OVAL agent for Debian

Name: Pavel Vinogradov
Email: Pavel.Vinogradov@nixdev.net
Project Title: OVAL Agent for Debian

Synopsis:
  Development security update status monitoring system for management security of clusters of
Debian systems. This system based on OVAL language, which provides a uniform mechanism to check
for and report to a central server the status of security updates.

Benefits to Debian Community:
  Debian already contain much various security tools, which perform logchecking, vulnerability
checks and network monitoring, with a host of tools to check for the availability of security
updates locally. But there is no easy way to manage tens or hundreds of systems. Because most this
tools work locally, use their own information base and report format.
  Implementation of this project give following benefits:
- oval-agent to check for and report to a central server the status of security updates.
- Service for automatic conversion security advisories published on website to OVAL queries. That
would make it possible to provide all the information of updates for security utilities which
support OVAL.
- Central monitor (known as oval-server) would central station, which download or generate OVAL
patch definitions, distribute them to local agent, collect status report and display they to
system administrator.
- Generate OVAL queries from Security bug Tracker information would extend the system so that it
would be much more than just a "patch management system" and it would also make it useful for
"testing" and "sid" Debian systems.
  All this goals allow to more easily management of security big networks and Debian clusters,
make Debian more "enterprise ready" and would usefully in corporate networking with strict
firewall rules.

Project Details:
  The basic of this project is OVAL language which consist of three schemes written in Extensible
Markup Language. These schemes correspond to the three steps of the assessment process
representing system information, expressing a specific machine state, and reporting the results of
an assessment. OVAL standardize the transfer of information about vulnerability across the entire
spectrum of security tools and services.
  For work with this language we need to develop three tools:
1. Debian OVAL queries builder. This tools would operate with source information about various
security advisories and convert them to OVAL queries. They must work with various input source
format (like mailing list redistribution of advisories, the Debian web site and maybe other) and
generate OVAL XML definition of vulnerability.

2. Debian OVAL agent, which based on generic OVAL interpreter source code provided by OVAL
community, but would adapted for more integration with Debian distribution and working with Debian
package management system. They main purpose is checking client system with definitions provided
by administrator or central server. Results of this check would stored in OVAL XML schema and sent
to central server for analysis. Support for dpkg-based package system already included in OVAL
schemes, but functionality currently not implemented. Dpkg support maybe written based on
available APTInfoProbe class and must implement all function for testing OVAL definitions.

3. OVAL server is very important part, but lacking in OVAL repository. It would be implement on 
C++ language, such as agent and was used on central machine for control security status of whole
network. OVAL queries may be generated or downloaded by oval-server and cached for traffic save.
It allow oval tools to work in network with limited connection to Internet, such internal networks
in some companies.

Debian packages would built for oval-agent, oval-server and oval-server-gui. As oval-agent based
on existing source code it require additional review. OVAL language and interpreter source code
redistribute under BSD license and maybe included in Debian. Interpreter have corresponding manual
page, but build system not autotools enabled (that may cause problems with build on another
architecture). All interpreter supporting libraries included in Debian etch.

Biography:

  I am a 22 years old student from Izhevsk State Technical University in Russia. I have been using
Debian since 2001, and in 2002 fully migrated to it on all places from various other OS. During
this years i get experience in use and administration them. In last year i more and more
interesting in contributing to them. I have some submitted contributions for binkd and vpopmail
(currently removed from Debian) and work on some other now. And in this SoC i mostly interested in
Debian projects.
  Currently i pursuing a PhD in mathematical modeling and working on CS faculty as leader of our
laboratory. In laboratory i work on two direction, first - administration of our laboratory and
second - leader of software development projects.
  As a administrator of laboratory i work on unification and standardization of software and
hardware parts. I complete our domain migration in Samba/LDAP configuration and now work on
closely service integration with LDAP. Also i build Open Source development environment for our
students, including integrated wiki, VCS, bugtraq, development tools in virtual environment based
on OpenVZ with central authorization point in LDAP server.
  As a project leader i work with our students on various software project. I introduce various
Open Source software tools and technology to them, writing requirements specification and
participation with they in project. In this role i develop various web-projects in PHP, Python and
Java, write server part of our automatic ACM system (http://acm.cs.istu.ru/).
  My other works is development in Java commercial system for complex management users in LDAP
server. As part of this work i interact with vpopmail developers and it Debian maintainer for fix
some LDAP issues. 
  Currently i involved in Squid Account Management System (http://sams.perm.ru) as a C developer,
working with international team on writing OpenSource nx client for Maemo platform, and planing
work on next generation of our ACM system for increase it modularity, scalability and support
other OS for decision compilation and checking (http://dev.cs.istu.ru/acm/).
  My professional interest is a Linux system programming, virtualization technology and embedded
Linux systems. I have practical experience in C, C++ and Python languages and very much familiar
with PHP.
 
Deliverable
	Deliverable 0
	Updated project schedule with more exact task and dates.

	Deliverable 1
	Implement oval-agent for Debian. Implementation work with Debian-specific OVAL queries,
interacting with Debian package management system.

	Deliverable 2
	Implement automatic generation OVAL queries for vulnerability and patch definitions. This
information will used by oval agents and servers for checking security state of local systems.

	Deliverable 3
	Implementation of OVAL server - central monitor for cluster security status. This server
would distribute queries to OVAL agents in order to determine which systems need security updates.

	Deliverable 4
	Implementation oval-server GUI frontend for graphical presentation of client security
status. It represent oval-results received from agents and allow to manage queries sented to
agents.

    Deliverable 5
	Packaging oval-agent, oval-server and oval-server-gui for inclusions in official Debian
repository.

Project Schedule (Duration 14 weeks (28 May-31 August)): 

  Interim period (April-May): Deliverable 0 
	Continue research on the project. Read existing example code written for Debian. See
closely on RedHat OVAL definitions. Explore OVAL Compatible Products and Services(5). Experiment
with OVAL generic interpreter for determination part witch require adaptation for work in Debian.

  week 1
	Analyse OVAL Definition and OVAL System Characteristics schemes. Generate some Debian OVAL
definitions for use in oval-agent testing. Determination list of features which need to implement
for work with Debian vulnerability definitions.
  
  week 2-3 : Deliverable 1
	Adaptation of oval-agent for work with Debian package management system. Implementation
work with Debian-specific OVAL queries.
 
  week 4-5 : Deliverable 2
	Development tools for automatic generation OVAL queries from advisories published in the
website and Security Bug Tracker.
  
  week 6-11 : Deliverable 3
  	Development oval-server - central oval monitor. Implement downloading vulnerability and
patch definitions, agent querying, report handling and storage. Assignment security status for
client systems.

  week 12-13 : Deliverable 4
	Develop GUI frontend based on GTK for oval-server for graphical presentation Debian
cluster security status. 
   
  week 14 : Deliverable 5
	Build Debian packages for oval-agent, oval-server and oval-server-gui and upload it in
Debian package repository. Writing documentation for oval-server and Debian-specifics OVAL
queries, documented unimplemented ideas.