Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

respect inspec.yml supports with include_controls #1049

Closed
chris-rock opened this issue Sep 12, 2016 · 0 comments
Closed

respect inspec.yml supports with include_controls #1049

chris-rock opened this issue Sep 12, 2016 · 0 comments
Milestone
0.35.0

Comments

@chris-rock
Copy link
Contributor

chris-rock commented Sep 12, 2016
edited
Loading

Description

Whenever we build a meta-profile, we include controls from dependent profiles as following:

include_controls 'ssh-hardening'
include_controls 'os-hardening'
include_controls 'ssl-benchmark'
include_controls 'linux'
include_controls 'windows-patch-benchmark'

At this point, the include_controls do not respect the meta information attached in the dependent inspec.yml. controls should be skipped, if the supports from inspec.yml is not matching.

eg. os-hardening only executed on Linux:

name: os-hardening
title: Hardening Framework OS Hardening Test Suite
maintainer: Hardening Framework Team
copyright: Hardening Framework Team
copyright_email: hello@hardening.io
license: Apache 2 license
summary: Test-suite for best-preactice os hardening
version: 1.0.0
supports:
  - os-family: linux

the windows-patch-benchmark only executes on Windows:

name: windows-patch-benchmark
title: Windows Patch Benchmark
summary: Verifies all patches are applied
version: 0.3.0

maintainer: Christoph Hartmann
copyright: Christoph Hartmann
copyright_email: chris@lollyrock.com
license: MPLv2

supports:
  - os-family: windows

At this point, we do not allow an override of supports at the parent profile.

InSpec and Platform Version

0.34.0
@chris-rock chris-rock added this to the 0.35.0 milestone Sep 12, 2016
@arlimus arlimus added the ready label Sep 12, 2016
stevendanna added a commit that referenced this issue Sep 14, 2016
@stevendanna
Skip controls from profile's that don't support the current platform
f2e587f 
Any controls included from profiles that don't support our current
platform are now marked as skipped.

Fixes #1049
@stevendanna stevendanna mentioned this issue Sep 14, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.35.0
Development

No branches or pull requests
4 participants
@adamhjk @stevendanna @chris-rock @arlimus