inspec/www/demo/content/tutorial.yml

# Demos
demos:
- demo: 0:intro
  title: InSpec Introduction
  desc: |
    Welcome to the interactive InSpec demo. You will learn how to use the command line and shell and get an introduction to all aspects of the language.

    To navigate this demo, type `next` to move forward and `prev` to move back.
    Use `clear` to clear the terminal screen.
- demo: 1:inspec-help
  title: InSpec Help
  desc: |
    InSpec is called via


    ```
    inspec
    ```


    Try it out!  You will see the help menu. You can also view it with:


    ```
    inspec help
    ```
- demo: 1:inspec-help-cmd
  title: InSpec Help Subcommands
  desc: |
    This list of subcommands may be intimidating at first. It is easy to get help on any of these commands via `inspec help <COMMAND>`. Let's try it out for a few:


    ```
    inspec help version
    ```


    ```
    inspec help detect
    ```


    ```
    inspec help exec
    ```
- demo: 1:inspec-version
  title: InSpec Version
  desc: |
    The easiest subcommand is `inspec version`. It tells you which version of InSpec is running.
- demo: 1:inspec-check
  title: InSpec Check
  desc: |
    The most frequent use of InSpec is to execute profiles. You can find the `examples/profile` in the InSpec repository. Before executing it for the first time, let's verify if it is valid profile


    ```
    inspec check examples/profile
    ```


    This command is not only used for syntax testing and linting, but can also provide information on valid profiles including its version and control overview.
- demo: 1:inspec-exec
  title: InSpec Exec
  desc: |
    Let's try testing some profiles! To run the profile and test the local machine, type:


    ```
    inspec exec examples/profile
    ```


    The result is shown in the report.
- demo: 1:inspec-exec-ssh
  title: InSpec Exec SSH
  desc: |
    InSpec can also test your remote machines! Let's assume there is node `host.node` registered with SSH configured for user `bob` with a keyfile in the current directory (`bob.rsa`). You can run the same profile against this node via:


    ```
    inspec exec examples/profile -t ssh://bob@host.node -i bob.rsa
    ```
- demo: 1:inspec-exec-ssh-long
  title: InSpec Exec SSH (More Options)
  desc: |
    The wonderful `-t` option (or `--target`) is a shorthand for specifying all fields separately:


    ```
    inspec exec examples/profile -b ssh --host host.node --user bob -i bob.rsa
    ```


    For more options try:


    ```
    inspec help exec
    ```
- demo: 1:inspec-exec-winrm
  title: InSpec Exec WinRm
  desc: |
    We can also scan Windows machines. Let's assume `windows.node` is configured with WinRM access for user `alice` with a password `pass`. The command will now read:


    ```
    inspec exec examples/profile -t winrm://alice:pass@windows.node
    ```
- demo: 1:inspec-exec-winrm-ssl
  title: InSpec Exec WinRm SSL
  desc: |
    The previous example is not quite realistic. Most Windows nodes with WinRM are configured to use SSL. Let's assume the user also has a self-signed certificate. It would now read


    ```
    inspec exec examples/profile -t winrm://alice:pass@windows.node --ssl --self-signed
    ```
- demo: 1:inspec-exec-docker
  title: InSpec Exec Docker
  desc: |
    InSpec also supports scanning containers. Let's try it with Docker and pick a container


    ```
    inspec exec examples/profile -t docker://abcdef123
    ```
- demo: 1:inspec-detect
  title: InSpec Detect
  desc: |
    InSpec is able to verify local and remote nodes before running tests. This is a utility command to check connections and get information on the target


    ```
    inspec detect
    ```


    ```
    inspec detect -t ssh://bob@host.node -i bob.rsa
    ```
- demo: 2:inspec-shell-c
  title: InSpec Shell Introduction
  desc: |
    Let's explore the InSpec shell. It's an integrated utility to test and debug the InSpec language. Before we start it interactively, let's try the command execution mode. It runs code and resources and prints the result.

    First, we start with the OS detection:


    ```
    inspec shell -c 'os.params'
    ```

    Another example is to test an existing resource:


    ```
    inspec shell -c 'sshd_config.Protocol'
    ```
- demo: 2:inspec-shell-c-t
  title: InSpec Shell with Remotes
  desc: |
    These commands also work with remote targets



    ```
    inspec shell -c 'sshd_config.Protocol' -t ssh://bob@host.node -i bob.rsa
    ```


    ```
    inspec shell -c 'os.params' -t docker://abcdef123
    ```
- demo: 2:inspec-shell
  title: Interactive InSpec Shell
  desc: |
    It's time to see the interactive shell! Type


    ```
    inspec shell
    ```


    You can still use `next` and `prev` to move between demos. Look at how the shell prompt looks different between the system shell and the inspec shell.
- demo: 2:inspec-shell-help
  title: InSpec Shell Help
  desc: |
    The greeting of the InSpec shell suggests to run the help command:


    ```
    help
    ```


    You will not only see the help menu, but also a quick summary of the machine where this is running.
- demo: 2:inspec-shell-help-resources
  title: InSpec Shell Help Resources
  desc: |
    To get a list of all available resources, you can type:


    ```
    help resources
    ```
- demo: 2:inspec-shell-help-resource
  title: InSpec Shell Help Subcommands
  desc: |
    To explore any of these resources, you can try:


    ```
    help file
    ```


    ```
    help command
    ```


    ```
    help os
    ```


    These 3 resources are the core trinity of all executions. All other resources reference them in some way. They lead of system interactions.
- demo: 2:inspec-shell-command
  title: InSpec Shell Commands
  desc: |
    To use any of these resources, you can call it and its arguments. Try these examples:


    ```
    command('uname -a').stdout
    ```


    ```
    file('/proc/cpuinfo').owner
    ```


    ```
    sshd_config.params
    ```
- demo: 2:inspec-shell-describe
  title: InSpec Shell - Describe Block
  desc: |
    `describe` blocks are used to create simple checks. We will create a test that verifies a file's access permissions.


    ```
    describe file('/root') do
      it { should exist }
      its('mode') { should cmp '0750'}
    end
    ```
- demo: 2:inspec-shell-control
  title: Inspec Shell - Full Control
  desc: |
    Tests can be combined in controls, which offer more context. They are mainly used for policy/compliance testing:


    ```
    control "id" do
      title "Check permissions on /root!"
      impact 0.5
      describe file('/root') do
        its('mode') { should cmp '0750'}
      end
    end
    ```
parts:
- part: InSpec commandline
  demos:
  - 1:inspec-help
  - 1:inspec-help-cmd
  - 1:inspec-version
  - 1:inspec-check
  - 1:inspec-exec
  - 1:inspec-exec-ssh
  - 1:inspec-exec-ssh-long
  - 1:inspec-exec-winrm
  - 1:inspec-exec-winrm-ssl
  - 1:inspec-exec-docker
  - 1:inspec-detect
- part: InSpec shell
  demos:
  - 2:inspec-shell-c
  - 2:inspec-shell-c-t
  - 2:inspec-shell-help
  - 2:inspec-shell-help-resources
  - 2:inspec-shell-help-resource
  - 2:inspec-shell-command
  - 2:inspec-shell-describe
  - 2:inspec-shell-control
# - part: Profiles