Inspec Security

Lets create the file called secret and store it with the Password

$ echo "Password" >> secret

Lets create the profile to check for the contents present in the secret file

Create the profile by typing the below command in the terminal

$ inspec init profile secure-profile

Now replace the example.rb file with the below contents


title "sample section"

control "secret-1.0" do                        # A unique ID for this control
  impact 0.7                                # The criticality, if this control fails.
  title "Check for the secret file content"             # A human-readable title
  desc "An optional description..."
describe file('secret') do ## Here we are using the file named as 
   it { should exist }  ## check whether the file exist or not
    its('content') { should match "Password"}
  end
end

Now try to execute the profile .you can successfully execute the profile But you could see the problem here is we are hardcoding the password which is not the good practice

For that Inspec provide us with the option attribute

Add the below line to the example.rb

pass = attribute('pass', default: 'Please specify the input with -- attrs flag', description: 'File content in the secret file')

and replace the matcher with the below line

 its('content') { should match pass}

The attribute functions expect three parameters

The variable name
Description of the variable
Default values

Now create the password.yml file with the below content

pass: Password

Now run the profile with the below command

$ inspec exec <profile-name> --attrs password.yml

Inspec-Security

Inspec Security

results matching ""

No results matching ""