Inspec ARM

inspec-arm.md

What do I want to do

• I want to run Inspec within a Linux container (as provided by learnchef/inspec_workstation)
• my testing target is a ARM board running a Yocto Linux with .deb packages
• the connection to the target is made via SSH

My control

# encoding: utf-8

title 'Docker setup'

control 'docker' do
  impact 1.0                                
  title 'docker'                   

  describe file('/lib/systemd/system/docker.service') do
    it { should exist }
    its('owner') { should eq 'root' }
    its('group') { should eq 'root' }
  end
end

The Problem

The command I'm running (within the Docker container running on a Mac)

inspec exec /root/docker -t ssh://root:test@172.20.10.7

The result I get

Profile: InSpec Profile for ARM board
Version: 0.1.0
Target:  ssh://root@172.20.10.7:22

  ×  docker: docker (2 failed)
     ✔  File /lib/systemd/system/docker.service should exist
     ×  File /lib/systemd/system/docker.service owner should eq "root"
     
     expected: "root"
          got: nil
     
     (compared using ==)

     ×  File /lib/systemd/system/docker.service group should eq "root"
     
     expected: "root"
          got: nil
     
     (compared using ==)

Profile Summary: 0 successful controls, 1 control failure, 0 controls skipped
Test Summary: 1 successful, 2 failures, 0 skipped

When I check the file on the ARM board, I get

# ls -la /lib/systemd/system/docker.service
-rw-r--r--    1 root     root          1185 Jan  9 10:25 /lib/systemd/system/docker.service

Debugging with inspec shell

# inspec shell -t ssh://root:test@172.20.10.7

You are currently running on:
    Name:      debian
    Families:  debian, linux, unix
    Release:   9.0
    Arch:      aarch64
inspec> puts inspec.os['name']
debian
=> nil
inspec> puts inspec.os['platform']
{:arch=>"aarch64", :release=>"9.0"}
=> nil
inspec> puts inspec.os[:family]
debian
=> nil

inspec>