On 3/12/12 5:59 PM, Jeffrey Blank wrote:
We'll shortly be committing a script to do checking for consistency between our OVAL and XCCDF. This should detect situations such as:
a reference from an XCCDF rule to an OVAL definition that doesn't exist.
an XCCDF rule exists (and is used in a profile) but doesn't include any reference to a check.
mismatch between filename and OVAL definition name (as this is an important convention for our approach to modular definitions)
I think the following would be helpful too:
4) An XCCDF rule exists and isn't used in a profile
5) Any checks that are not present in an XCCDF rule (I can't imagine there would actually be any of these given how we've been making XCCFD then the checks, but it'd be good to watch for)