11. Understand a control's structure | MITRE InSpec Assessor Course

# 11. Understand a control's structure

Let's take a look at the default control file, controls/example.rb.

title 'sample section'

# you can also use plain tests
describe file('/tmp') do
  it { should be_directory }
end

# you add controls here
control 'tmp-1.0' do                        # A unique ID for this control
  impact 0.7                                # The criticality, if this control fails.
  title 'Create /tmp directory'             # A human-readable title
  desc 'An optional description...'
  describe file('/tmp') do                  # The actual test
    it { should be_directory }
  end
end

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

Tip for developing profiles

When creating new profiles use the existing example file as a template

This example shows two tests. Both tests check for the existence of the /tmp directory. The second test provides additional information about the test. Let's break down each component.

control (line 9) is followed by the control's name. Each control in a profile has a unique name.
impact (line 10) measures the relative importance of the test and must be a value between 0.0 and 1.0.
title (line 11) defines the control's purpose.
desc (line 12) provides a more complete description of what the control checks for.
describe (lines 13 — 15) defines the test. Here, the test checks for the existence of the /tmp directory.

In Ruby, the do and end keywords define a block. An InSpec control always contains at least one describe block. However, a control can contain many describe blocks.

More information on a block in Ruby

Ruby's block syntax (opens new window)

← 10. Advanced - running InSpec against Profile Inheritance and Overlays →