Documentation for Open Vulnerability and Assessment Language (OVAL®)
Definition Type: Element
Name: shadow_item
Namespace: http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#unix
Type: oval-sc:ItemType
Containing Schema: unix-system-characteristics-schema.xsd
Abstract
Documentation:
/etc/shadow. See shadow(4).
Collapse XSD Schema Diagram:
Drilldown into flag in schema unix-system-characteristics-schema_xsd Drilldown into exp_date in schema unix-system-characteristics-schema_xsd Drilldown into exp_inact in schema unix-system-characteristics-schema_xsd Drilldown into exp_warn in schema unix-system-characteristics-schema_xsd Drilldown into chg_req in schema unix-system-characteristics-schema_xsd Drilldown into chg_allow in schema unix-system-characteristics-schema_xsd Drilldown into chg_lst in schema unix-system-characteristics-schema_xsd Drilldown into password in schema unix-system-characteristics-schema_xsd Drilldown into username in schema unix-system-characteristics-schema_xsd Drilldown into message in schema oval-system-characteristics-schema_xsd Drilldown into status in schema oval-system-characteristics-schema_xsd Drilldown into id in schema oval-system-characteristics-schema_xsd Drilldown into ItemType in schema oval-system-characteristics-schema_xsdXSD Diagram of shadow_item in schema unix-system-characteristics-schema_xsd (Open Vulnerability and Assessment Language (OVAL®))
Collapse XSD Schema Code: 
<xsd:element name="shadow_item" substitutionGroup="oval-sc:item">
    <xsd:annotation>
        <xsd:documentation>/etc/shadow. See shadow(4).</xsd:documentation>
    </xsd:annotation>
    <xsd:complexType>
        <xsd:complexContent>
            <xsd:extension base="oval-sc:ItemType">
                <xsd:sequence>
                    <xsd:element name="username" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
                        <xsd:annotation>
                            <xsd:documentation>This is the name of the user for which data was gathered.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="shadowitemusername" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="unix-sc:shadow_item/unix-sc:username">
                                        <sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id" /> - datatype attribute for the username entity of a shadow_item should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="password" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
                        <xsd:annotation>
                            <xsd:documentation>This is the encrypted version of the user's password.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="shadowitempassword" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="unix-sc:shadow_item/unix-sc:password">
                                        <sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id" /> - datatype attribute for the password entity of a shadow_item should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="chg_lst" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
                        <xsd:annotation>
                            <xsd:documentation>This is the date of the last password change in days since 1/1/1970.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="shadowitemchg_lst" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="unix-sc:shadow_item/unix-sc:chg_lst">
                                        <sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id" /> - datatype attribute for the chg_lst entity of a shadow_item should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="chg_allow" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
                        <xsd:annotation>
                            <xsd:documentation>This specifies how often in days a user may change their password. It can also be thought of as the minimum age of a password.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="shadowitemchg_allow" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="unix-sc:shadow_item/unix-sc:chg_allow">
                                        <sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id" /> - datatype attribute for the chg_allow entity of a shadow_item should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="chg_req" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
                        <xsd:annotation>
                            <xsd:documentation>This describes how long a user can keep a password before the system forces her to change it.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="shadowitemchg_req" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="unix-sc:shadow_item/unix-sc:chg_req">
                                        <sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id" /> - datatype attribute for the chg_req entity of a shadow_item should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="exp_warn" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
                        <xsd:annotation>
                            <xsd:documentation>This describes how long before password expiration the system begins warning the user. The system will warn the user at each login.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="shadowitemexp_warn" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="unix-sc:shadow_item/unix-sc:exp_warn">
                                        <sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id" /> - datatype attribute for the exp_warn entity of a shadow_item should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="exp_inact" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
                        <xsd:annotation>
                            <xsd:documentation>This describes how many days of account inactivity the system will wait after a password expires before locking the account? This window, usually only set to a few days, gives users who are logging in very seldomly a bit of extra time to receive the password expiration warning and change their password.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="shadowitemexp_inact" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="unix-sc:shadow_item/unix-sc:exp_inact">
                                        <sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id" /> - datatype attribute for the exp_inact entity of a shadow_item should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="exp_date" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
                        <xsd:annotation>
                            <xsd:documentation>This speicifies when will the account's password expire, in days since 1/1/1970.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="shadowitemexp_date" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="unix-sc:shadow_item/unix-sc:exp_date">
                                        <sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id" /> - datatype attribute for the exp_date entity of a shadow_item should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="flag" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
                        <xsd:annotation>
                            <xsd:documentation>This is a reserved field that the shadow file may use in the future.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="shadowitemflag" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="unix-sc:shadow_item/unix-sc:flag">
                                        <sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id" /> - datatype attribute for the flag entity of a shadow_item should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                </xsd:sequence>
            </xsd:extension>
        </xsd:complexContent>
    </xsd:complexType>
</xsd:element>
Collapse Child Elements:
Name Type Min Occurs Max Occurs
message oval-sc:message 0 1
username unix-sc:username 0 1
password unix-sc:password 0 1
chg_lst unix-sc:chg_lst 0 1
chg_allow unix-sc:chg_allow 0 1
chg_req unix-sc:chg_req 0 1
exp_warn unix-sc:exp_warn 0 1
exp_inact unix-sc:exp_inact 0 1
exp_date unix-sc:exp_date 0 1
flag unix-sc:flag 0 1
Collapse Child Attributes:
Name Type Default Value Use
id oval-sc:id Required
status oval-sc:status exists Optional
Collapse Derivation Tree:
Collapse References:
oval-sc:item
Documentation for Open Vulnerability and Assessment Language (OVAL®)

Generated using Liquid Studio - Developer Bundle 21.0.0.0