Policy interface to Extensible Configuration Checklist Description Format. More...
Data Structures | |
struct | xccdf_policy_model |
XCCDF policy model structure contains xccdf_benchmark as reference to Benchmark element in XML file and list of policies that are abstract structure of Profile element from benchmark file. More... | |
struct | xccdf_policy |
XCCDF policy structure is abstract (class) structure of Profile element from benchmark. More... | |
struct | xccdf_value_binding |
XCCDF value binding structure is binding between Refine values, Set values, Value element and Check export element of benchmark. More... | |
struct | xccdf_policy_iterator |
Iterate through policies. More... | |
struct | oscap_file_entry_iterator |
struct | oscap_file_entry_list |
Files | |
file | xccdf_policy.h |
Open-scap XCCDF Policy library interface. | |
Functions | |
struct xccdf_policy_model * | xccdf_policy_model::xccdf_policy_model_new (struct xccdf_benchmark *benchmark) |
Constructor of Policy Model structure. | |
struct xccdf_policy * | xccdf_policy::xccdf_policy_new (struct xccdf_policy_model *model, struct xccdf_profile *profile) |
Constructor of Policy structure. | |
struct xccdf_value_binding * | xccdf_value_binding::xccdf_value_binding_new (void) |
Constructor of structure with profile bindings - refine_rules, refine_values and set_values. | |
void | xccdf_policy_model::xccdf_policy_model_free (struct xccdf_policy_model *) |
Destructor of Policy Model structure. | |
void | xccdf_policy::xccdf_policy_free (struct xccdf_policy *) |
Destructor of Policy structure. | |
void | xccdf_value_binding::xccdf_value_binding_free (struct xccdf_value_binding *) |
Destructor of Value binding structure. | |
bool | xccdf_policy_model::xccdf_policy_model_register_engine_callback (struct xccdf_policy_model *model, char *sys, void *func, void *usr) |
Function to register callback for checking system. | |
bool | xccdf_policy_model::xccdf_policy_model_register_output_callback (struct xccdf_policy_model *model, oscap_reporter func, void *usr) |
Function to register output callback for checking system that will be called AFTER each rule evaluation. | |
bool | xccdf_policy_model::xccdf_policy_model_register_start_callback (struct xccdf_policy_model *model, oscap_reporter func, void *usr) |
Function to register start callback for checking system that will be called BEFORE each rule evaluation. | |
Evaluators | |
| |
struct xccdf_item * | xccdf_policy_tailor_item (struct xccdf_policy *policy, struct xccdf_item *item) |
Clone the item and tailor it against given policy (profile). | |
struct oscap_file_entry_list * | xccdf_policy_model_get_systems_and_files (struct xccdf_policy_model *policy_model) |
Return names of files that are used in checks of particular rules. | |
struct oscap_file_entry_list * | xccdf_item_get_systems_and_files (struct xccdf_item *item) |
Return names of files that are used in checks of particular rules. | |
struct oscap_stringlist * | xccdf_policy_model_get_files (struct xccdf_policy_model *policy_model) |
Return names of files that are used in checks of particular rules. | |
struct oscap_stringlist * | xccdf_item_get_files (struct xccdf_item *item) |
Return names of files that are used in checks of particular rules. | |
struct xccdf_result * | xccdf_policy::xccdf_policy_evaluate (struct xccdf_policy *policy) |
Call the checking engine for each selected rule in given policy structure. | |
bool | xccdf_policy::xccdf_policy_resolve (struct xccdf_policy *policy) |
Resolve benchmark by applying all refine_rules and refine_values to rules / values of benchmark. | |
struct oscap_file_entry * | oscap_file_entry::oscap_file_entry_new (void) |
struct oscap_file_entry * | oscap_file_entry::oscap_file_entry_dup (struct oscap_file_entry *file_entry) |
void | oscap_file_entry::oscap_file_entry_free (struct oscap_file_entry *entry) |
const char * | oscap_file_entry::oscap_file_entry_get_system (struct oscap_file_entry *entry) |
const char * | oscap_file_entry::oscap_file_entry_get_file (struct oscap_file_entry *entry) |
struct oscap_file_entry * | oscap_file_entry_iterator::oscap_file_entry_iterator_next (struct oscap_file_entry_iterator *it) |
bool | oscap_file_entry_iterator::oscap_file_entry_iterator_has_more (struct oscap_file_entry_iterator *it) |
void | oscap_file_entry_iterator::oscap_file_entry_iterator_free (struct oscap_file_entry_iterator *it) |
void | oscap_file_entry_iterator::oscap_file_entry_iterator_reset (struct oscap_file_entry_iterator *it) |
struct oscap_file_entry_list * | oscap_file_entry_list::oscap_file_entry_list_new (void) |
void | oscap_file_entry_list::oscap_file_entry_list_free (struct oscap_file_entry_list *list) |
struct oscap_file_entry_iterator * | oscap_file_entry_list::oscap_file_entry_list_get_files (struct oscap_file_entry_list *list) |
Iterators | |
| |
struct xccdf_score * | xccdf_policy_get_score (struct xccdf_policy *policy, struct xccdf_result *test_result, const char *system) |
Get score of the XCCDF Benchmark. | |
char * | xccdf_policy_substitute (const char *text, struct xccdf_policy *policy) |
Perform textual substitution of cdf:sub elements with respect to given XCCDF policy. | |
bool | xccdf_policy_iterator::xccdf_policy_iterator_has_more (struct xccdf_policy_iterator *it) |
Return true if the list is not empty, false otherwise. | |
struct xccdf_policy * | xccdf_policy_iterator::xccdf_policy_iterator_next (struct xccdf_policy_iterator *it) |
Return the next xccdf_policy structure from the list and increment the iterator. | |
void | xccdf_policy_iterator::xccdf_policy_iterator_free (struct xccdf_policy_iterator *it) |
Free the iterator structure (it makes no changes to the list structure). | |
void | xccdf_policy_iterator::xccdf_policy_iterator_reset (struct xccdf_policy_iterator *it) |
Reset the iterator structure (it will point to the first item in the list). | |
Getters | |
Return value is pointer to structure's member. Do not free unless you null the pointer in the structure. Use remove function otherwise. | |
struct xccdf_policy_model * | xccdf_policy::xccdf_policy_get_model (const struct xccdf_policy *policy) |
Get model from Policy (parent structure of Policy to access the benchmark). | |
struct xccdf_benchmark * | xccdf_policy_model::xccdf_policy_model_get_benchmark (const struct xccdf_policy_model *item) |
Get Benchmark from Policy Model. | |
struct xccdf_value_binding_iterator * | xccdf_policy::xccdf_policy_get_values (const struct xccdf_policy *item) |
Get Value Bindings from XCCDF Policy. | |
struct xccdf_policy_iterator * | xccdf_policy_model::xccdf_policy_model_get_policies (const struct xccdf_policy_model *model) |
Get policies from Policy Model. | |
struct xccdf_select_iterator * | xccdf_policy::xccdf_policy_get_selected_rules (struct xccdf_policy *) |
Get selected rules from policy. | |
struct xccdf_profile * | xccdf_policy::xccdf_policy_get_profile (const struct xccdf_policy *) |
Get XCCDF Profile from Policy. | |
struct xccdf_select_iterator * | xccdf_policy::xccdf_policy_get_selects (const struct xccdf_policy *) |
Get rules from Policy. | |
char * | xccdf_value_binding::xccdf_value_binding_get_name (const struct xccdf_value_binding *) |
Get variable name from value bindings. | |
char * | xccdf_value_binding::xccdf_value_binding_get_value (const struct xccdf_value_binding *) |
Get value from value bindings. | |
xccdf_value_type_t | xccdf_value_binding::xccdf_value_binding_get_type (const struct xccdf_value_binding *) |
get variable type from value bindings | |
xccdf_operator_t | xccdf_value_binding::xccdf_value_binding_get_operator (const struct xccdf_value_binding *) |
get Value operator from value bindings | |
char * | xccdf_value_binding::xccdf_value_binding_get_setvalue (const struct xccdf_value_binding *) |
get Set Value from value bindings | |
struct xccdf_result_iterator * | xccdf_policy_model::xccdf_policy_get_results (const struct xccdf_policy *policy) |
Get results of all XCCDF Policy results. | |
struct xccdf_result * | xccdf_policy_model::xccdf_policy_get_result_by_id (struct xccdf_policy *policy, const char *id) |
Get XCCDF Result structure by it's idetificator if there is one. | |
const char * | xccdf_policy::xccdf_policy_get_id (struct xccdf_policy *policy) |
Get ID of XCCDF Profile that is implemented by XCCDF Policy. | |
struct xccdf_policy * | xccdf_policy_model::xccdf_policy_model_get_policy_by_id (struct xccdf_policy_model *policy_model, const char *id) |
Get XCCDF Policy from Policy model by speciefied ID of Profile. | |
Setters | |
Parameters of set functions are duplicated in memory and need to be freed by caller. | |
bool | xccdf_policy_model::xccdf_policy_model_add_policy (struct xccdf_policy_model *, struct xccdf_policy *) |
Add Policy to Policy Model. | |
bool | xccdf_policy::xccdf_policy_add_select (struct xccdf_policy *, struct xccdf_select *) |
Add rule to Policy. | |
bool | xccdf_policy::xccdf_policy_set_selected (struct xccdf_policy *policy, char *idref) |
Set a new selector to the Policy structure. | |
bool | xccdf_policy_model::xccdf_policy_add_result (struct xccdf_policy *policy, struct xccdf_result *item) |
Add result to XCCDF Policy Model. | |
bool | xccdf_policy::xccdf_policy_add_value (struct xccdf_policy *, struct xccdf_value_binding *) |
Add value binding to the Policy structure. | |
struct xccdf_select * | xccdf_policy::xccdf_policy_get_select_by_id (struct xccdf_policy *policy, const char *item_id) |
Add check export to the Value Binding structure. |
Policy interface to Extensible Configuration Checklist Description Format.
Purpose of this layer is to separate the transport syntax of the XCCDF XML from the processes of evaluating and scoring the policy content comprised by the XCCDF documents. XCCDF Policy model performs the loading, evaluation and scoring tasks of XCCDF.
struct oscap_file_entry * oscap_file_entry_dup | ( | struct oscap_file_entry * | file_entry | ) | [read, inherited] |
void oscap_file_entry_free | ( | struct oscap_file_entry * | entry | ) | [inherited] |
const char * oscap_file_entry_get_file | ( | struct oscap_file_entry * | entry | ) | [inherited] |
const char * oscap_file_entry_get_system | ( | struct oscap_file_entry * | entry | ) | [inherited] |
void oscap_file_entry_iterator_free | ( | struct oscap_file_entry_iterator * | it | ) | [inherited] |
bool oscap_file_entry_iterator_has_more | ( | struct oscap_file_entry_iterator * | it | ) | [inherited] |
struct oscap_file_entry * oscap_file_entry_iterator_next | ( | struct oscap_file_entry_iterator * | it | ) | [read, inherited] |
void oscap_file_entry_iterator_reset | ( | struct oscap_file_entry_iterator * | it | ) | [inherited] |
void oscap_file_entry_list_free | ( | struct oscap_file_entry_list * | list | ) | [inherited] |
struct oscap_file_entry_iterator * oscap_file_entry_list_get_files | ( | struct oscap_file_entry_list * | list | ) | [read, inherited] |
struct oscap_file_entry_list * oscap_file_entry_list_new | ( | void | ) | [read, inherited] |
struct oscap_file_entry * oscap_file_entry_new | ( | void | ) | [read, inherited] |
struct oscap_stringlist* xccdf_item_get_files | ( | struct xccdf_item * | item | ) | [read] |
Return names of files that are used in checks of particular rules.
Every check needs this file to be evaluated properly. If this file will not be imported and bind to the XCCDF Policy system the result of rule after evaluation will be "Not checked"
struct oscap_file_entry_list* xccdf_item_get_systems_and_files | ( | struct xccdf_item * | item | ) | [read] |
Return names of files that are used in checks of particular rules.
Every check needs this file to be evaluated properly. If this file will not be imported and bind to the XCCDF Policy system the result of rule after evaluation will be "Not checked"
The resulting list should be freed with oscap_filelist_free.
bool xccdf_policy_add_select | ( | struct xccdf_policy * | , | |
struct xccdf_select * | ||||
) | [inherited] |
Add rule to Policy.
bool xccdf_policy_add_value | ( | struct xccdf_policy * | , | |
struct xccdf_value_binding * | ||||
) | [inherited] |
Add value binding to the Policy structure.
struct xccdf_result * xccdf_policy_evaluate | ( | struct xccdf_policy * | policy | ) | [read, inherited] |
Call the checking engine for each selected rule in given policy structure.
policy | given Policy to evaluate |
xccdf_policy_model_register_engine_callback(policy_model, "http://oval.mitre.org/XMLSchema/oval-definitions-5", oval_agent_eval_rule, (void *) usr);
struct oval_agent_session * sess = oval_agent_new_session((struct oval_definition_model *) model, "name-of-file");
const char * xccdf_policy_get_id | ( | struct xccdf_policy * | policy | ) | [inherited] |
Get ID of XCCDF Profile that is implemented by XCCDF Policy.
policy | XCCDF Policy |
struct xccdf_policy_model * xccdf_policy_get_model | ( | const struct xccdf_policy * | policy | ) | [read, inherited] |
Get model from Policy (parent structure of Policy to access the benchmark).
policy | XCCDF Policy |
struct xccdf_profile * xccdf_policy_get_profile | ( | const struct xccdf_policy * | ) | [read, inherited] |
Get XCCDF Profile from Policy.
struct xccdf_result * xccdf_policy_get_result_by_id | ( | struct xccdf_policy * | policy, | |
const char * | id | |||
) | [read, inherited] |
Get XCCDF Result structure by it's idetificator if there is one.
struct xccdf_score* xccdf_policy_get_score | ( | struct xccdf_policy * | policy, | |
struct xccdf_result * | test_result, | |||
const char * | system | |||
) | [read] |
Get score of the XCCDF Benchmark.
policy | XCCDF Policy | |
test_result | Test Result model | |
system | Score system |
struct xccdf_select * xccdf_policy_get_select_by_id | ( | struct xccdf_policy * | policy, | |
const char * | item_id | |||
) | [read, inherited] |
Add check export to the Value Binding structure.
struct xccdf_select_iterator * xccdf_policy_get_selected_rules | ( | struct xccdf_policy * | ) | [read, inherited] |
Get selected rules from policy.
NULL | on faliure |
struct xccdf_select_iterator * xccdf_policy_get_selects | ( | const struct xccdf_policy * | ) | [read, inherited] |
Get rules from Policy.
bool xccdf_policy_model_add_policy | ( | struct xccdf_policy_model * | , | |
struct xccdf_policy * | ||||
) | [inherited] |
Add Policy to Policy Model.
struct xccdf_benchmark * xccdf_policy_model_get_benchmark | ( | const struct xccdf_policy_model * | item | ) | [read, inherited] |
Get Benchmark from Policy Model.
item | Policy model structure |
struct oscap_stringlist* xccdf_policy_model_get_files | ( | struct xccdf_policy_model * | policy_model | ) | [read] |
Return names of files that are used in checks of particular rules.
Every check needs this file to be evaluated properly. If this file will not be imported and bind to the XCCDF Policy system the result of rule after evaluation will be "Not checked"
struct xccdf_policy_iterator * xccdf_policy_model_get_policies | ( | const struct xccdf_policy_model * | model | ) | [read, inherited] |
Get policies from Policy Model.
model | Policy Model |
struct xccdf_policy * xccdf_policy_model_get_policy_by_id | ( | struct xccdf_policy_model * | policy_model, | |
const char * | id | |||
) | [read, inherited] |
Get XCCDF Policy from Policy model by speciefied ID of Profile.
policy_model | XCCDF Policy model | |
id | ID of Profile |
struct oscap_file_entry_list* xccdf_policy_model_get_systems_and_files | ( | struct xccdf_policy_model * | policy_model | ) | [read] |
Return names of files that are used in checks of particular rules.
Every check needs this file to be evaluated properly. If this file will not be imported and bind to the XCCDF Policy system the result of rule after evaluation will be "Not checked"
The resulting list should be freed with oscap_filelist_free.
struct xccdf_policy_model * xccdf_policy_model_new | ( | struct xccdf_benchmark * | benchmark | ) | [read, inherited] |
Constructor of Policy Model structure.
benchmark | Struct xccdf_benchmark with benchmark model |
bool xccdf_policy_model_register_engine_callback | ( | struct xccdf_policy_model * | model, | |
char * | sys, | |||
void * | func, | |||
void * | usr | |||
) | [inherited] |
Function to register callback for checking system.
model | XCCDF Policy Model | |
sys | String representing given checking system | |
func | Callback - pointer to function called by XCCDF Policy system when rule parsed | |
usr | optional parameter for passing user data to callback |
bool xccdf_policy_model_register_output_callback | ( | struct xccdf_policy_model * | model, | |
oscap_reporter | func, | |||
void * | usr | |||
) | [inherited] |
Function to register output callback for checking system that will be called AFTER each rule evaluation.
model | XCCDF Policy Model | |
func | Callback - pointer to function called by XCCDF Policy system when rule parsed | |
usr | optional parameter for passing user data to callback |
xccdf_policy_model_register_output_callback(policy_model, callback, NULL); xccdf_policy_model_register_engine_callback(policy_model, "http://oval.mitre.org/XMLSchema/oval-definitions-5", oval_agent_eval_rule, (void *) sess);
static int callback(const struct oscap_reporter_message *msg, void *arg) { xccdf_test_result_type_t result = oscap_reporter_message_get_user2num(msg); if (result == XCCDF_RESULT_NOT_SELECTED) return 0; printf("\n"); printf("Rule ID:\r\t\t\033[1m%s\033[0;0m\n", oscap_reporter_message_get_user1str(msg)); printf("Title:\r\t\t%s\n", oscap_reporter_message_get_user3str(msg)); printf("Result:\r\t\t\033[%sm%s\033[0m\n", RESULT_COLORS[result], xccdf_test_result_type_get_text((xccdf_test_result_type_t) result)); return 0; }
bool xccdf_policy_model_register_start_callback | ( | struct xccdf_policy_model * | model, | |
oscap_reporter | func, | |||
void * | usr | |||
) | [inherited] |
Function to register start callback for checking system that will be called BEFORE each rule evaluation.
model | XCCDF Policy Model | |
func | Callback - pointer to function called by XCCDF Policy system when rule parsed | |
usr | optional parameter for passing user data to callback |
xccdf_policy_model_register_start_callback(policy_model, callback_start, NULL); xccdf_policy_model_register_engine_callback(policy_model, "http://oval.mitre.org/XMLSchema/oval-definitions-5", oval_agent_eval_rule, (void *) sess); xccdf_policy_model_register_output_callback(policy_model, callback_end, NULL);
static int callback(const struct oscap_reporter_message *msg, void *arg) { printf("Evaluating rule \"%s\". Please wait.". oscap_reporter_message_get_user1num(msg)); return 0; }
struct xccdf_policy * xccdf_policy_new | ( | struct xccdf_policy_model * | model, | |
struct xccdf_profile * | profile | |||
) | [read, inherited] |
Constructor of Policy structure.
model | Policy model | |
profile | Profile from XCCDF Benchmark |
bool xccdf_policy_resolve | ( | struct xccdf_policy * | policy | ) | [inherited] |
Resolve benchmark by applying all refine_rules and refine_values to rules / values of benchmark.
All properties in benchmark will be irreversible changed and user has to load benchmark (from XML) again to discard these changes.
policy | XCCDF policy containing rules/values that will be applied to benchmark rules/values. |
bool xccdf_policy_set_selected | ( | struct xccdf_policy * | policy, | |
char * | idref | |||
) | [inherited] |
Set a new selector to the Policy structure.
char* xccdf_policy_substitute | ( | const char * | text, | |
struct xccdf_policy * | policy | |||
) |
Perform textual substitution of cdf:sub elements with respect to given XCCDF policy.
text | text to be substituted | |
policy | policy to be used |
struct xccdf_item* xccdf_policy_tailor_item | ( | struct xccdf_policy * | policy, | |
struct xccdf_item * | item | |||
) | [read] |
Clone the item and tailor it against given policy (profile).
policy | Policy with profile | |
item | XCCDF item to be tailored |
char * xccdf_value_binding_get_name | ( | const struct xccdf_value_binding * | ) | [inherited] |
Get variable name from value bindings.
xccdf_operator_t xccdf_value_binding_get_operator | ( | const struct xccdf_value_binding * | ) | [inherited] |
get Value operator from value bindings
char * xccdf_value_binding_get_setvalue | ( | const struct xccdf_value_binding * | ) | [inherited] |
get Set Value from value bindings
xccdf_value_type_t xccdf_value_binding_get_type | ( | const struct xccdf_value_binding * | ) | [inherited] |
get variable type from value bindings
char * xccdf_value_binding_get_value | ( | const struct xccdf_value_binding * | ) | [inherited] |
Get value from value bindings.
struct xccdf_value_binding * xccdf_value_binding_new | ( | void | ) | [read, inherited] |
Constructor of structure with profile bindings - refine_rules, refine_values and set_values.