myprofile1/controls/profile1.rb
control 'pro1-con1' do
impact 0.8
title 'Profile 1 - Control 1'
describe file('/etc/hosts11111') do
its('mode') { should eq 0644 }
end
end
control 'pro1-con2' do
impact 0.9
title 'Profile 1 - Control 2'
tag 'password'
describe file('/etc/222222') do
it { should exist }
end
only_if { 1 == 2 }
end
control 'pro1-con3' do
impact 1
title 'Profile 1 - Control 3'
describe file('/tmp/33333') do
it { should exist }
end
describe file('/etc/44444') do
it { should exist }
end
end
control 'pro1-con4' do
impact 0.9
title 'Profile 1 - Control 4'
describe file('/etc/4-1') do
it { should exist }
end
describe file('/etc/4-2') do
it { should exist }
end
end
control 'pro1-con5' do
impact 0.9
title 'Profile 1 - Control 5'
describe file('/etc/55555555') do
it { should exist }
end
endwaivers.yaml
pro1-con1:
justification: Sound reasoning
run: true
pro1-con2:
justification: Sheer cleverness
run: true
pro1-con3:
expiration_date: 1977-06-01
justification: Necessity
run: false
pro1-con4:
expiration_date: 2025-06-01
justification: Whimsy
run: falsejson output for inspec exec
inspec exec ~/git/myprofile1 --waiver-file ~/git/waivers.yaml --reporter json-automate | jq .{
"platform": {
"name": "mac_os_x",
"release": "17.7.0"
},
"profiles": [
{
"name": "myprofile1",
"version": "1.0.1",
"sha256": "447542ecfb8a8800ed0146039da3af8fed047f575f6037cfba75f3b664a97ea4",
"title": "My Profile 1 title",
"maintainer": "Demo, Inc.",
"summary": "My Profile 1 summary",
"license": "Apache-2.0",
"copyright": "Demo, Inc.",
"copyright_email": "[email protected]",
"supports": [],
"attributes": [],
"groups": [
{
"id": "controls/profile1.rb",
"controls": [
"pro1-con1",
"pro1-con2",
"pro1-con3",
"pro1-con4",
"pro1-con5"
]
}
],
"controls": [
{
"id": "pro1-con1",
"title": "Profile 1 - Control 1",
"desc": null,
"descriptions": [],
"impact": 0.8,
"refs": [],
"tags": {},
"code": "control 'pro1-con1' do\n impact 0.8\n title 'Profile 1 - Control 1'\n describe file('/etc/hosts11111') do\n its('mode') { should eq 0644 }\n end\nend\n",
"source_location": {
"line": 1,
"ref": "/Users/apop/git/mycompliance-profile/myprofile1/controls/profile1.rb"
},
"waiver_data": {
"justification": "Sound reasoning",
"run": true,
"skipped_due_to_waiver": false,
"message": ""
},
"results": [
{
"status": "failed",
"code_desc": "File /etc/hosts11111 mode should eq 420",
"run_time": 0.064682,
"start_time": "2019-10-18T17:44:39+01:00",
"message": "\nexpected: 420\n got: nil\n\n(compared using ==)\n"
}
]
},
{
"id": "pro1-con2",
"title": "Profile 1 - Control 2",
"desc": null,
"descriptions": [],
"impact": 0.9,
"refs": [],
"tags": {
"password": null
},
"code": "control 'pro1-con2' do\n impact 0.9\n title 'Profile 1 - Control 2'\n tag 'password'\n describe file('/etc/222222') do\n it { should exist }\n end\n only_if { 1 == 2 }\nend\n",
"source_location": {
"line": 9,
"ref": "/Users/apop/git/mycompliance-profile/myprofile1/controls/profile1.rb"
},
"waiver_data": {
"justification": "Sheer cleverness",
"run": true,
"skipped_due_to_waiver": false,
"message": ""
},
"results": [
{
"status": "skipped",
"code_desc": "No-op",
"run_time": 8e-06,
"start_time": "2019-10-18T17:44:40+01:00",
"resource": "No-op",
"skip_message": "Skipped control due to only_if condition."
}
]
},
{
"id": "pro1-con3",
"title": "Profile 1 - Control 3",
"desc": null,
"descriptions": [],
"impact": 1,
"refs": [],
"tags": {},
"code": "control 'pro1-con3' do\n impact 1\n title 'Profile 1 - Control 3'\n describe file('/tmp/33333') do\n it { should exist }\n end\n describe file('/etc/44444') do\n it { should exist }\n end\nend\n",
"source_location": {
"line": 19,
"ref": "/Users/apop/git/mycompliance-profile/myprofile1/controls/profile1.rb"
},
"waiver_data": {
"expiration_date": "1977-06-01",
"justification": "Necessity",
"run": false,
"skipped_due_to_waiver": false,
"message": "Waiver expired on 1977-06-01, evaluating control normally"
},
"results": [
{
"status": "failed",
"code_desc": "File /tmp/33333 should exist",
"run_time": 0.00302,
"start_time": "2019-10-18T17:44:40+01:00",
"message": "expected File /tmp/33333 to exist"
},
{
"status": "failed",
"code_desc": "File /etc/44444 should exist",
"run_time": 0.00022,
"start_time": "2019-10-18T17:44:40+01:00",
"message": "expected File /etc/44444 to exist"
}
]
},
{
"id": "pro1-con4",
"title": "Profile 1 - Control 4",
"desc": null,
"descriptions": [],
"impact": 0.9,
"refs": [],
"tags": {},
"code": "control 'pro1-con4' do\n impact 0.9\n title 'Profile 1 - Control 4'\n describe file('/etc/4-1') do\n it { should exist }\n end\n describe file('/etc/4-2') do\n it { should exist }\n end\nend\n",
"source_location": {
"line": 30,
"ref": "/Users/apop/git/mycompliance-profile/myprofile1/controls/profile1.rb"
},
"waiver_data": {
"expiration_date": "2025-06-01",
"justification": "Whimsy",
"run": false,
"skipped_due_to_waiver": true,
"message": ""
},
"results": [
{
"status": "skipped",
"code_desc": "No-op",
"run_time": 6e-06,
"start_time": "2019-10-18T17:44:40+01:00",
"resource": "No-op",
"skip_message": "Skipped control due to waiver condition: Whimsy"
}
]
},
{
"id": "pro1-con5",
"title": "Profile 1 - Control 5",
"desc": null,
"descriptions": [],
"impact": 0.9,
"refs": [],
"tags": {},
"code": "control 'pro1-con5' do\n impact 0.9\n title 'Profile 1 - Control 5'\n describe file('/etc/55555555') do\n it { should exist }\n end\nend\n",
"source_location": {
"line": 41,
"ref": "/Users/apop/git/mycompliance-profile/myprofile1/controls/profile1.rb"
},
"waiver_data": {},
"results": [
{
"status": "failed",
"code_desc": "File /etc/55555555 should exist",
"run_time": 0.00014,
"start_time": "2019-10-18T17:44:40+01:00",
"message": "expected File /etc/55555555 to exist"
}
]
}
],
"status": "loaded"
}
],
"statistics": {
"duration": 0.074509
},
"version": "4.18.5"
}