2015-10-23 05:37:02 +00:00
=====================================================
InSpec CLI
=====================================================
2015-10-26 10:04:24 +00:00
Use the InSpec CLI to run audit tests against targets using locally, SSH, |winrm|, or on |docker| containers.
2015-10-23 05:37:02 +00:00
Common Options
=====================================================
The following options may be used with any of the InSpec CLI subcommands:
`` -b `` , `` --backend ``
2015-10-26 10:02:59 +00:00
Specify the backend. Possible values: `` local `` (default), `` ssh `` , `` winrm `` , or `` docker `` .
2015-10-23 05:37:02 +00:00
2015-11-01 15:07:09 +00:00
`` --sudo ``
Run scans with sudo. Only activates on Unix and non-root user. Default value: `` false `` .
2015-10-23 05:37:02 +00:00
`` --host ``
The remote host to be tested.
2015-11-25 12:10:11 +00:00
`` -i `` , `` --key_files ``
2015-10-23 05:37:02 +00:00
The login key or certificate file required for remote scanning.
`` --password ``
The login password for remote scanning.
`` --path ``
2015-10-31 11:07:19 +00:00
The login path used to connect to the target for |winrm|.
2015-10-23 05:37:02 +00:00
2015-11-25 13:20:12 +00:00
`` -p `` , `` --port ``
2015-10-23 05:37:02 +00:00
The port over which remote scanning will occur.
`` --self_signed ``
2015-10-26 10:02:59 +00:00
Use to allow remote scanning with self-signed certificates for |winrm| targets. Default value: `` false `` .
2015-10-23 05:37:02 +00:00
`` --ssl ``
2015-10-26 10:02:59 +00:00
Use to require transport-layer encryption via SSL for |winrm| targets. Default value: `` false `` .
2015-10-23 05:37:02 +00:00
`` --sudo_options ``
Additional options that may be required by the sudo password for remote scanning. Default value: `` '' `` .
`` --sudo_password ``
The sudo password, if required.
2016-05-15 11:22:18 +00:00
`` --sudo_command ``
2016-05-15 15:04:23 +00:00
Alternate sudo command, if required.
2016-05-15 11:22:18 +00:00
2015-10-23 05:37:02 +00:00
`` -t `` , `` --target ``
The URI for the target of a remote scan, preceded by the target's backend. For example: `` backend://user:pass@host:port `` , where `` backend `` is one of `` docker `` , `` local `` , `` ssh `` , or `` winrm `` .
`` --user ``
The login user for remote scanning.
2015-12-04 12:35:15 +00:00
`` --json_config ``
A JSON file containing configuration options. Use `--json_config=-` to read from standard input. The file's format corresponds to the command line argument options. For example, `{"host": "example.com", "sudo": true}` is equivalent to `--host=example.com --sudo` . Command line switches override the configuration file.
`` --diagnose ``
Dump configuration values from a command line options, the configuration file, and the merged effective options.
2015-10-23 05:37:02 +00:00
check
=====================================================
2015-12-01 10:19:04 +00:00
Use `` inspec check `` to verify all tests the specified path.
2015-10-23 05:37:02 +00:00
Syntax
-----------------------------------------------------
This subcommand has the following syntax:
.. code-block :: bash
$ inspec check PATH (options)
where:
* `` PATH `` is the location against which tests are run
detect
=====================================================
Use `` inspec detect `` to detect the platform for the target.
For example, if the configuration on the target is:
.. code-block :: bash
id=$( docker run -dti ubuntu:14.04 /bin/bash )
the following command:
.. code-block :: bash
$ inspec detect -t docker://$id
will return:
.. code-block :: javascript
{"family":"ubuntu","release":"14.04","arch":null}
exec
=====================================================
2015-10-23 17:30:37 +00:00
Use `` inspec exec `` to run all tests at the specified path.
2015-10-23 05:37:02 +00:00
Syntax
-----------------------------------------------------
This subcommand has the following syntax:
.. code-block :: bash
2016-03-27 16:40:34 +00:00
$ inspec exec PATH(S) (options)
2015-10-23 05:37:02 +00:00
where:
2016-03-27 16:40:34 +00:00
* `` PATH(S) `` is one (or more) locations against which tests are run
2015-10-23 05:37:02 +00:00
Options
-----------------------------------------------------
This subcommand has additional options:
2016-03-27 16:40:34 +00:00
`` --id= ``
2015-10-23 05:37:02 +00:00
Use to attach a profile identifier to all test results.
2016-03-27 16:40:34 +00:00
`` --controls="a b c" ``
A list of controls to run. Ignore all other tests.
`` --format=FORMAT ``
Which formatter to use: progress, documentation, json
2015-10-23 05:37:02 +00:00
Examples
-----------------------------------------------------
The following examples show how to use this subcommand.
**Run a test locally**
.. code-block :: bash
$ inspec exec test.rb
2016-03-27 16:40:34 +00:00
**Run test 'tmp-01' locally and ignore other tests**
.. code-block :: bash
$ inspec exec test.rb --controls="tmp-01"
2015-10-23 05:37:02 +00:00
**Run a test on a remote host using SSH**
.. code-block :: bash
$ inspec exec test.rb -t ssh://user@hostname
**Run a test on a remote host using WinRM**
.. code-block :: bash
$ inspec exec test.rb -t winrm://Administrator@windowshost --password 'password'
**Run a test against a Docker container**
.. code-block :: bash
$ inspec exec test.rb -t docker://container_id
help
=====================================================
Use `` inspec help `` to print help for the |ctl inspec| from the command shell.
2016-06-21 18:27:56 +00:00
init
=====================================================
Use `` inspec init `` to initialize a new inspec profile
Syntax
-----------------------------------------------------
This command has the following syntax:
.. code-block :: bash
$ inspec init profile PROFILE (options)
where:
* `` PROFILE `` is the name of the profile you wish to create
Options
-----------------------------------------------------
This subcommand has additional options:
`` --overwrite ``
Overwite directory if it exists
`` --no-overwrite ``
Converse of `` --overwrite `` . (default)
2015-10-23 05:37:02 +00:00
json
=====================================================
2015-10-30 11:18:31 +00:00
Use `` inspec json `` to read all tests at the specified path, and then generate a |json| profile to standard output (stdout).
2015-10-23 05:37:02 +00:00
Syntax
-----------------------------------------------------
This subcommand has the following syntax:
.. code-block :: bash
$ inspec json PATH (options)
where:
* `` PATH `` is the location against which tests are run
Options
-----------------------------------------------------
This subcommand has additional options:
2016-03-27 16:40:34 +00:00
`` --controls="a b c" ``
Use to read only specific subset of controls in the PATH profile.
2015-10-23 05:37:02 +00:00
`` --id ``
Use to attach a profile identifier to all test results.
`` -o `` , `` --output ``
2015-10-30 11:18:31 +00:00
Use to save the |json| profile to a file instead of printing to stdout.
2015-10-23 05:37:02 +00:00
shell
=====================================================
Use `` inspec shell `` to open an interactive debugging shell.
version
=====================================================
Use `` inspec version `` to print the version of the InSpec CLI.
2015-10-26 10:02:59 +00:00
.. |winrm| replace :: Windows Remote Management
.. _winrm: https://msdn.microsoft.com/en-us/library/aa384426(v=vs.85).aspx
.. |docker| replace :: Docker
2015-10-26 10:04:24 +00:00
.. _docker: https://www.docker.com/
2015-10-31 11:07:19 +00:00
.. |json| replace :: JSON