Inspec on MySQL


I’m developing anInSpec control that runs CIS compliance commands. While working on MySQL I’m stuck here :

Execute the following SQL statement to determine the Value of datadir :

show variables where variable_name = ‘datadir’;

I need to extract the output from the above command and reuse it in the next command :

ls -l /… | egrep “^d[r|w|x]{3}------\s*.\smysql\smysql\s*\d*.*mysql”

Theproblem is that the first command is an SQL Request and the second command is a terminal command.

How can I put both of them, (after getting the output of the first command and put it in the second one), in an InSpec control like the following :

control “mysql1” do
impact 1.0
title “Use dedicated Least Privileged Account for MySQL Daemon/Service”
desc “May reduce the impact of a MySQL-born vulnerability”
describe command (‘ps -ef |e grep “^mysql.*$”’) do
its(‘stdout’) { should match ‘’}