Need Perl file example to parse XML File

I'm sure there are TONS of Perl scripts to parse XML on the Web

I'm VERY familiar with the STIG but I'm not sure what you are looking to do.

It took me about a day to walk through it and come up with my own SQL script to look at everything I needed to look at.  Before you ask:  No, I can't give you mine.

OEM Grid Control is supposed to have a STIG checker built in:
https://docs.oracle.com/cd/E24628_01/doc.121/e36074/stig.htm

I've never tried it.

As for the question about automating:
Here is SQL from that file:  revoke <role name> from <grantee>;


Then there is:

Run the SQL statement:

  select grantee||': '||granted_role from dba_role_privs
  where grantee not in
  (&lt;list of non-applicable accounts&gt;)
  and admin_option = 'YES'
  and grantee not in
  (select distinct owner from dba_objects)
  and grantee not in
  (select grantee from dba_role_privs
   where granted_role = 'DBA')
  order by grantee;

What are you hoping to "automate"?
What nodes are you wanting to extract?

Just curious:  Why does it have to be Perl?

Our shop's Unix/Solaris scripting language of choice is Perl.  We use some bash, but by far Perl is the most popular.  Believe most of Perl scripts to parse XML on the WEB, require XML modules (i.e. XML::Parser), seriously doubt we will be able to import any modules.  We will need to use pretty much basic Perl modules that are included from the base installation.

Why automate .... in the past I have sent a DBA to our customer location for 3-4 days to manually run each STIG query on multiple databases.  I am looking not to do this in the future, and instead supply customer with a script which generates results.

Your shop's language of choice is Perl but you can only use core modules?  That doesn't make much sense.  With that restriction, you're cutting out the main reason to use Perl.  You should consider rethinking that restriction or your language of choice.

FishMonger:  trust me this is not my personal restriction being imposed.  We work in an extremely closed environment, without going into detail.  Given my personal choice we would import all the useful Perl modules available, but we severely restricted.  My DBAs are pro Perl; however, we have many J2EE software developers that are pro Python.  My staff doesn't know Python .... In your opinion should we get on the Python band-wagon now?  The only other choice is primarily the bash shell.

I personally don't like Python, so I can't recommend going that direction, but others have different opinions.

For the module access problem, I'd suggest creating you own local cpan mirror on a system that has Internet access and pull from that instead of directly from the Internet.  That way you can control the security via your internal firewalls

How to mirror CPAN

>> I am looking not to do this in the future, and instead supply customer with a script which generates results.

I can understand that but I'm still not sure automation against the STIG XML file can generate the necessary SQL in scripted format.  I asked aove what SQL/nodes your are looking to extract that can be executed without a decent level of modification?

The STIG hasn't changed much so once a script is created locally, can it not be sent out to the clients?  Have the DBA generate the scripts against a local database where they can be tested.  Then send them out and wait for the results.

Guess, I'm not really clearly what I'm looking for. ..  I want to parse the XML-STIG file.  Yes, this should be a one-time thing.  For example,

   1.  Pass argument to (script to be written) name of XML-file
   2.  Open file loop
   3.  Search each line looking for "select ", or "show parameter " ...... terminated by seim-colon
   4.  Write new file with matched from above

<< I asked aove what SQL/nodes your are looking to extract... Don't understand??    I have both Oracle RAC and single-instance node databases.