mirror of
https://github.com/inspec/inspec
synced 2024-11-22 20:53:11 +00:00
update readme
This commit is contained in:
parent
cdc977a8e6
commit
142976eade
1 changed files with 57 additions and 2 deletions
59
README.md
59
README.md
|
@ -1,6 +1,54 @@
|
||||||
# Inspec CLI
|
# Inspec
|
||||||
|
|
||||||
Test your Server, VM, or workstation.
|
## What is InSpec?
|
||||||
|
The InSpec project is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements. The project name stands for “infrastructure specification,” and it also can be thought of as an abbreviation of “inspect.”
|
||||||
|
|
||||||
|
You can use InSpec to examine any node in your infrastructure. The InSpec framework runs locally or remotely on the node being inspected. As input, it uses audit rules you write with the InSpec language. If it detects security, compliance or policy issues, they are flagged in a log.
|
||||||
|
|
||||||
|
The InSpec project includes many resources that help you write audit rules quickly and easily. Here are some examples.
|
||||||
|
|
||||||
|
* Disallow insecure protocols - In this example, the package and inetd_conf resources ensure that insecure services and protocols, such as telnet, are not used.
|
||||||
|
|
||||||
|
```ruby
|
||||||
|
describe package('telnetd') do
|
||||||
|
it { should_not be_installed }
|
||||||
|
end
|
||||||
|
|
||||||
|
describe inetd_conf do
|
||||||
|
its("telnet") { should eq nil }
|
||||||
|
end
|
||||||
|
```
|
||||||
|
|
||||||
|
* Only accept requests on secure ports - This code ensures that the web server is only listening on well-secured ports.
|
||||||
|
|
||||||
|
```ruby
|
||||||
|
describe port(80) do
|
||||||
|
it { should_not be_listening }
|
||||||
|
end
|
||||||
|
|
||||||
|
describe port(443) do
|
||||||
|
it { should be_listening }
|
||||||
|
its('protocol') {should eq 'tcp'}
|
||||||
|
end
|
||||||
|
```
|
||||||
|
|
||||||
|
* Use approved strong ciphers - This code ensures that only enterprise-compliant ciphers are used for SSH servers.
|
||||||
|
|
||||||
|
```ruby
|
||||||
|
describe sshd_config do
|
||||||
|
its('Ciphers') { should eq('chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr') }
|
||||||
|
end
|
||||||
|
```
|
||||||
|
|
||||||
|
* Test a kitchen.yml file driver - This code ensures that the Test Kitchen driver is Vagrant.
|
||||||
|
|
||||||
|
```ruby
|
||||||
|
describe yaml('.kitchen.yml') do
|
||||||
|
its('driver.name') { should eq('vagrant') }
|
||||||
|
end
|
||||||
|
```
|
||||||
|
|
||||||
|
## Test your Server, VM, or workstation.
|
||||||
|
|
||||||
Small example: Write a your checks in `test.rb`:
|
Small example: Write a your checks in `test.rb`:
|
||||||
|
|
||||||
|
@ -142,6 +190,11 @@ CONCURRENCY=3 rake test:runner
|
||||||
This will go to `test/runner` and run `kitchen test`. You can test specific
|
This will go to `test/runner` and run `kitchen test`. You can test specific
|
||||||
operating systems and configurations via test-kitchen.
|
operating systems and configurations via test-kitchen.
|
||||||
|
|
||||||
|
|
||||||
|
## Learn More
|
||||||
|
|
||||||
|
For more information see the InSpec documentation: https://github.com/chef/inspec/tree/master/docs
|
||||||
|
|
||||||
## Contributing
|
## Contributing
|
||||||
|
|
||||||
1. Fork it
|
1. Fork it
|
||||||
|
@ -152,5 +205,7 @@ operating systems and configurations via test-kitchen.
|
||||||
|
|
||||||
|
|
||||||
Copyright 2015 Chef Software Inc. All rights reserved.
|
Copyright 2015 Chef Software Inc. All rights reserved.
|
||||||
|
|
||||||
Copyright 2015 Vulcano Security GmbH. All rights reserved.
|
Copyright 2015 Vulcano Security GmbH. All rights reserved.
|
||||||
|
|
||||||
Copyright 2015 Dominik Richter. All rights reserved.
|
Copyright 2015 Dominik Richter. All rights reserved.
|
||||||
|
|
Loading…
Reference in a new issue