diff --git a/schemas/linux-definitions-schema.xsd b/schemas/linux-definitions-schema.xsd
index d08ce41..40d9a90 100644
--- a/schemas/linux-definitions-schema.xsd
+++ b/schemas/linux-definitions-schema.xsd
@@ -2508,6 +2508,379 @@
+
+
+
+
+
+
+ The auditdline_test is used to check the living rules of the auditd service. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a auditdline_object and the optional state element specifies the data to check.
+
+
+ auditdline_test
+ auditdline_object
+ auditdline_state
+ auditdline_item
+
+
+
+
+
+ - the object child element of a auditdline_test must reference a auditdline_object
+
+
+ - the state child element of a auditdline_test must reference a auditdline_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The auditdline_object element is used by a auditdline_test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A auditdline_object consists of an filter_key entity that is the same as the -k parameter of the auditctl -l command.
+
+
+
+
+
+
+
+
+
+ State referenced in filter for '' is of the wrong type.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ As described in the auditctl(8) manpage, the filter key is an arbitrary string of text that can be up to 31 bytes long. It can uniquely identify the audit records produced by a rule. You may have more than one key on a rule.
+ If the xsi:nil attribute is set to true, all auditd rules must be present in the system characteristics (auditdline_item).
+
+
+
+
+
+
+
+
+
+
+
+
+ The auditdline_state element defines the different information that can be used to evaluate the auditd rules. This includes the filter key, the corresponding rule and the line number of the rule. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ As described in the auditctl(8) manpage, the filter key is an arbitrary string of text that can be up to 31 bytes long. It can uniquely identify the audit records produced by a rule. You may have more than one key on a rule.
+
+
+
+
+ A rule written on a single line like returned by the auditctl -k command.
+
+
+
+
+ The line number of the rule, which can be considered as the rule number regarding that there is one rule per line. This number starts at 1 which means that the number of the first rule returned is 1.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The networkfirewall_test is used to check the living filtering rules of the network firewall on a UNIX system. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a auditdline_object and the optional state element specifies the data to check.
+
+
+ networkfirewall_test
+ networkfirewall_object
+ networkfirewall_state
+ networkfirewall_item
+
+
+
+
+
+ - the object child element of a networkfirewall_test must reference a networkfirewall_object
+
+
+ - the state child element of a networkfirewall_test must reference a networkfirewall_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The networkfirewall_object element is used by a networkfirewall_test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A networkfirewall_object provides an abstration to check authorized and blocked packets based on network interfaces and direction of the trafic.
+
+
+
+
+
+
+
+
+
+ State referenced in filter for '' is of the wrong type.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The direction (incoming, outgoing or forwarding) of the network packets.
+
+
+
+
+ This is the name of the input interface (eth0, eth1, fw0, etc.).
+ The xsi:nil attribute must set to true only when the attribute packet_direction is set to outgoing.
+
+
+
+
+ This is the name of the output interface (eth0, eth1, fw0, etc.).
+ The xsi:nil attribute must set to true only when the attribute packet_direction is set to incoming.
+
+
+
+
+
+ Action that can be taken on a network packet by the network firewall based on its configuration.
+
+
+
+
+
+
+
+
+
+
+
+
+ The networkfirewall_state element defines the different information that can be used to evaluate the network firewall configuration. This includes the packet direction, the network interfaces, the filter action, the protocol, and pairs of address/port for both source and destination. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The direction (incoming, outgoing or forwarding) of the network packets.
+
+
+
+
+ This is the name of the input interface (eth0, eth1, fw0, etc.).
+
+
+
+
+ This is the name of the output interface (eth0, eth1, fw0, etc.).
+
+
+
+
+ Action taken on a network packet by the network firewall based on its configuration.
+
+
+
+
+
+ The transport_protocol entity defines the specific transport-layer protocol, in lowercase: sctp, tcp or udp.
+
+
+
+
+ Source address of the packets. According to this OVAL datatype, it describes any IPv4/IPv6 address, address prefix, or its string representation. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+ Source port of the packets.
+
+
+
+
+ Destination address of the packets. According to this OVAL datatype, it describes any IPv4/IPv6 address, address prefix, or its string representation. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+ Destination port of the packets.
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityObjectPacketDirectionType complex type restricts a string value to a specific set of values that specify the direction of network packets. The empty string is also allowed to support empty elements associated with variable references.
+
+
+
+
+
+ Incoming packets.
+
+
+
+
+ Outgoing packets.
+
+
+
+
+ Forwarding packets.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStatePacketDirectionType complex type restricts a string value to a specific set of values that specify the direction of network packets. The empty string is also allowed to support empty elements associated with variable references.
+
+
+
+
+
+ Incoming packets.
+
+
+
+
+ Outgoing packets.
+
+
+
+
+ Forwarding packets.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityObjectFilteringActionType complex type restricts a string value to a specific set of values that specify the filtering action of the network firewall. The empty string is also allowed to support empty elements associated with variable references.
+
+
+
+
+
+ Network packets that are allowed by the firewall.
+
+
+
+
+ Network packets that are denied by the firewall.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateFilteringActionType complex type restricts a string value to a specific set of values that specify the filtering action of the network firewall. The empty string is also allowed to support empty elements associated with variable references.
+
+
+
+
+
+ Network packets that are allowed by the firewall.
+
+
+
+
+ Network packets that are denied by the firewall.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
diff --git a/schemas/linux-system-characteristics-schema.xsd b/schemas/linux-system-characteristics-schema.xsd
index a7625b9..aa22a4d 100644
--- a/schemas/linux-system-characteristics-schema.xsd
+++ b/schemas/linux-system-characteristics-schema.xsd
@@ -1108,6 +1108,101 @@
+
+
+
+
+
+ This item stores results from checking the living rules of the auditd service.
+
+
+
+
+
+
+
+ >As described in the auditctl(8) manpage, the filter key is an arbitrary string of text that can be up to 31 bytes long. It can uniquely identify the audit records produced by a rule. You may have more than one key on a rule.
+
+
+
+
+ A rule written on a single line like returned by the auditctl -k command.
+
+
+
+
+ The line number of the rule, which can be considered as the rule number regarding that there is one rule per line. This number starts at 1 which means that the number of the first rule returned is 1.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ This item stores results from checking the living configuration of the network firewall on a UNIX system.
+
+
+
+
+
+
+
+ The direction (incoming, outgoing or forwarding) of the network packets.
+
+
+
+
+ This is the name of the input interface (eth0, eth1, fw0, etc.).
+
+
+
+
+ This is the name of the output interface (eth0, eth1, fw0, etc.).
+
+
+
+
+ Action taken on a network packet by the network firewall based on its configuration.
+
+
+
+
+ The transport_protocol entity defines the specific transport-layer protocol, in lowercase: sctp, tcp or udp.
+
+
+
+
+ Source address of the packets. According to this OVAL datatype, it describes any IPv4/IPv6 address, address prefix, or its string representation. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+ Source port of the packets.
+
+
+
+
+ Destination address of the packets. According to this OVAL datatype, it describes any IPv4/IPv6 address, address prefix, or its string representation. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+ Destination port of the packets.
+
+
+
+
+
+
+
+
@@ -1403,4 +1498,57 @@
+
+
+ The EntityItemPacketDirectionType complex type restricts a string value to a specific set of values that specify the direction of network packets. The empty string is also allowed to support empty elements associated with variable references.
+
+
+
+
+
+ Incoming packets.
+
+
+
+
+ Outgoing packets.
+
+
+
+
+ Forwarding packets.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityItemFilteringActionType complex type restricts a string value to a specific set of values that specify the filtering action of the network firewall. The empty string is also allowed to support empty elements associated with variable references.
+
+
+
+
+
+ Network packets that are allowed by the firewall.
+
+
+
+
+ Network packets that are denied by the firewall.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
diff --git a/schemas/x-linux-network-auditd-definitions-schema.xsd b/schemas/x-linux-network-auditd-definitions-schema.xsd
new file mode 100644
index 0000000..6166d63
--- /dev/null
+++ b/schemas/x-linux-network-auditd-definitions-schema.xsd
@@ -0,0 +1,392 @@
+
+
+
+
+
+ The following is a description of the elements, types, and attributes that compose the Linux specific tests found in Open Vulnerability and Assessment Language (OVAL). Each test is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here.
+ The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
+
+ Linux Definition
+ 5.11.2
+ 2/26/2013 12:57:23 PM
+ Copyright (c) 2002-2013, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.
+
+
+
+
+
+
+
+
+
+
+
+ The auditdline_test is used to check the living rules of the auditd service. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a auditdline_object and the optional state element specifies the data to check.
+
+
+ auditdline_test
+ auditdline_object
+ auditdline_state
+ auditdline_item
+
+
+
+
+
+ - the object child element of a auditdline_test must reference a auditdline_object
+
+
+ - the state child element of a auditdline_test must reference a auditdline_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The auditdline_object element is used by a auditdline_test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A auditdline_object consists of an filter_key entity that is the same as the -k parameter of the auditctl -l command.
+
+
+
+
+
+
+
+
+
+ State referenced in filter for '' is of the wrong type.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ As described in the auditctl(8) manpage, the filter key is an arbitrary string of text that can be up to 31 bytes long. It can uniquely identify the audit records produced by a rule. You may have more than one key on a rule.
+ If the xsi:nil attribute is set to true, all auditd rules must be present in the system characteristics (auditdline_item).
+
+
+
+
+
+
+
+
+
+
+
+
+ The auditdline_state element defines the different information that can be used to evaluate the auditd rules. This includes the filter key, the corresponding rule and the line number of the rule. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ As described in the auditctl(8) manpage, the filter key is an arbitrary string of text that can be up to 31 bytes long. It can uniquely identify the audit records produced by a rule. You may have more than one key on a rule.
+
+
+
+
+ A rule written on a single line like returned by the auditctl -k command.
+
+
+
+
+ The line number of the rule, which can be considered as the rule number regarding that there is one rule per line. This number starts at 1 which means that the number of the first rule returned is 1.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The networkfirewall_test is used to check the living filtering rules of the network firewall on a UNIX system. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a auditdline_object and the optional state element specifies the data to check.
+
+
+ networkfirewall_test
+ networkfirewall_object
+ networkfirewall_state
+ networkfirewall_item
+
+
+
+
+
+ - the object child element of a networkfirewall_test must reference a networkfirewall_object
+
+
+ - the state child element of a networkfirewall_test must reference a networkfirewall_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The networkfirewall_object element is used by a networkfirewall_test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A networkfirewall_object provides an abstration to check authorized and blocked packets based on network interfaces and direction of the trafic.
+
+
+
+
+
+
+
+
+
+ State referenced in filter for '' is of the wrong type.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The direction (incoming, outgoing or forwarding) of the network packets.
+
+
+
+
+ This is the name of the input interface (eth0, eth1, fw0, etc.).
+ The xsi:nil attribute must set to true only when the attribute packet_direction is set to outgoing.
+
+
+
+
+ This is the name of the output interface (eth0, eth1, fw0, etc.).
+ The xsi:nil attribute must set to true only when the attribute packet_direction is set to incoming.
+
+
+
+
+
+ Action that can be taken on a network packet by the network firewall based on its configuration.
+
+
+
+
+
+
+
+
+
+
+
+
+ The networkfirewall_state element defines the different information that can be used to evaluate the network firewall configuration. This includes the packet direction, the network interfaces, the filter action, the protocol, and pairs of address/port for both source and destination. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The direction (incoming, outgoing or forwarding) of the network packets.
+
+
+
+
+ This is the name of the input interface (eth0, eth1, fw0, etc.).
+
+
+
+
+ This is the name of the output interface (eth0, eth1, fw0, etc.).
+
+
+
+
+ Action taken on a network packet by the network firewall based on its configuration.
+
+
+
+
+
+ The transport_protocol entity defines the specific transport-layer protocol, in lowercase: sctp, tcp or udp.
+
+
+
+
+ Source address of the packets. According to this OVAL datatype, it describes any IPv4/IPv6 address, address prefix, or its string representation. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+ Source port of the packets.
+
+
+
+
+ Destination address of the packets. According to this OVAL datatype, it describes any IPv4/IPv6 address, address prefix, or its string representation. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+ Destination port of the packets.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityObjectPacketDirectionType complex type restricts a string value to a specific set of values that specify the direction of network packets. The empty string is also allowed to support empty elements associated with variable references.
+
+
+
+
+
+ Incoming packets.
+
+
+
+
+ Outgoing packets.
+
+
+
+
+ Forwarding packets.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStatePacketDirectionType complex type restricts a string value to a specific set of values that specify the direction of network packets. The empty string is also allowed to support empty elements associated with variable references.
+
+
+
+
+
+ Incoming packets.
+
+
+
+
+ Outgoing packets.
+
+
+
+
+ Forwarding packets.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityObjectFilteringActionType complex type restricts a string value to a specific set of values that specify the filtering action of the network firewall. The empty string is also allowed to support empty elements associated with variable references.
+
+
+
+
+
+ Network packets that are allowed by the firewall.
+
+
+
+
+ Network packets that are denied by the firewall.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateFilteringActionType complex type restricts a string value to a specific set of values that specify the filtering action of the network firewall. The empty string is also allowed to support empty elements associated with variable references.
+
+
+
+
+
+ Network packets that are allowed by the firewall.
+
+
+
+
+ Network packets that are denied by the firewall.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/schemas/x-linux-network-auditd-system-characteristics-schema.xsd b/schemas/x-linux-network-auditd-system-characteristics-schema.xsd
new file mode 100644
index 0000000..fb7dd63
--- /dev/null
+++ b/schemas/x-linux-network-auditd-system-characteristics-schema.xsd
@@ -0,0 +1,171 @@
+
+
+
+
+
+ The following is a description of the elements, types, and attributes that compose the linux specific system characteristic items found in Open Vulnerability and Assessment Language (OVAL). Each item is an extension of the standard item element defined in the Core System Characteristic Schema. Through extension, each item inherits a set of elements and attributes that are shared amongst all OVAL Items. Each item is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core System Characteristic Schema is not outlined here.
+ The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
+
+ linux System Characteristics
+ 5.10
+ 2/26/2013 12:57:23 PM
+ Copyright (c) 2002-2013, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.
+
+
+
+
+
+
+
+
+
+
+
+ This item stores results from checking the living rules of the auditd service.
+
+
+
+
+
+
+
+ >As described in the auditctl(8) manpage, the filter key is an arbitrary string of text that can be up to 31 bytes long. It can uniquely identify the audit records produced by a rule. You may have more than one key on a rule.
+
+
+
+
+ A rule written on a single line like returned by the auditctl -k command.
+
+
+
+
+ The line number of the rule, which can be considered as the rule number regarding that there is one rule per line. This number starts at 1 which means that the number of the first rule returned is 1.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ This item stores results from checking the living configuration of the network firewall on a UNIX system.
+
+
+
+
+
+
+
+ The direction (incoming, outgoing or forwarding) of the network packets.
+
+
+
+
+ This is the name of the input interface (eth0, eth1, fw0, etc.).
+
+
+
+
+ This is the name of the output interface (eth0, eth1, fw0, etc.).
+
+
+
+
+ Action taken on a network packet by the network firewall based on its configuration.
+
+
+
+
+ The transport_protocol entity defines the specific transport-layer protocol, in lowercase: sctp, tcp or udp.
+
+
+
+
+ Source address of the packets. According to this OVAL datatype, it describes any IPv4/IPv6 address, address prefix, or its string representation. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+ Source port of the packets.
+
+
+
+
+ Destination address of the packets. According to this OVAL datatype, it describes any IPv4/IPv6 address, address prefix, or its string representation. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+ Destination port of the packets.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityItemPacketDirectionType complex type restricts a string value to a specific set of values that specify the direction of network packets. The empty string is also allowed to support empty elements associated with variable references.
+
+
+
+
+
+ Incoming packets.
+
+
+
+
+ Outgoing packets.
+
+
+
+
+ Forwarding packets.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityItemFilteringActionType complex type restricts a string value to a specific set of values that specify the filtering action of the network firewall. The empty string is also allowed to support empty elements associated with variable references.
+
+
+
+
+
+ Network packets that are allowed by the firewall.
+
+
+
+
+ Network packets that are denied by the firewall.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+