Bharathkumarraju
commented
4 years ago is there anyway i can skip specific check cis-dil-benchmark-3.4.1 in my inspec command ?
Open Bharathkumarraju opened 4 years ago
Bharathkumarraju
commented
4 years ago is there anyway i can skip specific check cis-dil-benchmark-3.4.1 in my inspec command ?
chris-rock
commented
4 years ago Thank you @Bharathkumarraju for your report. We should add an only_if condition that checks for tcp wrapper, see https://docs.chef.io/inspec/dsl_inspec/#use-only_if-to-exclude-a-specific-control. Any PR is welcome to improve the situation.
Bharathkumarraju
commented
3 years ago @chris-rock meanwhile i did some workaround for to skip the failed checks 👍 thanks!!!
We run checks with packer and my regex_to_skip variable is this.
regex_to_skip = "/^(((?!cis-dil-benchmark-1.1.[6789])(?!cis-dil-benchmark-1.1.1[01234])(?!cis-dil-benchmark-1.1.[2345])(?!cis-dil-benchmark-1.4.2)(?!cis-dil-benchmark-6.1.[3579])(?!cis-dil-benchmark-1.[16].1.[38])(?!cis-dil-benchmark-3.6.[2345])(?!cis-dil-benchmark-5.4.1.2)(?!cis-dil-benchmark-4.1.12)(?!cis-dil-benchmark-3.4.1)(?!cis-dil-benchmark-1.1.17)(?!cis-dil-benchmark-4.2.4).))*$/" provisioner "inspec" {
inspec_env_vars = ["CHEF_LICENSE=accept"]
profile = "https://github.com/dev-sec/cis-dil-benchmark"
user = "${var.aws_ssh_user}"
extra_arguments = [ "--no-distinct-exit",
"--sudo",
"--controls",
"${var.regex_to_skip}"
]
}
Hi Team,
I am running this inspec profile in my rhel8 and it failed like below... since the tcp_wrapper/tcpd is depreciated on Redhat8
× cis-dil-benchmark-3.4.1: Ensure TCP Wrappers is installed (2 failed)
Any work-aroud for this?
thanks, https://bharathkumaraju.com