Independent: Environment Variable 58
Description
The Independent: Environment Variable 58 test is used to check an environment variable for the specified process, which is identified by its process ID, on the system.
The environmentvariable58_object element is used by an environmentvariable58_test to define the specific environment variable(s) and process IDs to be evaluated. If a tool is unable to collect the environment variables of another process, an error must be reported.
The environmentvariable58_state element contains three entities that are used to check the name of the specified environment variable, the process ID of the process from which the environment variable was retrieved, and the value associated with the environment variable.
Technical Details
Artifact Parameters
independent:environmentvariable58_v1
Name |
Type |
Description |
|---|---|---|
name |
string |
This element describes the name of an environment variable. Cannot be blank. |
check_existence |
string |
Defines how many items should be collected. |
- NOTE: The
check_existenceparameter is governed by a constraint allowing only the following values: all_exist
any_exist
at_least_one_exists
none_exist
only_one_exists
Supported Test Types
Independent: Environment Variable 58
Test Type Parameters
independent:environmentvariable58_v1
Name |
Type |
Description |
|---|---|---|
check |
string |
Defines how many collected items must match the expected state. |
operation |
string |
Comparison operation. |
datatype |
string |
Data type. |
value |
string |
The actual value of the specified environment variable. Cannot be blank. |
- NOTE: The
checkparameter is governed by a constraint allowing only the following values: all
at least one
none satisfy
only one
- NOTE: The
operationparameter is governed by a constraint allowing only the following values: equals
not equal
case insensitive equals
case insensitive not equal
greater than
less than
greater than or equal
less than or equal
bitwise and
bitwise or
pattern match
subset of
superset of
- NOTE: The
datatypeparameter is governed by a constraint allowing only the following values: boolean
float
int
string
version
set
Generated Content
independent:environmentvariable58_v1
XCCDF+AE
This is what the AE check looks like, inside a Rule, in the XCCDF.
<xccdf:check system="https://benchmarks.cisecurity.org/ae/0.5">
<xccdf:check-content>
<ae:artifact_expression id="xccdf_org.cisecurity.benchmarks_ae_[SECTION-NUMBER]">
<ae:artifact_oval_id>[ARTIFACT-OVAL-ID]</ae:artifact_oval_id>
<ae:title>[ARTIFACT-TITLE]</ae:title>
<ae:artifact type="[ARTIFACT-TYPE-NAME]">
<ae:parameters>
<ae:parameter dt="string" name="name">[name.value]</ae:parameter>
<ae:parameter dt="string" name="check_existence">[check_existence.value]</ae:parameter>
</ae:parameters>
</ae:artifact>
<ae:test type="[TEST-TYPE-NAME]">
<ae:parameters>
<ae:parameter dt="string" name="check">[check.value]</ae:parameter>
<ae:parameter dt="string" name="operation">[operation.value]</ae:parameter>
<ae:parameter dt="string" name="datatype">[datatype.value]</ae:parameter>
<ae:parameter dt="string" name="value">[value.value]</ae:parameter>
</ae:parameters>
</ae:test>
<ae.profiles>
<ae:profile idref="xccdf_org.cisecurity.benchmarks_profile_Level_1" />
</ae.profiles>
</ae:artifact_expression>
</xccdf:check-content>
</xccdf:check>
SCAP
XCCDF
For independent:environmentvariable58_v1 independent:environmentvariable58_v1 artifacts, the XCCDF check looks like this. There is no Value element in the XCCDF for this artifact.
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
<check-content-ref
href="[BENCHMARK-TITLE]-oval.xml"
name="oval:org.cisecurity.benchmarks.[PLATFORM]:def:[ARTIFACT-OVAL-ID]" />
</check>
OVAL
Test
<environmentvariable58_test
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"
id="oval:org.cisecurity.benchmarks.[PLATFORM]:tst:[ARTIFACT-OVAL-ID]"
check_existence="[check_existence.value]"
check="[check.value]"
comment="[ARTIFACT-TITLE]"
version="1">
<object object_ref="oval:org.cisecurity.benchmarks.[PLATFORM]:obj:[ARTIFACT-OVAL-ID]" />
<state state_ref="oval:org.cisecurity.benchmarks.[PLATFORM]:ste:[ARTIFACT-OVAL-ID]" />
</environmentvariable58_test>
Object
<environmentvariable58_object
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"
id="oval:org.cisecurity.benchmarks.[PLATFORM]:obj:[ARTIFACT-OVAL-ID]"
comment="[ARTIFACT-TITLE]"
version="1">
<name>[name.value]</name>
</environmentvariable58_object>
State
<environmentvariable58_state
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"
id="oval:org.cisecurity.benchmarks.[PLATFORM]:ste:[ARTIFACT-OVAL-ID]"
comment="[ARTIFACT-TITLE]"
version="1">
<value
datatype="[datatype.value]"
operation="[operation.value]">
[value.value]
</value>
</environmentvariable58_state>
YAML
artifact-expression:
artifact-unique-id: "[ARTIFACT-OVAL-ID]"
artifact-title: "[ARTIFACT-TITLE]"
artifact:
type: "[ARTIFACT-TYPE-NAME]"
parameters:
- parameter:
name: "name"
dt: "string"
value: "[name.value]"
- parameter:
name: "check_existence"
dt: "string"
value: "[check_existence.value]"
test:
type: "[TEST-TYPE-NAME]"
parameters:
- parameter:
name: "check"
dt: "string"
value: "[check.value]"
- parameter:
name: "operation"
dt: "string"
value: "operation.value]"
- parameter:
name: "datatype"
dt: "string"
value: "[datatype.value]"
- parameter:
name: "value"
dt: "string"
value: "[value.value]"
JSON
{
"artifact-expression": {
"artifact-unique-id": "[ARTIFACT-OVAL-ID]",
"artifact-title": "[ARTIFACT-TITLE]",
"artifact": {
"type": "[ARTIFACT-TYPE-NAME]",
"parameters": [
{
"parameter": {
"name": "name",
"type": "string",
"value": "[name.value]"
}
},
{
"parameter": {
"name": "check_existence",
"type": "string",
"value": "[check_existence.value]"
}
}
]
},
"test": {
"type": "[TEST-TYPE-NAME]",
"parameters": [
{
"parameter": {
"name": "check",
"dt": "string",
"value": "[check.value]"
}
},
{
"parameter": {
"name": "operation",
"dt": "string",
"value": "[operation.value]"
}
},
{
"parameter": {
"name": "datatype",
"dt": "string",
"value": "[datatype.value]"
}
},
{
"parameter": {
"name": "value",
"dt": "string",
"value": "[value.value]"
}
}
]
}
}
}