succesfully, false otherwise
- Example
- With the first function below (register start callback) user registers the callback that will be called before each rule evalution is started. Second callback is registered as callback for evaluation itself and will be called during the evaluation. Last callback is registered output callback. The example of callback_start:
{
printf("Evaluating rule \"%s\". Please wait.". oscap_reporter_message_get_user1num(msg));
return 0;
}
Constructor of Policy structure.
- Parameters:
-
model | Policy model |
profile | Profile from XCCDF Benchmark |
Resolve benchmark by applying all refine_rules and refine_values to rules / values of benchmark.
All properties in benchmark will be irreversible changed and user has to load benchmark (from XML) again to discard these changes.
- Parameters:
-
policy | XCCDF policy containing rules/values that will be applied to benchmark rules/values. |
- Returns:
- true if process ends succesfuly or false in case of error
bool xccdf_policy_set_selected |
( |
struct xccdf_policy * |
policy, |
|
|
char * |
idref |
|
) |
| |
Set a new selector to the Policy structure.
- Returns:
- true if rule has been added succesfully
char* xccdf_policy_substitute |
( |
const char * |
text, |
|
|
struct xccdf_policy * |
policy |
|
) |
| |
Perform textual substitution of cdf:sub elements with respect to given XCCDF policy.
- Parameters:
-
text | text to be substituted |
policy | policy to be used |
Clone the item and tailor it against given policy (profile)
- Parameters:
-
policy | Policy with profile |
item | XCCDF item to be tailored |
- Returns:
- new item that has to be freed by user
Get variable name from value bindings.
- Returns:
- String
get Value operator from value bindings
- Returns:
- xccdf_operator_t
get Set Value from value bindings
- Returns:
- String
get variable type from value bindings
- Returns:
- xccdf_value_type_t
Get value from value bindings.
- Returns:
- String
Constructor of structure with profile bindings - refine_rules, refine_values and set_values.
- Returns:
- new structure of xccdf_value_binding