The OVAL Interpreter is a freely available reference implementation created to show how information can be collected from a computer for testing, to evaluate and carry out the OVAL Definitions for that platform, and to report the results of the tests. OVAL-interpreter also has been included in Debian’s Ubuntu 8.04 recently: http://packages.debian.org/source/testing/oval-interpreter
Attaching an ebuild that uses src download from sourceforge. Build and Functionality working in x86 need testing for amd64.
Created attachment 155741 [details] ovaldi with newest release
Thanks. I've uploaded it to my security tools overlay and also available from the following url directly: http://gentoo.o0o.nu/portage/app-misc/ovaldi/
Testing and working on x86_64.
After testing this a few times, i am going to make some changes to the ebuild, because ovaldi occasionally seems to have problems finding the xsl and xsd files. Noticed this was an issue on a clean chroot install doing a QA run. Please update with the new ebuild, attached. Sorry for the over site. -Mike
Created attachment 156543 [details] updated ovaldi ebuild fixed some QA issues with xsd and xsl files
Created attachment 176191 [details] ovaldi-5.5.4.ebuild openvas 2.0 can optionally use it, so a maintainer of it might be interested to push ovaldi to the portage.
Created attachment 203729 [details] ovaldi-5.6.1.ebuild
This is now in the sunrise overlay. You can find it at: http://overlays.gentoo.org/proj/sunrise/browser/sunrise/app-forensics/ovaldi/ovaldi-5.8.2.ebuild
(In reply to comment #9) I don't think this is a forensic app. btw, I've joined pentoo, so the ebuild is also available via pentoo overlay: http://trac.pentoo.ch/browser/portage/trunk/app-misc/ovaldi
I think you havent tried to install the ebuild in your overlay because ovaldi 5.8.2 wont compile with xerces3 (the only version available in gentoo) without patching. And your ebuild have several QA issues (not using mirror, parallel compilation bug, etc)) Try to test it with repoman. I dont understand why ovaldi is not a forensic tool, it collects and audit informations according to patterns defined in a xml file.
(In reply to comment #11) > I think you havent tried to install the ebuild in your overlay because ovaldi > 5.8.2 wont compile with xerces3 (the only version available in gentoo) without > patching. Thanks, I haven't. I'll fix that too once I have my test environment back. > I dont understand why ovaldi is not a forensic tool, it collects and audit > informations according to patterns defined in a xml file. yes, but xml files cover "compliance | inventory | patch | vulnerability | miscellaneous" which falls more under host hardening.
Created attachment 256737 [details] ovaldi-5.8.2.ebuild montjoie, thanks for the hard work. Here is your ebuild with adjusted dependency list. Apparently, openldap is mandatory.
I confirm that dev-libs/libgcrypt is mandatory. For openldap i made it optionnal via an use flag and a patch. Updated ebuild is in sunrise
On tree. Thanks
