Modifying Inspec controls


#1

Hi guys,

This should be an easy one - I must be doing something silly.

I’m putting together a Custom profile to match my organisations security hardening guide. I’m taking advantage of the dev-sec linux and ssh baselines for a lot of the checks and adding several of my own. What I need to do though is report against the control numbers that are in our hardening guide rather than the one used by dev-sec.

The way I intended to do this was just to modify the control and add a tag but I can’t seem to get it add the tag on an included control.

I know that I can modify the control as I can change the title, but when I look at the result I see the change title but not the tag.

Anyone any ideas ?


#2

Could you please give an example? Below is an example

control 'your_control_name' do
  tag classification: 'host_protection'
  title 'Ensure IPv6 router advertisements are not accepted'
  desc 'This setting disables the systems ability to accept IPv6 router advertisements.'

  describe kernel_parameter('net.ipv6.conf.all.accept_ra') do
    its(:value) { should eq 0 }
  end

  describe kernel_parameter('net.ipv6.conf.default.accept_ra') do
    its(:value) { should eq 0 }
  end
end

classification is the tag name and host_protection is its value.