Custom Compliance content allows you to define your own security standards that supplement the library of security benchmarks and checks built into Automation for Secure Hosts Compliance.
Custom content is useful for enhancing Automation for Secure Hosts Compliance policies to fit your internal requirements.
Automation for Secure Hosts Compliance includes a Custom Content Software Development Kit (SDK) you can use to create, test, and build your own custom security content. You can import your custom security content to use alongside the Automation for Secure Hosts Compliance built-in security library for assessment and remediation. The ability to import custom content also allows you to version your content using a version control system of your choice, such as Git.
To use custom checks, you must first initialize the Automation for Secure Hosts Compliance Custom Content SDK. The SDK includes sample files you can modify to create your own custom checks, as well as benchmarks. The SDK also includes a Docker-based testing environment where you can test your new content.
Once your custom content is created and tested, you can build a content file and import it into Automation for Secure Hosts Compliance to begin assessing and remediating. Custom checks include a user icon custom-checks-user-icon , in contrast with Automation Config checks built-in-checks-shield-icon . Automation for Secure Hosts Compliance tracks dependencies between policies and your custom content, and provides a list of dependencies that might break if you delete the content.
Prerequisites
- Download the Automation for Secure Hosts Compliance Custom Content SDK.
- Install Docker. For more information, see Get Docker.
Procedure
Results
What to do next
After creating your custom content, you can test it by opening the command line, navigating to the Custom Content SDK sample_tests directory, and running these commands:
Command | Result |
---|---|
1. ./build.sh | Builds a docker image of CentOS7 with Salt for testing. |
2. ./up.sh | Starts the testing container |
3. ./test.sh salt-call --local state.apply locke.custom.mounts.my_first_check test=True | Runs sample tests on checks you created in the salt/locke/custom directory. You can initiate custom checks as you would normal Salt states. For more information on Salt States, see How do I use Salt States. |
4. ./down.sh | After testing is complete, run this command to shut down the testing container. |
After testing your custom content, you can build your custom content library.