Unable to Skip Inspec Test os-06 (Check for SUID/ SGID blacklist) in DevSec Linux Security Baseline 2.2.0 profile


#1

Hi All,

I have been testing Chef Compliance on an Ubuntu node and am currently unable to skip Inspec control os-06 from the DevSec Linux Baseline profile. The scanner is running on the target node itself. Our target node is running the audit cookbook and then trying to report back to the compliance server. The finishing of the chef-client run is taking ten minutes due to os-06’s query timing out. A copy of the query is listed below. Despite using the skip_control command I have not been able to omit this control. Any thoughts would be appreciated.

find / -perm -4000 -o -perm -2000 -type f ! -path ‘/proc/’ ! -path ‘/var/lib/lxd/containers/’ -print 2>/dev/null | grep -v ‘^find:’

Here’s the skip_control I was attempting to perform based on the documentation found here

include_controls 'DevSec Linux Security Baseline' do
   skip_control 'os-06'
end