[Soc-coordination] Final report of project "OVAL Agent for Debian"

Thu Nov 1 08:11:00 UTC 2007

  Hi, all.

  I'm sorry I did not send this message earlier, but i was to busy with
moving to new town, new work and serious illness, and i can't back to
project until last week.

  My task for GSoC 2007 was further integration of OVAL language and
infrastructure with Debian project. OVAL language already include scheme for
support Debian package system (dpkg), but this functionality was don't
implemented in referenced OVAL interpretator. Therefore my first task was
implement this support, create Debian package for referenced OVAL
interpretator, and submit resulted patches to upstream for inclusion in next
official release.

  My second task was improve script that convert DSA to OVAL definitions.
This script was initially developed by my mentor Javier Fernandez-Sanguino,
but was based on old OVAL version and generate only simple OVAL definition
that not pass validation by OVAL definition scheme.

  Implementing of this two task will allow to use OVAl interpretator to
evaluate security status of Debian hosts according to issued DSA. Both of
this task is finished now.
  During work on implementing DPKG support in referenced OVAL interpretator
i was implement DPKGInfoProbe and TextFileContentProbe classes. This patches
was included in ovaldi Debian package (
http://packages.qa.debian.org/o/oval-interpreter.html) and sent to upstream.
Currently this patches not fully applied to upstream source, but i will
continue interaction with OVAL developers to include this feature in next
release.
  DSA to OVAL definitions converter was fully rewrite on python language and
now produce valid OVAL definitions for most of DSA in Debian repository
(some old DSA is ignored because have different naming scheme). We plan to
use this script as part of oval-server package for in-place conversion of
DSA and on debian.org web-site to provide Debian OVAL definitions feed
corresponding to issued DSA. This converter require some updates to reduce
memory usage on handling large DSA repository (like full DSA repository).

  Second and very important task was implementing agent-server architecture
over the OVAL interpretator to centralized handle security status of whole
Debian networks. This task include development of oval-server program that
must generate OVAL definitions repository (generate from DSA or download
from official debian.org feed), generate per-client definitions to evaluate
security status of Debian client hosts and generate security status reports
for visual presentation of security status.
  Oval-agent tools was developed to work on client side and it purpose
include receive OVAL definitions from server, evaluate them with OVAL
interpretator and send results back to server.

   At the first stage of project i will plan implement both tools in C++,
but during work on this task i change my choice to python language due to
time constraint and better integration with DSA2OVAL converter. Oval-server
use SQLite as database engine to store information about clients and
definitions, HTTP protocol to interact with oval-agents and currently
support synchronization DSA repository over http, ftp, local fs (in plan
mail and rss support, and support fetch prepared OVAL definitions from
debian.org website).

  Both, oval-agent and oval-server in working prototype stage. They
implements most of required functional, but have some important issues which
must be fixed before inclusion in Debian repository. I plan to keep list of
this issues on http://wiki.debian.org/DebianOval page.

  I plan to continue working and prepare oval-agent and oval-server packages
to the end of this year or early.

-- 
Pavel Vinogradov
NixDev.Net, Linux Developer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.alioth.debian.org/pipermail/soc-coordination/attachments/20071101/87f2ac64/attachment.htm 