Documentation for Open Vulnerability and Assessment Language (OVAL®)
Definition Type: Element
Name: shadow_state
Namespace: http://oval.mitre.org/XMLSchema/oval-definitions-5#unix
Type: oval-def:StateType
Containing Schema: unix-definitions-schema.xsd
Abstract
Documentation:
The shadows_state element defines the different information associated with the system shadow file. Please refer to the individual elements in the schema for more details about what each represents.
Collapse XSD Schema Diagram:
Drilldown into flag in schema unix-definitions-schema_xsd Drilldown into exp_date in schema unix-definitions-schema_xsd Drilldown into exp_inact in schema unix-definitions-schema_xsd Drilldown into exp_warn in schema unix-definitions-schema_xsd Drilldown into chg_req in schema unix-definitions-schema_xsd Drilldown into chg_allow in schema unix-definitions-schema_xsd Drilldown into chg_lst in schema unix-definitions-schema_xsd Drilldown into password in schema unix-definitions-schema_xsd Drilldown into username in schema unix-definitions-schema_xsd Drilldown into notes in schema oval-definitions-schema_xsd Drilldown into Signature in schema xmldsig-core-schema_xsd Drilldown into deprecated in schema oval-definitions-schema_xsd Drilldown into comment in schema oval-definitions-schema_xsd Drilldown into operator in schema oval-definitions-schema_xsd Drilldown into version in schema oval-definitions-schema_xsd Drilldown into id in schema oval-definitions-schema_xsd Drilldown into StateType in schema oval-definitions-schema_xsdXSD Diagram of shadow_state in schema unix-definitions-schema_xsd (Open Vulnerability and Assessment Language (OVAL®))
Collapse XSD Schema Code: 
<xsd:element name="shadow_state" substitutionGroup="oval-def:state">
    <xsd:annotation>
        <xsd:documentation>The shadows_state element defines the different information associated with the system shadow file. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation>
    </xsd:annotation>
    <xsd:complexType>
        <xsd:complexContent>
            <xsd:extension base="oval-def:StateType">
                <xsd:sequence>
                    <xsd:element name="username" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
                        <xsd:annotation>
                            <xsd:documentation>This is the name of the user being checked.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="shadowsteusername" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="unix-def:shadow_state/unix-def:username">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the username entity of a shadow_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="password" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
                        <xsd:annotation>
                            <xsd:documentation>This is the encrypted version of the user's password.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="shadowstepassword" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="unix-def:shadow_state/unix-def:password">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the password entity of a shadow_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="chg_lst" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
                        <xsd:annotation>
                            <xsd:documentation>This is the date of the last password change in days since 1/1/1970.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="shadowstechg_lst" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="unix-def:shadow_state/unix-def:chg_lst">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the chg_lst entity of a shadow_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="chg_allow" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
                        <xsd:annotation>
                            <xsd:documentation>This specifies how often in days a user may change their password. It can also be thought of as the minimum age of a password.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="shadowstechg_allow" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="unix-def:shadow_state/unix-def:chg_allow">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the chg_allow entity of a shadow_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="chg_req" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
                        <xsd:annotation>
                            <xsd:documentation>This describes how long a user can keep a password before the system forces her to change it.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="shadowstechg_req" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="unix-def:shadow_state/unix-def:chg_req">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the chg_req entity of a shadow_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="exp_warn" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
                        <xsd:annotation>
                            <xsd:documentation>This describes how long before password expiration the system begins warning the user. The system will warn the user at each login.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="shadowsteexp_warn" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="unix-def:shadow_state/unix-def:exp_warn">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the exp_warn entity of a shadow_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="exp_inact" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
                        <xsd:annotation>
                            <xsd:documentation>The exp_inact entity describes how many days of account inactivity the system will wait after a password expires before locking the account. Unix systems are generally configured to only allow a given password to last for a fixed period of time. When this time, the chg_req parameter, is near running out, the system begins warning the user at each login. How soon before the expiration the user receives these warnings is specified in exp_warn. The only hiccup in this design is that a user may not login in time to ever receive a warning before account expiration. The exp_inact parameter gives the sysadmin flexibility so that a user who reaches the end of their expiration time gains exp_inact more days to login and change their password manually.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="shadowsteexp_inact" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="unix-def:shadow_state/unix-def:exp_inact">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the exp_inact entity of a shadow_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="exp_date" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
                        <xsd:annotation>
                            <xsd:documentation>This speicifies when will the account's password expire, in days since 1/1/1970.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="shadowsteexp_date" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="unix-def:shadow_state/unix-def:exp_date">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the exp_date entity of a shadow_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="flag" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
                        <xsd:annotation>
                            <xsd:documentation>This is a reserved field that the shadow file may use in the future.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="shadowsteflag" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="unix-def:shadow_state/unix-def:flag">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the flag entity of a shadow_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                </xsd:sequence>
            </xsd:extension>
        </xsd:complexContent>
    </xsd:complexType>
</xsd:element>
Collapse Child Elements:
Name Type Min Occurs Max Occurs
Signature ds:Signature 0 1
notes oval-def:notes 0 1
username unix-def:username 0 1
password unix-def:password 0 1
chg_lst unix-def:chg_lst 0 1
chg_allow unix-def:chg_allow 0 1
chg_req unix-def:chg_req 0 1
exp_warn unix-def:exp_warn 0 1
exp_inact unix-def:exp_inact 0 1
exp_date unix-def:exp_date 0 1
flag unix-def:flag 0 1
Collapse Child Attributes:
Name Type Default Value Use
id oval-def:id Required
version oval-def:version Required
operator oval-def:operator AND Optional
comment oval-def:comment Optional
deprecated oval-def:deprecated false Optional
Collapse Derivation Tree:
Collapse References:
oval-def:state
Documentation for Open Vulnerability and Assessment Language (OVAL®)

Generated using Liquid Studio - Developer Bundle 21.0.0.0