inspec/docs/cli.rst

443 lines
8.9 KiB
ReStructuredText
Raw Normal View History

2016-08-12 11:17:55 +00:00
=====================================================
InSpec CLI
=====================================================
Use the InSpec CLI to run tests and audits against targets using local, SSH, WinRM, or Docker connections.
archive
=====================================================
Archive a profile to tar.gz (default) or zip
Syntax
-----------------------------------------------------
This subcommand has the following syntax:
.. code-block:: bash
$ inspec archive PATH
Options
-----------------------------------------------------
This subcommand has additional options:
``--ignore-errors``, ``--no-ignore-errors``
Ignore profile warnings.
``-o``, ``--output=OUTPUT``
Save the archive to a path
``--overwrite``, ``--no-overwrite``
Overwrite existing archive.
``--profiles-path=PROFILES_PATH``
Folder which contains referenced profiles.
``--tar``, ``--no-tar``
Generates a tar.gz archive.
``--zip``, ``--no-zip``
Generates a zip archive.
check
=====================================================
Verify all tests at the specified path
Syntax
-----------------------------------------------------
This subcommand has the following syntax:
.. code-block:: bash
$ inspec check PATH
Options
-----------------------------------------------------
This subcommand has additional options:
``--format=FORMAT``
``--profiles-path=PROFILES_PATH``
Folder which contains referenced profiles.
compliance
=====================================================
Chef compliance commands
Syntax
-----------------------------------------------------
This subcommand has the following syntax:
.. code-block:: bash
$ inspec compliance SUBCOMMAND ...
detect
=====================================================
Detect the target os
Syntax
-----------------------------------------------------
This subcommand has the following syntax:
.. code-block:: bash
$ inspec detect
Options
-----------------------------------------------------
This subcommand has additional options:
``-b``, ``--backend=BACKEND``
Choose a backend: local, ssh, winrm, docker.
``--format=FORMAT``
``--host=HOST``
Specify a remote host which is tested.
``--json-config=JSON_CONFIG``
Read configuration from JSON file (`-` reads from stdin).
``-i``, ``--key-files=one two three``
Login key or certificate file for a remote scan.
``-l``, ``--log-level=LOG_LEVEL``
Set the log level: info (default), debug, warn, error
``--password=PASSWORD``
Login password for a remote scan, if required.
``--path=PATH``
Login path to use when connecting to the target (WinRM).
``-p``, ``--port=N``
Specify the login port for a remote scan.
``--self-signed``, ``--no-self-signed``
Allow remote scans with self-signed certificates (WinRM).
``--ssl``, ``--no-ssl``
Use SSL for transport layer encryption (WinRM).
``--sudo``, ``--no-sudo``
Run scans with sudo. Only activates on Unix and non-root user.
``--sudo-command=SUDO_COMMAND``
Alternate command for sudo.
``--sudo-options=SUDO_OPTIONS``
Additional sudo options for a remote scan.
``--sudo-password=SUDO_PASSWORD``
Specify a sudo password, if it is required.
``-t``, ``--target=TARGET``
Simple targeting option using URIs, e.g. ssh://user:pass@host:port
``--user=USER``
The login user for a remote scan.
env
=====================================================
Output shell-appropriate completion configuration
Syntax
-----------------------------------------------------
This subcommand has the following syntax:
.. code-block:: bash
$ inspec env
exec
=====================================================
Run all test files at the specified path.
Syntax
-----------------------------------------------------
This subcommand has the following syntax:
.. code-block:: bash
$ inspec exec PATHS
Options
-----------------------------------------------------
This subcommand has additional options:
``--attrs=one two three``
Load attributes file (experimental)
``-b``, ``--backend=BACKEND``
Choose a backend: local, ssh, winrm, docker.
``--color``, ``--no-color``
Use colors in output.
``--controls=one two three``
A list of controls to run. Ignore all other tests.
``--format=FORMAT``
Which formatter to use: cli, progress, documentation, json, json-min
``--host=HOST``
Specify a remote host which is tested.
``--json-config=JSON_CONFIG``
Read configuration from JSON file (`-` reads from stdin).
``-i``, ``--key-files=one two three``
Login key or certificate file for a remote scan.
``-l``, ``--log-level=LOG_LEVEL``
Set the log level: info (default), debug, warn, error
``--password=PASSWORD``
Login password for a remote scan, if required.
``--path=PATH``
Login path to use when connecting to the target (WinRM).
``-p``, ``--port=N``
Specify the login port for a remote scan.
``--profiles-path=PROFILES_PATH``
Folder which contains referenced profiles.
``--self-signed``, ``--no-self-signed``
Allow remote scans with self-signed certificates (WinRM).
``--ssl``, ``--no-ssl``
Use SSL for transport layer encryption (WinRM).
``--sudo``, ``--no-sudo``
Run scans with sudo. Only activates on Unix and non-root user.
``--sudo-command=SUDO_COMMAND``
Alternate command for sudo.
``--sudo-options=SUDO_OPTIONS``
Additional sudo options for a remote scan.
``--sudo-password=SUDO_PASSWORD``
Specify a sudo password, if it is required.
``-t``, ``--target=TARGET``
Simple targeting option using URIs, e.g. ssh://user:pass@host:port
``--user=USER``
The login user for a remote scan.
help
=====================================================
Describe available commands or one specific command
Syntax
-----------------------------------------------------
This subcommand has the following syntax:
.. code-block:: bash
$ inspec help [COMMAND]
init
=====================================================
Scaffolds a new project
Syntax
-----------------------------------------------------
This subcommand has the following syntax:
.. code-block:: bash
$ inspec init TEMPLATE ...
json
=====================================================
Read all tests in path and generate a json summary
Syntax
-----------------------------------------------------
This subcommand has the following syntax:
.. code-block:: bash
$ inspec json PATH
Options
-----------------------------------------------------
This subcommand has additional options:
``--controls=one two three``
A list of controls to include. Ignore all other tests.
``-o``, ``--output=OUTPUT``
Save the created profile to a path
``--profiles-path=PROFILES_PATH``
Folder which contains referenced profiles.
scap
=====================================================
Scap commands
Syntax
-----------------------------------------------------
This subcommand has the following syntax:
.. code-block:: bash
$ inspec scap SUBCOMMAND ...
shell
=====================================================
Open an interactive debugging shell
Syntax
-----------------------------------------------------
This subcommand has the following syntax:
.. code-block:: bash
$ inspec shell
Options
-----------------------------------------------------
This subcommand has additional options:
``-b``, ``--backend=BACKEND``
Choose a backend: local, ssh, winrm, docker.
``-c``, ``--command=COMMAND``
``--host=HOST``
Specify a remote host which is tested.
``--json-config=JSON_CONFIG``
Read configuration from JSON file (`-` reads from stdin).
``-i``, ``--key-files=one two three``
Login key or certificate file for a remote scan.
``-l``, ``--log-level=LOG_LEVEL``
Set the log level: info (default), debug, warn, error
``--password=PASSWORD``
Login password for a remote scan, if required.
``--path=PATH``
Login path to use when connecting to the target (WinRM).
``-p``, ``--port=N``
Specify the login port for a remote scan.
``--self-signed``, ``--no-self-signed``
Allow remote scans with self-signed certificates (WinRM).
``--ssl``, ``--no-ssl``
Use SSL for transport layer encryption (WinRM).
``--sudo``, ``--no-sudo``
Run scans with sudo. Only activates on Unix and non-root user.
``--sudo-command=SUDO_COMMAND``
Alternate command for sudo.
``--sudo-options=SUDO_OPTIONS``
Additional sudo options for a remote scan.
``--sudo-password=SUDO_PASSWORD``
Specify a sudo password, if it is required.
``-t``, ``--target=TARGET``
Simple targeting option using URIs, e.g. ssh://user:pass@host:port
``--user=USER``
The login user for a remote scan.
supermarket
=====================================================
Supermarket commands
Syntax
-----------------------------------------------------
This subcommand has the following syntax:
.. code-block:: bash
$ inspec supermarket SUBCOMMAND ...
version
=====================================================
Prints the version of this tool
Syntax
-----------------------------------------------------
This subcommand has the following syntax:
.. code-block:: bash
$ inspec version