Astra Linux Security Connector
Sprint: SPRINT_20251229_005_CONCEL_astra_connector
Status: Foundation Complete (OVAL parser implementation pending)
Module: Concelier
Source: distro-astra
Overview
This connector ingests security advisories from Astra Linux, a FSTEC-certified Russian Linux distribution based on Debian. It is the final piece completing cross-distro vulnerability intelligence coverage in StellaOps.
Astra Linux Context
- Base: Debian GNU/Linux
- Certification: FSTEC (Federal Service for Technical and Export Control of Russia)
- Target Markets: Russian government, defense, critical infrastructure
- Version Format: dpkg EVR (Epoch-Version-Release, inherited from Debian)
- Advisory Format: OVAL XML (Open Vulnerability Assessment Language)
Architecture
Component Structure
StellaOps.Concelier.Connector.Astra/
├── AstraConnector.cs # IFeedConnector implementation
├── AstraConnectorPlugin.cs # Plugin registration
├── AstraTrustDefaults.cs # Trust vector configuration
├── Configuration/
│ └── AstraOptions.cs # Configuration options
└── IMPLEMENTATION_NOTES.md # Implementation guide
Advisory Sources
-
Primary: Astra Linux OVAL Repository
- URL:
https://download.astralinux.ru/astra/stable/oval/ - Format: OVAL XML per-version files (e.g.,
astra-linux-1.7-oval.xml) - Authentication: Public access (no auth required)
- URL:
-
Secondary (Optional): FSTEC Vulnerability Database
- Provides additional FSTEC-certified vulnerability data
- Configurable via
FstecDatabaseUrioption
Configuration
Options (AstraOptions.cs)
| Option | Type | Default | Description |
|---|---|---|---|
BulletinBaseUri |
Uri | https://astra.ru/en/support/security-bulletins/ |
Reference URL for bulletins (HTML) |
OvalRepositoryUri |
Uri | https://download.astralinux.ru/astra/stable/oval/ |
OVAL database repository |
FstecDatabaseUri |
Uri? | null |
Optional FSTEC database URL |
RequestTimeout |
TimeSpan | 120s |
HTTP request timeout (OVAL files can be large) |
RequestDelay |
TimeSpan | 500ms |
Delay between requests (politeness) |
FailureBackoff |
TimeSpan | 15m |
Backoff on fetch failure |
MaxDefinitionsPerFetch |
int | 100 |
Max vulnerability definitions per iteration |
InitialBackfill |
TimeSpan | 365d |
Initial sync period |
ResumeOverlap |
TimeSpan | 7d |
Overlap window for updates |
UserAgent |
string | StellaOps.Concelier.Astra/0.1 |
HTTP User-Agent |
OfflineCachePath |
string? | null |
Offline cache directory (air-gap mode) |
Example Configuration
# etc/concelier/connectors/astra.yaml
astra:
ovalRepositoryUri: "https://download.astralinux.ru/astra/stable/oval/"
fstecDatabaseUri: null # Optional
requestTimeout: "00:02:00"
requestDelay: "00:00:00.500"
maxDefinitionsPerFetch: 100
initialBackfill: "365.00:00:00"
offlineCachePath: "/var/lib/stellaops/feeds/astra/" # Air-gap mode
Trust Vectors
Trust scoring reflects advisory quality and determinism guarantees.
Default Vector (Official OVAL)
| Dimension | Score | Rationale |
|---|---|---|
| Provenance | 0.95 | Official FSTEC-certified source, government-backed |
| Coverage | 0.90 | Comprehensive for Astra-specific packages |
| Replayability | 0.85 | OVAL XML is structured and deterministic |
FSTEC Database Vector
| Dimension | Score | Rationale |
|---|---|---|
| Provenance | 0.92 | Official but secondary source |
| Coverage | 0.85 | May not cover all Astra-specific patches |
| Replayability | 0.80 | Consistent format but potential gaps |
Minimum Acceptable Threshold
- Provenance: ≥ 0.70
- Coverage: ≥ 0.60
- Replayability: ≥ 0.50
Version Comparison
Astra Linux uses Debian EVR (Epoch-Version-Release) versioning, inherited from its Debian base.
Version Matcher
// Astra reuses existing DebianVersionComparer
var comparer = new DebianVersionComparer();
comparer.Compare("1:2.4.1-5astra1", "1:2.4.1-4") > 0 // true
Examples
| Version A | Version B | Comparison |
|---|---|---|
1:2.4.1-5astra1 |
1:2.4.1-4 |
A > B |
2.3.0 |
2.3.0-1 |
A < B (missing release) |
1:1.0-1 |
2.0-1 |
A > B (epoch wins) |
Implementation Status
✅ Completed (Foundation)
- ASTRA-001: Research complete - OVAL XML format identified
- ASTRA-002: Project structure created and compiling
- ASTRA-003: IFeedConnector interface fully implemented
FetchAsync()- Stub with OVAL fetch logicParseAsync()- Stub for OVAL XML parsingMapAsync()- Stub for DTO to Advisory mapping
- ASTRA-005: Version comparison (reuses
DebianVersionComparer) - ASTRA-007: Configuration options complete (
AstraOptions.cs) - ASTRA-009: Trust vectors configured (
AstraTrustDefaults.cs)
🚧 In Progress
- ASTRA-004: OVAL XML parser implementation (3-5 days estimated)
- ASTRA-008: DTO to Advisory mapping
- ASTRA-012: Documentation (this file)
⏳ Pending
- ASTRA-006: Package name normalization
- ASTRA-010: Integration tests with mock OVAL data
- ASTRA-011: Sample advisory corpus for regression testing
OVAL XML Format
Astra Linux uses the OVAL (Open Vulnerability Assessment Language) standard for security definitions.
Key Characteristics
- Format: XML (structured, deterministic)
- Scope: Per-version databases (e.g., Astra Linux 1.7, 1.8)
- Size: Several MB per version (thousands of definitions)
- Update Frequency: Regular updates from Astra Linux team
OVAL Database Structure
<oval_definitions>
<definitions>
<definition id="oval:com.astralinux:def:20251234">
<metadata>
<title>CVE-2025-1234: Vulnerability in package-name</title>
<affected family="unix">
<platform>Astra Linux 1.7</platform>
</affected>
<reference source="CVE" ref_id="CVE-2025-1234"/>
</metadata>
<criteria>
<criterion test_ref="oval:com.astralinux:tst:20251234"/>
</criteria>
</definition>
</definitions>
<tests>
<dpkginfo_test id="oval:com.astralinux:tst:20251234">
<object object_ref="oval:com.astralinux:obj:1234"/>
<state state_ref="oval:com.astralinux:ste:1234"/>
</dpkginfo_test>
</tests>
<objects>
<dpkginfo_object id="oval:com.astralinux:obj:1234">
<name>package-name</name>
</dpkginfo_object>
</objects>
<states>
<dpkginfo_state id="oval:com.astralinux:ste:1234">
<evr datatype="evr_string" operation="less than">1:2.4.1-5astra1</evr>
</dpkginfo_state>
</states>
</oval_definitions>
Parsing Strategy
- Fetch OVAL XML from repository
- Parse XML into definition structures
- Extract CVE IDs, affected packages, version constraints
- Map to
Advisorydomain model - Store with trust vector and provenance metadata
Air-Gap / Offline Support
Offline Cache Mode
Set OfflineCachePath to enable air-gapped operation:
astra:
offlineCachePath: "/var/lib/stellaops/feeds/astra/"
Cache Structure
/var/lib/stellaops/feeds/astra/
├── astra-linux-1.7-oval.xml
├── astra-linux-1.8-oval.xml
├── manifest.json
└── checksums.sha256
Manual Cache Update
# Download OVAL database
curl -o /var/lib/stellaops/feeds/astra/astra-linux-1.7-oval.xml \
https://download.astralinux.ru/astra/stable/oval/astra-linux-1.7-oval.xml
# Verify checksum
sha256sum astra-linux-1.7-oval.xml
Next Steps
Immediate (Required for Production)
-
Implement OVAL XML Parser (ASTRA-004)
- Parse OVAL definitions into DTOs
- Extract CVE IDs and affected packages
- Handle version constraints (EVR ranges)
-
Implement DTO to Advisory Mapping (ASTRA-008)
- Map parsed OVAL data to
Advisorymodel - Apply trust vectors
- Generate provenance metadata
- Map parsed OVAL data to
-
Add Integration Tests (ASTRA-010)
- Mock OVAL XML responses
- Validate parsing and mapping
- Test version comparison edge cases
Future Enhancements
- Support for multiple Astra Linux versions simultaneously
- FSTEC database integration
- Performance optimization for large OVAL files
- Incremental update mechanism (delta sync)
References
Official Documentation
Related Connectors
StellaOps.Concelier.Connector.Debian- Base pattern (Debian EVR)StellaOps.Concelier.Connector.Ubuntu- OVAL parsing referenceStellaOps.Concelier.Connector.RedHat- CSAF pattern
Research Sources (2025-12-29)
License
Copyright (c) Stella Operations. Licensed under BUSL-1.1.