Files | |
file | xccdf_policy.h |
Open-scap XCCDF Policy library interface. | |
Modules | |
Engine Plugin | |
Data Structures | |
struct | xccdf_policy_model |
XCCDF policy model structure contains xccdf_benchmark as reference to Benchmark element in XML file and list of policies that are abstract structure of Profile element from benchmark file. More... | |
struct | xccdf_policy |
XCCDF policy structure is abstract (class) structure of Profile element from benchmark. More... | |
struct | xccdf_value_binding |
XCCDF value binding structure is binding between Refine values, Set values, Value element and Check export element of benchmark. More... | |
struct | xccdf_policy_iterator |
Iterate through policies. More... | |
struct | oscap_file_entry_iterator |
struct | oscap_file_entry_list |
Getters | |
Return value is pointer to structure's member.
Do not free unless you null the pointer in the structure. Use remove function otherwise. | |
struct xccdf_policy_model * | xccdf_policy_get_model (const struct xccdf_policy *policy) |
Get model from Policy (parent structure of Policy to access the benchmark). | |
struct xccdf_benchmark * | xccdf_policy_model_get_benchmark (const struct xccdf_policy_model *item) |
Get Benchmark from Policy Model. | |
struct xccdf_value_binding_iterator * | xccdf_policy_get_values (const struct xccdf_policy *item) |
Get Value Bindings from XCCDF Policy xccdf_policy. | |
struct xccdf_policy_iterator * | xccdf_policy_model_get_policies (const struct xccdf_policy_model *model) |
Get policies from Policy Model. | |
int | xccdf_policy_model_build_all_useful_policies (struct xccdf_policy_model *policy_model) |
Build all policies that can be useful for user. | |
struct xccdf_select_iterator * | xccdf_policy_get_selected_rules (struct xccdf_policy *) |
Get selected rules from policy xccdf_policy. | |
struct xccdf_profile * | xccdf_policy_get_profile (const struct xccdf_policy *) |
Get XCCDF Profile from Policy xccdf_policy. | |
struct xccdf_select_iterator * | xccdf_policy_get_selects (const struct xccdf_policy *) |
Get rules from Policy xccdf_policy. | |
char * | xccdf_value_binding_get_name (const struct xccdf_value_binding *) |
Get variable name from value bindings xccdf_value_binding. | |
char * | xccdf_value_binding_get_value (const struct xccdf_value_binding *) |
Get value from value bindings xccdf_value_binding. | |
xccdf_value_type_t | xccdf_value_binding_get_type (const struct xccdf_value_binding *) |
get variable type from value bindings xccdf_value_binding | |
xccdf_operator_t | xccdf_value_binding_get_operator (const struct xccdf_value_binding *) |
get Value operator from value bindings xccdf_value_binding | |
char * | xccdf_value_binding_get_setvalue (const struct xccdf_value_binding *) |
get Set Value from value bindings xccdf_value_binding | |
struct xccdf_result_iterator * | xccdf_policy_get_results (const struct xccdf_policy *policy) |
Get results of all XCCDF Policy results xccdf_policy_model. | |
struct xccdf_result * | xccdf_policy_get_result_by_id (struct xccdf_policy *policy, const char *id) |
Get XCCDF Result structure by it's idetificator if there is one xccdf_policy_model. | |
const char * | xccdf_policy_get_id (struct xccdf_policy *policy) |
Get ID of XCCDF Profile that is implemented by XCCDF Policy. | |
struct xccdf_policy * | xccdf_policy_model_get_policy_by_id (struct xccdf_policy_model *policy_model, const char *id) |
Get XCCDF Policy from Policy model by speciefied ID of Profile. | |
Setters | |
For lists use add functions.
Parameters of set functions are duplicated in memory and need to be freed by caller. | |
bool | xccdf_policy_model_add_policy (struct xccdf_policy_model *, struct xccdf_policy *) |
Add Policy to Policy Model xccdf_policy_model. | |
bool | xccdf_policy_add_select (struct xccdf_policy *, struct xccdf_select *) |
Add rule to Policy xccdf_policy. | |
bool | xccdf_policy_set_selected (struct xccdf_policy *policy, char *idref) |
Set a new selector to the Policy structure xccdf_policy. | |
bool | xccdf_policy_add_result (struct xccdf_policy *policy, struct xccdf_result *item) |
Add result to XCCDF Policy Model xccdf_policy_model. | |
bool | xccdf_policy_add_value (struct xccdf_policy *, struct xccdf_value_binding *) |
Add value binding to the Policy structure xccdf_policy. | |
bool | xccdf_policy_is_item_selected (struct xccdf_policy *policy, const char *id) |
Get the selection settings of the item. | |
int | xccdf_policy_get_selected_rules_count (struct xccdf_policy *policy) |
Retrieves number of selected items in the policy. | |
struct xccdf_select * | xccdf_policy_get_select_by_id (struct xccdf_policy *policy, const char *item_id) |
Get select from policy by specified ID of XCCDF Item xccdf_policy. | |
Evaluators | |
struct xccdf_result * | xccdf_policy_evaluate (struct xccdf_policy *policy) |
Call the checking engine for each selected rule in given policy structure. | |
bool | xccdf_policy_resolve (struct xccdf_policy *policy) |
Resolve benchmark by applying all refine_rules and refine_values to rules / values of benchmark. | |
int | xccdf_policy_generate_fix (struct xccdf_policy *policy, struct xccdf_result *result, const char *sys, int output_fd) |
Generate remediation prescription (presumably a remediation script). | |
struct xccdf_item * | xccdf_policy_tailor_item (struct xccdf_policy *policy, struct xccdf_item *item) |
Clone the item and tailor it against given policy (profile). | |
struct oscap_file_entry * | oscap_file_entry_new (void) |
oscap_file_entry | |
struct oscap_file_entry * | oscap_file_entry_dup (struct oscap_file_entry *file_entry) |
oscap_file_entry | |
void | oscap_file_entry_free (struct oscap_file_entry *entry) |
oscap_file_entry | |
const char * | oscap_file_entry_get_system (struct oscap_file_entry *entry) |
oscap_file_entry | |
const char * | oscap_file_entry_get_file (struct oscap_file_entry *entry) |
oscap_file_entry | |
struct oscap_file_entry * | oscap_file_entry_iterator_next (struct oscap_file_entry_iterator *it) |
oscap_file_entry_iterator | |
bool | oscap_file_entry_iterator_has_more (struct oscap_file_entry_iterator *it) |
oscap_file_entry_iterator | |
void | oscap_file_entry_iterator_free (struct oscap_file_entry_iterator *it) |
oscap_file_entry_iterator | |
void | oscap_file_entry_iterator_reset (struct oscap_file_entry_iterator *it) |
oscap_file_entry_iterator | |
struct oscap_file_entry_list * | oscap_file_entry_list_new (void) |
oscap_file_entry_list | |
void | oscap_file_entry_list_free (struct oscap_file_entry_list *list) |
oscap_file_entry_list | |
struct oscap_file_entry_iterator * | oscap_file_entry_list_get_files (struct oscap_file_entry_list *list) |
oscap_file_entry_list | |
struct oscap_file_entry_list * | xccdf_policy_model_get_systems_and_files (struct xccdf_policy_model *policy_model) |
Return names of files that are used in checks of particular rules. | |
struct oscap_file_entry_list * | xccdf_item_get_systems_and_files (struct xccdf_item *item) |
Return names of files that are used in checks of particular rules. | |
struct oscap_stringlist * | xccdf_policy_model_get_files (struct xccdf_policy_model *policy_model) |
Return names of files that are used in checks of particular rules. | |
struct oscap_stringlist * | xccdf_item_get_files (struct xccdf_item *item) |
Return names of files that are used in checks of particular rules. | |
xccdf_test_result_type_t | xccdf_test_result_resolve_and_operation (xccdf_test_result_type_t A, xccdf_test_result_type_t B) |
Return result of the AND operation for two given attributes. | |
Iterators | |
bool | xccdf_policy_iterator_has_more (struct xccdf_policy_iterator *it) |
Return true if the list is not empty, false otherwise xccdf_policy_iterator. | |
struct xccdf_policy * | xccdf_policy_iterator_next (struct xccdf_policy_iterator *it) |
Return the next xccdf_policy structure from the list and increment the iterator xccdf_policy_iterator. | |
void | xccdf_policy_iterator_free (struct xccdf_policy_iterator *it) |
Free the iterator structure (it makes no changes to the list structure) xccdf_policy_iterator. | |
void | xccdf_policy_iterator_reset (struct xccdf_policy_iterator *it) |
Reset the iterator structure (it will point to the first item in the list) xccdf_policy_iterator. | |
bool | xccdf_value_binding_iterator_has_more (struct xccdf_value_binding_iterator *it) |
Return true if the list is not empty, false otherwise xccdf_value_binding_iterator. | |
struct xccdf_value_binding * | xccdf_value_binding_iterator_next (struct xccdf_value_binding_iterator *it) |
Return the next xccdf_value_binding structure from the list and increment the iterator xccdf_value_binding_iterator. | |
void | xccdf_value_binding_iterator_free (struct xccdf_value_binding_iterator *it) |
Free the iterator structure (it makes no changes to the list structure) xccdf_value_binding_iterator. | |
void | xccdf_value_binding_iterator_reset (struct xccdf_value_binding_iterator *it) |
Reset the iterator structure (it will point to the first item in the list) xccdf_value_binding_iterator. | |
struct xccdf_score * | xccdf_policy_get_score (struct xccdf_policy *policy, struct xccdf_result *test_result, const char *system) |
Get score of the XCCDF Benchmark. | |
int | xccdf_policy_recalculate_score (struct xccdf_policy *policy, struct xccdf_result *test_result) |
Recalculate score of the XCCDF Benchmark. | |
const char * | xccdf_policy_get_value_of_item (struct xccdf_policy *policy, struct xccdf_item *item) |
Get value of given value item in context of given policy xccdf_policy. | |
char * | xccdf_policy_substitute (const char *text, struct xccdf_policy *policy) |
Perform textual substitution of cdf:sub elements with respect to given XCCDF policy. | |
Typedefs | |
typedef void *(* | xccdf_policy_engine_query_fn )(void *, xccdf_policy_engine_query_t, void *) |
Type of function which implements queries defined within xccdf_policy_engine_query_t. | |
typedef xccdf_test_result_type_t(* | xccdf_policy_engine_eval_fn )(struct xccdf_policy *policy, const char *rule_id, const char *definition_id, const char *href_if, struct xccdf_value_binding_iterator *value_binding_it, struct xccdf_check_import_iterator *check_imports_it, void *user_data) |
Type of function which implements OpenSCAP checking engine. | |
typedef int(* | policy_reporter_output )(struct xccdf_rule_result *, void *) |
typedef int(* | policy_reporter_start )(struct xccdf_rule *, void *) |
Enumerations | |
enum | xccdf_policy_engine_query_t { POLICY_ENGINE_QUERY_NAMES_FOR_HREF = 1 } |
Type of a query over checking-engine data. More... | |
Functions | |
struct xccdf_policy_model * | xccdf_policy_model_new (struct xccdf_benchmark *benchmark) |
Constructor of Policy Model structure. | |
struct xccdf_policy * | xccdf_policy_new (struct xccdf_policy_model *model, struct xccdf_profile *profile) |
Constructor of Policy structure. | |
struct xccdf_value_binding * | xccdf_value_binding_new (void) |
Constructor of structure with profile bindings - refine_rules, refine_values and set_values xccdf_value_binding. | |
void | xccdf_policy_model_free (struct xccdf_policy_model *) |
Destructor of Policy Model structure xccdf_policy_model. | |
void | xccdf_policy_free (struct xccdf_policy *) |
Destructor of Policy structure xccdf_policy. | |
void | xccdf_value_binding_free (struct xccdf_value_binding *) |
Destructor of Value binding structure xccdf_value_binding. | |
bool | xccdf_policy_model_set_tailoring (struct xccdf_policy_model *model, struct xccdf_tailoring *tailoring) |
Sets the Tailoring element to use in the policy. | |
struct xccdf_tailoring * | xccdf_policy_model_get_tailoring (struct xccdf_policy_model *model) |
Retrieves the Tailoring element used in this policy. | |
char * | xccdf_policy_get_readable_item_title (struct xccdf_policy *policy, struct xccdf_item *item, const char *preferred_lang) |
Get human readable title of given XCCDF Item. | |
char * | xccdf_policy_get_readable_item_description (struct xccdf_policy *policy, struct xccdf_item *item, const char *preferred_lang) |
Get human readable description of given XCCDF Item. | |
bool | xccdf_policy_model_add_cpe_dict_source (struct xccdf_policy_model *model, struct oscap_source *source) |
Registers an additional CPE dictionary for applicability testing The one embedded in the evaluated XCCDF take precedence! | |
bool | xccdf_policy_model_add_cpe_dict (struct xccdf_policy_model *model, const char *cpe_dict) |
Registers an additional CPE dictionary for applicability testing The one embedded in the evaluated XCCDF take precedence! | |
bool | xccdf_policy_model_add_cpe_lang_model_source (struct xccdf_policy_model *model, struct oscap_source *source) |
Registers an additional CPE lang model for applicability testing The one embedded in the evaluated XCCDF take precedence! | |
bool | xccdf_policy_model_add_cpe_lang_model (struct xccdf_policy_model *model, const char *cpe_lang) |
Registers an additional CPE lang model for applicability testing The one embedded in the evaluated XCCDF take precedence! | |
bool | xccdf_policy_model_add_cpe_autodetect_source (struct xccdf_policy_model *model, struct oscap_source *source) |
Registers an additional CPE resource (either dictionary or language) Autodetects given file and acts accordingly. | |
bool | xccdf_policy_model_add_cpe_autodetect (struct xccdf_policy_model *model, const char *filepath) |
Registers an additional CPE resource (either dictionary or language) Autodetects given file and acts accordingly. | |
struct oscap_htable_iterator * | xccdf_policy_model_get_cpe_oval_sessions (struct xccdf_policy_model *model) |
Retrieves an iterator of all OVAL sessions created for CPE applicability evaluation key is the OVAL href, value is the OVAL session itself (type oval_agent_session*). | |
bool | xccdf_policy_model_register_engine_callback (struct xccdf_policy_model *model, char *sys, void *func, void *usr) |
Function to register callback for checking system. | |
bool | xccdf_policy_model_register_engine_and_query_callback (struct xccdf_policy_model *model, char *sys, xccdf_policy_engine_eval_fn eval_fn, void *usr, xccdf_policy_engine_query_fn query_fn) |
Function to register callback for checking system. | |
bool | xccdf_policy_model_register_output_callback (struct xccdf_policy_model *model, policy_reporter_output func, void *usr) |
Function to register output callback for checking system that will be called AFTER each rule evaluation. | |
bool | xccdf_policy_model_register_start_callback (struct xccdf_policy_model *model, policy_reporter_start func, void *usr) |
Function to register start callback for checking system that will be called BEFORE each rule evaluation. |
Purpose of this layer is to separate the transport syntax of the XCCDF XML from the processes of evaluating and scoring the policy content comprised by the XCCDF documents. XCCDF Policy model performs the loading, evaluation and scoring tasks of XCCDF.
typedef xccdf_test_result_type_t(* xccdf_policy_engine_eval_fn)(struct xccdf_policy *policy, const char *rule_id, const char *definition_id, const char *href_if, struct xccdf_value_binding_iterator *value_binding_it, struct xccdf_check_import_iterator *check_imports_it, void *user_data) |
Type of function which implements OpenSCAP checking engine.
This function defines basic interface between XCCDF module and thee checking engine. For each checking engine required for evaluation there should be at least one such function registerd. The registered function is then used by xccdf_policy module to perform evaluation on the machine.
typedef void*(* xccdf_policy_engine_query_fn)(void *, xccdf_policy_engine_query_t, void *) |
Type of function which implements queries defined within xccdf_policy_engine_query_t.
Each checking engine may register its own function of the xccdf_policy_engine_query_fn type. The registered function is then used by xccdf_policy module to acquire comprehensive info about the checking-engine itself or the data fed in. First argument of the function is always user data as registered. Second argument defines the query. Third argument is dependent on query and defined as follows:
Expected return type depends also on query as follows:
Type of a query over checking-engine data.
This allows xccdf_policy module to query checking engine and acquire comprehensive info.
struct oscap_stringlist* xccdf_item_get_files | ( | struct xccdf_item * | item | ) | [read] |
Return names of files that are used in checks of particular rules.
Every check needs this file to be evaluated properly. If this file will not be imported and bind to the XCCDF Policy system the result of rule after evaluation will be "Not checked"
struct oscap_file_entry_list* xccdf_item_get_systems_and_files | ( | struct xccdf_item * | item | ) | [read] |
Return names of files that are used in checks of particular rules.
Every check needs this file to be evaluated properly. If this file will not be imported and bind to the XCCDF Policy system the result of rule after evaluation will be "Not checked"
The resulting list should be freed with oscap_filelist_free.
bool xccdf_policy_add_select | ( | struct xccdf_policy * | , | |
struct xccdf_select * | ||||
) |
bool xccdf_policy_add_value | ( | struct xccdf_policy * | , | |
struct xccdf_value_binding * | ||||
) |
Add value binding to the Policy structure xccdf_policy.
struct xccdf_result* xccdf_policy_evaluate | ( | struct xccdf_policy * | policy | ) | [read] |
Call the checking engine for each selected rule in given policy structure.
policy | given Policy to evaluate xccdf_policy |
xccdf_policy_model_register_engine_oval(policy_mode, agent_session)
struct oval_agent_session * sess = oval_agent_new_session((struct oval_definition_model *) model, "name-of-file");
Set ID of TestResult
We need to process document top-down order. See conflicts/requires and Item Processing Algorithm
int xccdf_policy_generate_fix | ( | struct xccdf_policy * | policy, | |
struct xccdf_result * | result, | |||
const char * | sys, | |||
int | output_fd | |||
) |
Generate remediation prescription (presumably a remediation script).
policy | XCCDF Policy | |
result | XCCDF TestResult. This may be omitted to generate the prescription based solely on the XCCDF Policy (xccdf:Profile). | |
sys | Consider only those fixes that have attribute equal to sys | |
output_fd | write prescription to this file descriptor |
const char* xccdf_policy_get_id | ( | struct xccdf_policy * | policy | ) |
Get ID of XCCDF Profile that is implemented by XCCDF Policy.
policy | XCCDF Policy xccdf_policy |
struct xccdf_policy_model* xccdf_policy_get_model | ( | const struct xccdf_policy * | policy | ) | [read] |
Get model from Policy (parent structure of Policy to access the benchmark).
policy | XCCDF Policy |
struct xccdf_profile* xccdf_policy_get_profile | ( | const struct xccdf_policy * | ) | [read] |
char* xccdf_policy_get_readable_item_description | ( | struct xccdf_policy * | policy, | |
struct xccdf_item * | item, | |||
const char * | preferred_lang | |||
) |
Get human readable description of given XCCDF Item.
This function searches for description with the best matching language and resolves any inner <xccdf:sub> substitution (in accordance with the given XCCDF Policy. xccdf_policy
policy | XCCDF Policy | |
item | XCCDF Item to query description from | |
preferred_lang | Language of your choice, Null value for the default. |
char* xccdf_policy_get_readable_item_title | ( | struct xccdf_policy * | policy, | |
struct xccdf_item * | item, | |||
const char * | preferred_lang | |||
) |
Get human readable title of given XCCDF Item.
This finds title with best matching language and resolves <xccdf:sub> substitution in accordance with the given XCCDF Policy. xccdf_policy
policy | XCCDF Policy | |
item | XCCDF Item to query title from | |
preferred_lang | Language of your choice, Null value for the default. |
struct xccdf_result* xccdf_policy_get_result_by_id | ( | struct xccdf_policy * | policy, | |
const char * | id | |||
) | [read] |
Get XCCDF Result structure by it's idetificator if there is one xccdf_policy_model.
struct xccdf_score* xccdf_policy_get_score | ( | struct xccdf_policy * | policy, | |
struct xccdf_result * | test_result, | |||
const char * | system | |||
) | [read] |
Get score of the XCCDF Benchmark.
policy | XCCDF Policy | |
test_result | Test Result model | |
system | Score system |
struct xccdf_select* xccdf_policy_get_select_by_id | ( | struct xccdf_policy * | policy, | |
const char * | item_id | |||
) | [read] |
struct xccdf_select_iterator* xccdf_policy_get_selected_rules | ( | struct xccdf_policy * | ) | [read] |
Get selected rules from policy xccdf_policy.
NULL | on faliure |
int xccdf_policy_get_selected_rules_count | ( | struct xccdf_policy * | policy | ) |
Retrieves number of selected items in the policy.
struct xccdf_select_iterator* xccdf_policy_get_selects | ( | const struct xccdf_policy * | ) | [read] |
const char* xccdf_policy_get_value_of_item | ( | struct xccdf_policy * | policy, | |
struct xccdf_item * | item | |||
) |
Get value of given value item in context of given policy xccdf_policy.
policy | XCCDF policy | |
item | the xccdf:Value to resolve |
NULL | indicates failure |
bool xccdf_policy_is_item_selected | ( | struct xccdf_policy * | policy, | |
const char * | id | |||
) |
bool xccdf_policy_model_add_cpe_autodetect | ( | struct xccdf_policy_model * | model, | |
const char * | filepath | |||
) |
Registers an additional CPE resource (either dictionary or language) Autodetects given file and acts accordingly.
The one embedded in the evaluated XCCDF take precedence!
bool xccdf_policy_model_add_cpe_autodetect_source | ( | struct xccdf_policy_model * | model, | |
struct oscap_source * | source | |||
) |
Registers an additional CPE resource (either dictionary or language) Autodetects given file and acts accordingly.
The one embedded in the evaluated XCCDF take precedence!
bool xccdf_policy_model_add_cpe_dict | ( | struct xccdf_policy_model * | model, | |
const char * | cpe_dict | |||
) |
Registers an additional CPE dictionary for applicability testing The one embedded in the evaluated XCCDF take precedence!
bool xccdf_policy_model_add_cpe_lang_model | ( | struct xccdf_policy_model * | model, | |
const char * | cpe_lang | |||
) |
Registers an additional CPE lang model for applicability testing The one embedded in the evaluated XCCDF take precedence!
bool xccdf_policy_model_add_policy | ( | struct xccdf_policy_model * | , | |
struct xccdf_policy * | ||||
) |
int xccdf_policy_model_build_all_useful_policies | ( | struct xccdf_policy_model * | policy_model | ) |
Build all policies that can be useful for user.
The useful policy is any that contains at least one Rule. For example the default profile oftentimes does not contain any rules. xccdf_policy_model
policy_model | - XCCDF Policy Model |
struct xccdf_benchmark* xccdf_policy_model_get_benchmark | ( | const struct xccdf_policy_model * | item | ) | [read] |
Get Benchmark from Policy Model.
item | Policy model structure |
struct oscap_stringlist* xccdf_policy_model_get_files | ( | struct xccdf_policy_model * | policy_model | ) | [read] |
Return names of files that are used in checks of particular rules.
Every check needs this file to be evaluated properly. If this file will not be imported and bind to the XCCDF Policy system the result of rule after evaluation will be "Not checked"
struct xccdf_policy_iterator* xccdf_policy_model_get_policies | ( | const struct xccdf_policy_model * | model | ) | [read] |
Get policies from Policy Model.
Be aware, this function returns only a list of previously initialized policies. A policy can be initialized by xccdf_policy_model_get_policy_by_id.
model | Policy Model |
struct xccdf_policy* xccdf_policy_model_get_policy_by_id | ( | struct xccdf_policy_model * | policy_model, | |
const char * | id | |||
) | [read] |
Get XCCDF Policy from Policy model by speciefied ID of Profile.
policy_model | XCCDF Policy model | |
id | ID of Profile xccdf_policy_model |
struct oscap_file_entry_list* xccdf_policy_model_get_systems_and_files | ( | struct xccdf_policy_model * | policy_model | ) | [read] |
Return names of files that are used in checks of particular rules.
Every check needs this file to be evaluated properly. If this file will not be imported and bind to the XCCDF Policy system the result of rule after evaluation will be "Not checked"
The resulting list should be freed with oscap_filelist_free.
struct xccdf_tailoring* xccdf_policy_model_get_tailoring | ( | struct xccdf_policy_model * | model | ) | [read] |
Retrieves the Tailoring element used in this policy.
struct xccdf_policy_model* xccdf_policy_model_new | ( | struct xccdf_benchmark * | benchmark | ) | [read] |
Constructor of Policy Model structure.
benchmark | Struct xccdf_benchmark with benchmark model |
Create new structure and fill the policies list with policy entries that are inherited from XCCDF benchmark Profile elements. For each profile element call xccdf_policy_new function.
bool xccdf_policy_model_register_engine_and_query_callback | ( | struct xccdf_policy_model * | model, | |
char * | sys, | |||
xccdf_policy_engine_eval_fn | eval_fn, | |||
void * | usr, | |||
xccdf_policy_engine_query_fn | query_fn | |||
) |
Function to register callback for checking system.
model | XCCDF Policy Model | |
sys | String representing given checking system | |
eval_fn | Callback - pointer to function called by XCCDF Policy system when rule parsed | |
usr | optional parameter for passing user data to callback | |
query_fn | - optional parameter for providing xccdf_policy_engine_query_fn implementation for given system. xccdf_policy_model |
bool xccdf_policy_model_register_engine_callback | ( | struct xccdf_policy_model * | model, | |
char * | sys, | |||
void * | func, | |||
void * | usr | |||
) |
Function to register callback for checking system.
model | XCCDF Policy Model | |
sys | String representing given checking system | |
func | Callback - pointer to function called by XCCDF Policy system when rule parsed | |
usr | optional parameter for passing user data to callback xccdf_policy_model |
System is used for evaluating content of rules.
bool xccdf_policy_model_register_output_callback | ( | struct xccdf_policy_model * | model, | |
policy_reporter_output | func, | |||
void * | usr | |||
) |
Function to register output callback for checking system that will be called AFTER each rule evaluation.
model | XCCDF Policy Model | |
func | Callback - pointer to function called by XCCDF Policy system when rule parsed | |
usr | optional parameter for passing user data to callback xccdf_policy_model |
bool xccdf_policy_model_register_start_callback | ( | struct xccdf_policy_model * | model, | |
policy_reporter_start | func, | |||
void * | usr | |||
) |
Function to register start callback for checking system that will be called BEFORE each rule evaluation.
model | XCCDF Policy Model | |
func | Callback - pointer to function called by XCCDF Policy system when rule parsed | |
usr | optional parameter for passing user data to callback xccdf_policy_model |
bool xccdf_policy_model_set_tailoring | ( | struct xccdf_policy_model * | model, | |
struct xccdf_tailoring * | tailoring | |||
) |
Sets the Tailoring element to use in the policy.
Profiles from the Benchmark *may* be shadowed by profiles in the given Tailoring element! Calling this function will affect the results of xccdf_policy_model_get_policy_by_id calls.
This does INVALIDATE preexisting xccdf_policy pointers in this xccdf_policy_model! It is recommended to call this function before policy for any profile is queried.
struct xccdf_policy* xccdf_policy_new | ( | struct xccdf_policy_model * | model, | |
struct xccdf_profile * | profile | |||
) | [read] |
Constructor of Policy structure.
model | Policy model | |
profile | Profile from XCCDF Benchmark xccdf_policy |
Create the structure and resolve all rules from benchmark that are not present in selectors. This step is necessary because of default values of groups / rules that can be added to Policy whether or not they have their selector. Last step is filling the list of value bindings (see more in xccdf_value_binding_proccess).
int xccdf_policy_recalculate_score | ( | struct xccdf_policy * | policy, | |
struct xccdf_result * | test_result | |||
) |
Recalculate score of the XCCDF Benchmark.
policy | XCCDF Policy | |
test_result | Test Result model |
bool xccdf_policy_resolve | ( | struct xccdf_policy * | policy | ) |
Resolve benchmark by applying all refine_rules and refine_values to rules / values of benchmark.
All properties in benchmark will be irreversible changed and user has to load benchmark (from XML) again to discard these changes.
policy | XCCDF policy containing rules/values that will be applied to benchmark rules/values. |
Beware ! Benchmark properties will be changed ! For discarding changes you have to load benchmark from XML file again.
bool xccdf_policy_set_selected | ( | struct xccdf_policy * | policy, | |
char * | idref | |||
) |
Set a new selector to the Policy structure xccdf_policy.
char* xccdf_policy_substitute | ( | const char * | text, | |
struct xccdf_policy * | policy | |||
) |
Perform textual substitution of cdf:sub elements with respect to given XCCDF policy.
text | text to be substituted | |
policy | policy to be used |
struct xccdf_item* xccdf_policy_tailor_item | ( | struct xccdf_policy * | policy, | |
struct xccdf_item * | item | |||
) | [read] |
Clone the item and tailor it against given policy (profile).
policy | Policy with profile | |
item | XCCDF item to be tailored |
xccdf_test_result_type_t xccdf_test_result_resolve_and_operation | ( | xccdf_test_result_type_t | A, | |
xccdf_test_result_type_t | B | |||
) |
Return result of the AND operation for two given attributes.
For more details about the attributes A and B please consult 'Table 26: Possible Results for a Single Test' from NISTIR-7275r4. For more details about the AND operation please consult 'Table 12: Truth Table for AND' in the very same document.
char* xccdf_value_binding_get_name | ( | const struct xccdf_value_binding * | ) |
xccdf_operator_t xccdf_value_binding_get_operator | ( | const struct xccdf_value_binding * | ) |
char* xccdf_value_binding_get_setvalue | ( | const struct xccdf_value_binding * | ) |
xccdf_value_type_t xccdf_value_binding_get_type | ( | const struct xccdf_value_binding * | ) |
char* xccdf_value_binding_get_value | ( | const struct xccdf_value_binding * | ) |
struct xccdf_value_binding* xccdf_value_binding_new | ( | void | ) | [read] |
Constructor of structure with profile bindings - refine_rules, refine_values and set_values xccdf_value_binding.