Modifying Inspec controls

weaverslodge · July 21, 2018, 2:59pm

Hi guys,

This should be an easy one - I must be doing something silly.

I’m putting together a Custom profile to match my organisations security hardening guide. I’m taking advantage of the dev-sec linux and ssh baselines for a lot of the checks and adding several of my own. What I need to do though is report against the control numbers that are in our hardening guide rather than the one used by dev-sec.

The way I intended to do this was just to modify the control and add a tag but I can’t seem to get it add the tag on an included control.

I know that I can modify the control as I can change the title, but when I look at the result I see the change title but not the tag.

Anyone any ideas ?

tsec · September 14, 2018, 6:15pm

Could you please give an example? Below is an example

control 'your_control_name' do
  tag classification: 'host_protection'
  title 'Ensure IPv6 router advertisements are not accepted'
  desc 'This setting disables the systems ability to accept IPv6 router advertisements.'

  describe kernel_parameter('net.ipv6.conf.all.accept_ra') do
    its(:value) { should eq 0 }
  end

  describe kernel_parameter('net.ipv6.conf.default.accept_ra') do
    its(:value) { should eq 0 }
  end
end

classification is the tag name and host_protection is its value.

Topic		Replies	Views
Change the Report title for inspec Report Chef InSpec	0	450	February 24, 2020
Is there a way to check node tags as an inspec guard? Chef InSpec	3	924	November 6, 2020
Need some help with custom CIS benchmarks for Windows Chef InSpec	3	735	November 1, 2022
InSpec html report title and heading change Chef InSpec	0	490	April 7, 2020
Is there a way to list all of the controls in an inspec profile? Chef InSpec	2	608	April 16, 2020

Modifying Inspec controls

Related topics