The following is a description of the elements, types, and attributes that compose the HP-UX specific system characteristic items found in Open Vulnerability and Assessment Language (OVAL). Each item is an extension of the standard item element defined in the Core System Characteristic Schema. Through extension, each item inherits a set of elements and attributes that are shared amongst all OVAL Items. Each item is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core System Characteristic Schema is not outlined here.
The OVAL Schema is maintained by the OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.cisecurity.org.
HP-UX System Characteristics
5.11.1:1.1
11/30/2016 09:00:00 AM
Copyright (c) 2016, Center for Internet Security. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at https://oval.cisecurity.org/terms. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.
These items contain getconf items.
This is the parameter name to check
This is the pathname to check
The output produced by the getconf command.
This item represents data collected by the ndd command.
The name of the device for which the parameter was collected.
The name of a parameter for example, ip_forwarding
The observed value of the named parameter.
From /usr/sbin/swlist -l patch PHxx_yyyyy. See swlist manpage for specific fields
This is the patch name to check.
HP-UX patch names begin with 'PH'
The third and fourth characters in HP-UX patch names indicate the area of software being patched. CO - General HP-UX commands KL - Kernel patches NE - Network specific patches SS - All other subsystems (X11, starbase, etc.)
The sixth through tenth characters in HP-UX patch names represent a unique numeric identifier for the patch.
Output of /usr/sbin/swlist command. Note: A quick way to check for the installation of a specific fileset is to use the command 'swlist -a version -l fileset filesetname'. See manpage for swlist for explanation of additional command options.
This is the name of the bundle or fileset to check.
These items contain account settings for trusted HP-UX installations.
This is the name of the user being checked
The user's ID
This is the encrypted version of the user's password
The Account owner for pseudo-users
Boot authorization
getprpwaid uses the audit ID rather than the UID
Minimum time between password changes
Maximum password length in characters
Password expiration time in seconds
Trusted lifetime, after which the account is locked
Time of last successful password change
Time of last unsuccessful password change
Absolute account lifetime in seconds
Maximum time allowed between logins before the account is locked
The time in seconds before expiration when a warning will appear
Who can change this user's password
Allows user to use system-generated passwords
Whether a triviality check is performed on user-generated passwords
Determines if null passwords are allowed for this account
Allows password generator to use random printable ASCII characters
Allows password generator to use random letters
Specifies the times when the user may login to this account
The user ID of the user who last changed the password on the user's account, if it was not the account owner
The time of the last successful login using this account
The time of the last unsuccessful login using this account
The terminal or remote host associated with the last successful login to the account
The terminal or remote hosts associated with the last unsuccessful login to the account
The number of unsuccessful login attempts since that last successful login
The maximum number of unsuccessful login attempts before the account is locked
Indicates whether the administrative lock on the account is set