Custom Compliance content allows you to define your own security standards that supplement the library of security benchmarks and checks built into SaltStack SecOps Compliance.

Custom content is useful for enhancing SaltStack SecOps Compliance policies to fit your internal requirements.

SaltStack SecOps Compliance includes a Custom Content Software Development Kit (SDK) you can use to create, test, and build your own custom security content. You can import your custom security content to use alongside the SaltStack SecOps Compliance built-in security library for assessment and remediation. The ability to import custom content also allows you to version your content using a version control system of your choice, such as Git.

To use custom checks, you must first initialize the SaltStack SecOps Compliance Custom Content SDK. The SDK includes sample files you can modify to create your own custom checks, as well as benchmarks. The SDK also includes a Docker-based testing environment where you can test your new content.

Once your custom content is created and tested, you can build a content file and import it into SaltStack SecOps Compliance to begin assessing and remediating. Custom checks include a user icon custom-checks-user-icon , in contrast with SaltStack checks built-in-checks-shield-icon . SaltStack SecOps Compliance tracks dependencies between policies and your custom content, and provides a list of dependencies that might break if you delete the content.

Prerequisites

Procedure

  1. From the command line, navigate to the directory containing the file and run the command:
    Operating System Command
    Mac OS or Linux ./secops_sdk init
    Windows secops_sdk.exe init
    No output is showed, which is expected. Your directory contains these folders and files:
    • benchmarks - Contains custom benchmark meta (.meta) files
    • salt/locke/custom - Contains custom check state (.sls) and meta (.meta) files
    • sample_tests - Contains example files for testing using Docker
    • README.md - Provides more detailed information about the SDK
  2. (Optional) Commit changes to a version-controlled repository.
  3. To create custom checks, in the Custom Content SDK, navigate to salt/locke/custom. To create custom benchmarks, skip to step 8.
    Note: All custom checks must be configured in both a state (.sls) and corresponding meta (.meta) file.
  4. Create a copy for both a sample state (.sls) and corresponding meta (.meta) file, and rename both with your desired custom name. Save both of these files together in any subdirectory of salt/locke/custom.
    Both files must be in the same directory and start with the same name, for example: my_first_check.meta and my_first_check.sls.
  5. Edit the contents of the meta file to customize the check based on your needs.
    Note: Check meta files contain references to different benchmarks. When creating custom content, ensure that you include all associated benchmarks in your check meta file.
  6. Edit the contents of the state file.
  7. Ensure both files are saved in the same directory.
  8. To create custom benchmarks, in the Custom Content SDK, navigate to the benchmarks directory. This directory contains a sample benchmark meta (.meta) file.
  9. Make a copy of Sample_benchmark.meta, and rename it with your desired custom name.
  10. Edit the contents of the meta file to customize the benchmark based on your needs.

Results

Your custom checks and benchmarks are created. If needed, you can delete a custom check or benchmark by navigating to SecOps > Checks or SecOps > Benchmarks, clicking the menu icon next to the custom content, and clicking Delete.

What to do next

After creating your custom content, you can test it by opening the command line, navigating to the Custom Content SDK sample_tests directory, and running these commands:

Command Result
1. ./build.sh Builds a docker image of CentOS7 with Salt for testing.
2. ./up.sh Starts the testing container
3. ./test.sh salt-call --local state.apply locke.custom.mounts.my_first_check test=True Runs sample tests on checks you created in the salt/locke/custom directory. You can initiate custom checks as you would normal Salt states. For more information on Salt States, see How do I use Salt States.
4. ./down.sh After testing is complete, run this command to shut down the testing container.

After testing your custom content, you can build your custom content library.