<xsd:element name="regkeyauditedpermissions_test" substitutionGroup="oval:test">
<xsd:annotation>
<xsd:documentation>This test looks at the audited access rights of a given registry key that a system access control list (SACL) structure grants to a specified trustee. The trustee's audited access rights are determined checking all access control entries (ACEs) in the SACL. For help with this test see the GetAuditedPermissionsFromAcl() api.</xsd:documentation>
<xsd:appinfo>
<test_name>Regkey Audited Permissions Test</test_name>
<extends>standardTestType</extends>
<valid_sections>notes, object, data</valid_sections>
<example>
<regkeyauditedpermissions_test id="wyt-0" check="at least one" comment="a registry key exists with the specified audit rights" xmlns="http://oval.mitre.org/XMLSchema/oval#windows">
<oval:notes xmlns:oval="http://oval.mitre.org/XMLSchema/oval">
<oval:note>This is an example test written under version 4 of the OVAL schema. It is meant to give a short overview of the test and might not contain every possible child element.</oval:note>
</oval:notes>
<object>
<hive>HKEY_LOCAL_MACHINE</hive>
<key>SOFTWARE\Microsoft\Windows NT\CurrentVersion</key>
<trustee_name>SYSTEM</trustee_name>
</object>
<data operation="AND">
<trustee_domain>NT AUTHORITY</trustee_domain>
<trustee_sid>S-1-5-18</trustee_sid>
<standard_delete datatype="string">AUDIT_SUCCESS</standard_delete>
<standard_read_control datatype="string">AUDIT_FAILURE</standard_read_control>
<key_query_value datatype="string">AUDIT_SUCCESS_FAILURE</key_query_value>
<key_set_value datatype="string">AUDIT_NONE</key_set_value>
</data>
</regkeyauditedpermissions_test>
</example>
</xsd:appinfo>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval:standardTestType">
<xsd:sequence>
<xsd:element name="object" minOccurs="1" maxOccurs="1">
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval:objectType">
<xsd:sequence>
<xsd:element name="hive" type="windows:subtestHiveType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This element specifies the hive of a registry key on the machine from which to retrieve the SACL.</xsd:documentation>
<xsd:appinfo>
<parent_test>Regkey Audited Permissions Test</parent_test>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key" type="oval:subtestStringType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This element specifies a registry key on the machine from which to retrieve the SACL. Note that the hive portion of the string should not be inclueded, as this data should be found under the hive element.</xsd:documentation>
<xsd:appinfo>
<parent_test>Regkey Audited Permissions Test</parent_test>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal, pattern match</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="trustee_name" type="oval:subtestStringType" minOccurs="1" maxOccurs="1" nillable="true">
<xsd:annotation>
<xsd:documentation>This element specifies the trustee name associated with a particular SACL. A trustee can be a user, group, or program (such as a Windows service)</xsd:documentation>
<xsd:appinfo>
<parent_test>Regkey Audited Permissions Test</parent_test>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal, pattern match</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<xsd:element name="data" minOccurs="0" maxOccurs="1">
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval:dataType">
<xsd:sequence>
<xsd:element name="trustee_domain" type="oval:subtestStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The domain of the specified trustee name.</xsd:documentation>
<xsd:appinfo>
<parent_test>Regkey Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal, pattern match</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="trustee_sid" type="oval:subtestStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The security identifier (SID) of the specified trustee name.</xsd:documentation>
<xsd:appinfo>
<parent_test>Regkey Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal, pattern match</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_delete" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to delete the object.</xsd:documentation>
<xsd:appinfo>
<parent_test>Regkey Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_read_control" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to read the information in the object's security descriptor, not including the information in the SACL.</xsd:documentation>
<xsd:appinfo>
<parent_test>Regkey Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_write_dac" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to modify the DACL in the object's security descriptor.</xsd:documentation>
<xsd:appinfo>
<parent_test>Regkey Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_write_owner" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to change the owner in the object's security descriptor.</xsd:documentation>
<xsd:appinfo>
<parent_test>Regkey Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_synchronize" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Windows NT/2000: The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.</xsd:documentation>
<xsd:appinfo>
<parent_test>Regkey Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="access_system_security" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Indicates access to a system access control list (SACL).</xsd:documentation>
<xsd:appinfo>
<parent_test>Regkey Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_read" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Read access.</xsd:documentation>
<xsd:appinfo>
<parent_test>Regkey Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_write" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Write access.</xsd:documentation>
<xsd:appinfo>
<parent_test>Regkey Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_execute" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
</xsd:documentation>
<xsd:appinfo>
<parent_test>Regkey Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_all" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
</xsd:documentation>
<xsd:appinfo>
<parent_test>Regkey Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_query_value" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
</xsd:documentation>
<xsd:appinfo>
<parent_test>Regkey Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_set_value" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
</xsd:documentation>
<xsd:appinfo>
<parent_test>Regkey Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_create_sub_key" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
</xsd:documentation>
<xsd:appinfo>
<parent_test>Regkey Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_enumerate_sub_keys" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
</xsd:documentation>
<xsd:appinfo>
<parent_test>Regkey Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_notify" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
</xsd:documentation>
<xsd:appinfo>
<parent_test>Regkey Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_create_link" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
</xsd:documentation>
<xsd:appinfo>
<parent_test>Regkey Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_wow64_64key" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
</xsd:documentation>
<xsd:appinfo>
<parent_test>Regkey Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_wow64_32key" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
</xsd:documentation>
<xsd:appinfo>
<parent_test>Regkey Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_wow64_res" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
</xsd:documentation>
<xsd:appinfo>
<parent_test>Regkey Audited Permissions Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
|
XSD Schema Diagram:
