<xsd:element name="fileauditedpermissions_test" substitutionGroup="oval:test">
<xsd:annotation>
<xsd:documentation>This test looks at the audited access rights of a given file that a system access control list (SACL) structure grants to a specified trustee. The trustee's audited access rights are determined checking all access control entries (ACEs) in the SACL. For help with this test see the GetAuditedPermissionsFromAcl() api.</xsd:documentation>
<xsd:appinfo>
<test_name>File Audited Permissions Test</test_name>
<extends>standardTestType</extends>
<valid_sections>notes, object, data</valid_sections>
<example>
<fileauditedpermissions_test id="wht-0" check="at least one" comment="a file exists with the specified audit rights" xmlns="http://oval.mitre.org/XMLSchema/oval#windows">
<oval:notes xmlns:oval="http://oval.mitre.org/XMLSchema/oval">
<oval:note>This is an example test written under version 4 of the OVAL schema. It is meant to give a short overview of the test and might not contain every possible child element.</oval:note>
</oval:notes>
<object>
<path>
<component type="registry_value">HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot</component>
<component type="literal">\system32\mshtml.dll</component>
</path>
<trustee_name>SYSTEM</trustee_name>
</object>
<data operation="AND">
<trustee_domain>NT AUTHORITY</trustee_domain>
<trustee_sid>S-1-5-18</trustee_sid>
<standard_delete datatype="string">AUDIT_SUCCESS</standard_delete>
<standard_read_control datatype="string">AUDIT_FAILURE</standard_read_control>
<file_read_attributes datatype="string">AUDIT_SUCCESS_FAILURE</file_read_attributes>
<file_write_attributes datatype="string">AUDIT_NONE</file_write_attributes>
</data>
</fileauditedpermissions_test>
</example>
</xsd:appinfo>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval:standardTestType">
<xsd:sequence>
<xsd:element name="object" minOccurs="1" maxOccurs="1">
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval:objectType">
<xsd:sequence>
<xsd:element name="path" type="windows:componentType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Specifies the absolute path to a file on the machine. This path can be created from multiple components that are added together. When a pattern match operator is used, the corresponding regular expression is matched against the set of absolute path strings. These string would not include the '.' and '..' notations. This means that a '.*' component of a regular expression will not only match all files in the specified directories, but all subdirectories, their subdirectories, etc.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Audited Permissions Test</parent_test>
<cardinality>1</cardinality>
<content>none</content>
<valid_datatypes>component</valid_datatypes>
<valid_operators>equals, not equal, pattern match</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="trustee_name" type="oval:subtestStringType" minOccurs="1" maxOccurs="1" nillable="true">
<xsd:annotation>
<xsd:documentation>This element specifies the trustee name associated with a particular SACL. A trustee can be a user, group, or program (such as a Windows service)</xsd:documentation>
<xsd:appinfo>
<parent_test>File Audited Permissions Test</parent_test>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal, pattern match</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<xsd:element name="data" minOccurs="0" maxOccurs="1">
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval:dataType">
<xsd:sequence>
<xsd:element name="trustee_domain" type="oval:subtestStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The domain of the specified trustee name.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal, pattern match</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="trustee_sid" type="oval:subtestStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The security identifier (SID) of the specified trustee name.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal, pattern match</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_delete" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to delete the object.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_read_control" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to read the information in the object's security descriptor, not including the information in the SACL.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_write_dac" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to modify the DACL in the object's security descriptor.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_write_owner" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to change the owner in the object's security descriptor.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_synchronize" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Windows NT/2000: The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="access_system_security" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Indicates access to a system access control list (SACL).</xsd:documentation>
<xsd:appinfo>
<parent_test>File Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_read" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Read access.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_write" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Write access.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_execute" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Execute access.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_all" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Read, write, and execute access.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_read_data" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to read data from the file</xsd:documentation>
<xsd:appinfo>
<parent_test>File Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_write_data" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to write data to the file.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_append_data" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to append data to the file.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_read_ea" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to read extended attributes.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_write_ea" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to write extended attributes.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_execute" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to execute a file.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_delete_child" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Right to delete a directory and all the files it contains (its children), even if the files are read-only.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_read_attributes" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to read file attributes.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_write_attributes" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to change file attributes.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
|
XSD Schema Diagram:
