Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-23 21:23:29 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1065 from chef/vj/improve-demo

Browse source 
Vj/improve demo
This commit is contained in:
Dominik Richter 2016-09-14 00:54:03 +02:00 committed by GitHub
commit 368066ed5a
44 changed files with 615 additions and 488 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
tasks/command_simulator.rb
View file

@ -1,14 +1,15 @@
# encoding: utf-8
require 'train'
require 'yaml'
require 'github/markup'
require 'json'
require 'shellwords'
# Load all commands and instructions
demos = YAML.load(File.read('www/tutorial/tutorial.yml'))['demos']
demos = YAML.load(File.read('www/tutorial/tutorial_files/tutorial.yml'))['demos']
commands = demos.map { |x| x['desc'] }.map { |x| x.scan(/```(.*?)```/m) }.flatten.map(&:strip).map { |x| x.split("\n") }
tutorial_instructions = demos.map { |x| [x['demo'], x['desc']] }
extra_commands = YAML.load(File.read('www/tutorial/commands.yml'))['commands']
tutorial_instructions = demos.map { |x| [x['title'], x['desc']] }
extra_commands = YAML.load(File.read('www/tutorial/tutorial_files/commands.yml'))['commands']
# find out if we have a single command or a multiline shell command
cmds = commands.map { |x|
@ -51,18 +52,19 @@ end
commands_file = File.new('www/tutorial/commands.json', 'w')
json = commands.map { |x| [x => create_key(x)] }.to_json
commands_file.write(json)
puts 'Wrote www/tutorial/commands.json'
puts 'Wrote www/tutorial/tutorial_files/commands.json'
# Create instructions.json file
instructions_file = File.new('www/tutorial/instructions.json', 'w')
tutorial_instructions.map! { |set| [set[0], GitHub::Markup.render('instructions.markdown', set[1])] }
instructions_file.write(tutorial_instructions.to_json)
puts 'Wrote www/tutorial/instructions.json'
puts 'Wrote www/tutorial/tutorial_files/instructions.json'
# Create extra_commands.json file used to expose the extra commands
# that have been enabled but not noted in the tutorial instructions
extra_commands_file = File.new('www/tutorial/extra_commands.json', 'w')
extra_commands_file.write(extra_commands.to_json)
puts 'Wrote www/tutorial/extra_commands.json'
puts 'Wrote www/tutorial/tutorial_files/extra_commands.json'
# Generate command results files
# Create Train connection

7
www/tutorial/README.md
View file

@ -17,7 +17,7 @@ run `npm run start` to open in your browser @ localhost:8080
## How does it work???
Well, let me tell you a story of a file named `tutorial.yml`, who lives in a directory named `inspec/www/tutorial`.
Well, let me tell you a story of a file named `tutorial.yml`, who lives in a directory named `inspec/www/tutorial/tutorial_files`.
This kind, informational file was full of content, and oh so desired to spread its knowledge.
But it knew not how to do so, for it was a simple yml file.
@ -48,9 +48,12 @@ And it was so. :)
To generate content for the tutorial, update the tutorial.yml and/or commands.yml file and
run `bundle exec rake update_demo` from the root of inspec project.
** The github-markdown gem is causing some problems with this right now. Please run the ruby file directly for the moment:
`ruby tasks/command_simulator.rb`
This will create/update two json files (commands.json and instructions.json)
This will create/update three json files (commands.json, instructions.json, extra_commands.json)
and the .txt files for the app/responses/ directory (generated from the commands included in the tutorial.yml)
Those are the files required by the app to create the demo content.
----------------------------------------------------------

28
www/tutorial/app/app.component.css
View file

@ -1,5 +1,5 @@
.main {
height: 100%;
overflow: auto;
}
.terminal-nav {
@ -24,35 +24,40 @@
}
img {
width: 200px;
height: 50px;
padding-top: 5px;
width: 160px;
height: 40px;
padding-bottom: 5px;
}
.guide {
-webkit-font-smoothing: antialiased;
color: #DDDDDD;
font-family: monospace;
font-weight: 100;
font-size: 16px;
font-family: 'Ubuntu Mono', 'Monaco', sans-serif;
letter-spacing: 1.2px;
font-size: 15px;
max-width: 1000px;
margin: auto;
padding: 1rem;
background-color: #444;
text-align: left;
line-height: 1.3;
line-height: 1.4;
}
.bold {
font-weight: bold;
.title {
color: lightskyblue;
}
p {
display: block;
}
pre {
white-space: pre-wrap;
/* This syntax is my new best friend for when nothing else works!
I'm unsure why, but attempting to set the style of code in this setting is just
not working....but this works! */
:host /deep/ code {
font-weight: bold;
font-size: 16px;
}
.cli {
@ -63,5 +68,4 @@ pre {
word-wrap: break-word;
max-width: 1200px;
margin: auto;
height: 70%;
}

4
www/tutorial/app/app.component.html
View file

@ -7,8 +7,8 @@
<img src="inspec-logo.png" alt="Inspec Logo">
<div class="main">
<div class="guide">
<p class="bold">{{title}}</p>
<pre>{{instructions}}</pre>
<p class="title">{{title}}</p>
<p [innerHTML]="formatInstructions()"></p>
</div>
<div class="cli">

24
www/tutorial/app/app.component.ts
View file

@ -24,9 +24,9 @@ export class AppComponent implements OnInit {
shell: string;
// colors for responses
red: string = " ";
white: string = " ";
black: string = " ";
red: string = "";
white: string = "";
black: string = "";
matchFound: boolean; // helps to handle no match found response
counter: number = 0; // keeps track of step number count
@ -46,6 +46,10 @@ export class AppComponent implements OnInit {
this.getExtraCmds();
}
ngAfterViewChecked() {
window.scrollTo( 0, document.body.scrollHeight );
}
// called when command entered is 'next' or 'prev'
// modifies value of counter and calls displayInstructions
updateInstructions(step) {
@ -76,15 +80,17 @@ export class AppComponent implements OnInit {
} else {
if (this.instructionsArray[this.counter][1]) {
this.title = this.instructionsArray[this.counter][0];
let text = this.instructionsArray[this.counter][1];
let formattedText = text.replace(/```/g, '');
this.instructions = formattedText;
this.instructions = this.instructionsArray[this.counter][1];
} else {
this.instructions = 'Sorry, something seems to have gone wrong. Please try refreshing your browser.';
}
}
}
formatInstructions() {
return this.instructions || '';
}
// called when a new value is emitted for command
// checks for a match, calls parseInspecShell if shell is inspec-shell
// and calls checkCommand if none of the first commands match
@ -203,7 +209,7 @@ export class AppComponent implements OnInit {
// load json file for instructions and save to instructionsArray
// call displayInstructions to load first set of instructions
getInstructions() {
this.http.get('instructions.json')
this.http.get('tutorial_files/instructions.json')
.subscribe(data => {
this.instructionsArray = JSON.parse(data['_body']);
this.displayInstructions();
@ -214,7 +220,7 @@ export class AppComponent implements OnInit {
// load json file for commands and push each object to commandsArray
getResponses() {
this.http.get('commands.json')
this.http.get('tutorial_files/commands.json')
.subscribe(data => {
let result = JSON.parse(data['_body']);
for (var i = 0; i < result.length; i++) {
@ -228,7 +234,7 @@ export class AppComponent implements OnInit {
// load json file for extra commands to display extra commands available to user
getExtraCmds() {
this.http.get('extra_commands.json')
this.http.get('tutorial_files/extra_commands.json')
.subscribe(data => {
let result = JSON.parse(data['_body']);
for (var i = 0; i < result.length; i++) {

2
www/tutorial/app/app.module.ts
View file

@ -1,3 +1,5 @@
// /<reference path="../node_modules/angular2/typings/browser.d.ts"/>
import { NgModule } from '@angular/core';
import { BrowserModule } from '@angular/platform-browser';

10
www/tutorial/app/responses/echo_command_uname_a_stdout_inspec_shell.txt
View file

@ -1,5 +1,5 @@
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
[?1034hinspec> => "Darwin vjeffrey01 15.6.0 Darwin Kernel Version 15.6.0: Mon Aug 29 20:21:34 PDT 2016; root:xnu-3248.60.11~1/RELEASE_X86_64 x86_64\n"
inspec> 
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
[?1034hinspec> => "Darwin vjeffrey01 15.6.0 Darwin Kernel Version 15.6.0: Mon Aug 29 20:21:34 PDT 2016; root:xnu-3248.60.11~1/RELEASE_X86_64 x86_64\n"
inspec> 

16
www/tutorial/app/responses/echo_control_id_do_title_Check_permissions_on_root_impact_0_5_describe_file_root_do_its_mode_should_cmp_0750_end_end_inspec_shell.txt
View file

@ -1,8 +1,8 @@
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
[?1034hinspec> inspec>  inspec>  inspec>  inspec>  inspec>  inspec>   ✖ id: File /root mode should cmp "0750" (wrong number of arguments (1 for 0))
Summary: 0 successful, 1 failures, 0 skipped
inspec> 
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
[?1034hinspec> inspec>  inspec>  inspec>  inspec>  inspec>  inspec>   ✖ id: File /root mode should cmp "0750" (wrong number of arguments (1 for 0))
Summary: 0 successful, 1 failures, 0 skipped
inspec> 

20
www/tutorial/app/responses/echo_describe_file_root_do_it_should_exist_its_mode_should_cmp_0750_end_inspec_shell.txt
View file

@ -1,10 +1,10 @@
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
[?1034hinspec> inspec>  inspec>  inspec> 
File /root
 ✖ should exist
expected File /root to exist
Summary: 0 successful, 2 failures, 0 skipped
inspec> 
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
[?1034hinspec> inspec>  inspec>  inspec> 
File /root
 ✖ should exist
expected File /root to exist
Summary: 0 successful, 2 failures, 0 skipped
inspec> 

10
www/tutorial/app/responses/echo_file_proc_cpuinfo_owner_inspec_shell.txt
View file

@ -1,5 +1,5 @@
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
[?1034hinspec> => nil
inspec> 
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
[?1034hinspec> => nil
inspec> 

54
www/tutorial/app/responses/echo_help_command_inspec_shell.txt
View file

@ -1,27 +1,27 @@
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
[?1034hinspec> Name: command
Description:
Use the command InSpec audit resource to test an arbitrary command that is run on the system.
Example:
describe command('ls -al /') do
its('stdout') { should match /bin/ }
its('stderr') { should eq '' }
its('exit_status') { should eq 0 }
end
command('ls -al /').exist? will return false. Existence of command should be checked this way.
describe command('ls') do
it { should exist }
end
Web Reference:
https://github.com/chef/inspec/blob/master/docs/resources.rst#command
inspec> 
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
[?1034hinspec> Name: command
Description:
Use the command InSpec audit resource to test an arbitrary command that is run on the system.
Example:
describe command('ls -al /') do
its('stdout') { should match /bin/ }
its('stderr') { should eq '' }
its('exit_status') { should eq 0 }
end
command('ls -al /').exist? will return false. Existence of command should be checked this way.
describe command('ls') do
it { should exist }
end
Web Reference:
https://github.com/chef/inspec/blob/master/docs/resources.rst#command
inspec> 

52
www/tutorial/app/responses/echo_help_file_inspec_shell.txt
View file

@ -1,26 +1,26 @@
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
[?1034hinspec> Name: file
Description:
Use the file InSpec audit resource to test all system file types, including files, directories, symbolic links, named pipes, sockets, character devices, block devices, and doors.
Example:
describe file('path') do
it { should exist }
it { should be_file }
it { should be_readable }
it { should be_writable }
it { should be_owned_by 'root' }
its('mode') { should cmp '0644' }
end
Web Reference:
https://github.com/chef/inspec/blob/master/docs/resources.rst#file
inspec> 
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
[?1034hinspec> Name: file
Description:
Use the file InSpec audit resource to test all system file types, including files, directories, symbolic links, named pipes, sockets, character devices, block devices, and doors.
Example:
describe file('path') do
it { should exist }
it { should be_file }
it { should be_readable }
it { should be_writable }
it { should be_owned_by 'root' }
its('mode') { should cmp '0644' }
end
Web Reference:
https://github.com/chef/inspec/blob/master/docs/resources.rst#file
inspec> 

46
www/tutorial/app/responses/echo_help_inspec_shell.txt
View file

@ -1,23 +1,23 @@
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
[?1034hinspec> 
Available commands:
`[resource]` - run resource on target machine
`help resources` - show all available resources that can be used as commands
`help [resource]` - information about a specific resource
`exit` - exit the InSpec shell
You can use resources in this environment to test the target machine. For example:
command('uname -a').stdout
file('/proc/cpuinfo').content => "value",
You are currently running on:
OS platform: mac_os_x
OS family: darwin
OS release: 10.11.6
inspec> 
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
[?1034hinspec> 
Available commands:
`[resource]` - run resource on target machine
`help resources` - show all available resources that can be used as commands
`help [resource]` - information about a specific resource
`exit` - exit the InSpec shell
You can use resources in this environment to test the target machine. For example:
command('uname -a').stdout
file('/proc/cpuinfo').content => "value",
You are currently running on:
OS platform: mac_os_x
OS family: darwin
OS release: 10.11.6
inspec> 

54
www/tutorial/app/responses/echo_help_os_inspec_shell.txt
View file

@ -1,27 +1,27 @@
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
[?1034hinspec> Name: os
Description:
Use the os InSpec audit resource to test the platform on which the system is running.
Example:
describe os.family do
it { should eq 'redhat' }
end
describe os.redhat? do
it { should eq true }
end
describe os.linux? do
it { should eq true }
end
Web Reference:
https://github.com/chef/inspec/blob/master/docs/resources.rst#os
inspec> 
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
[?1034hinspec> Name: os
Description:
Use the os InSpec audit resource to test the platform on which the system is running.
Example:
describe os.family do
it { should eq 'redhat' }
end
describe os.redhat? do
it { should eq true }
end
describe os.linux? do
it { should eq true }
end
Web Reference:
https://github.com/chef/inspec/blob/master/docs/resources.rst#os
inspec> 

10
www/tutorial/app/responses/echo_help_resources_inspec_shell.txt
View file

@ -1,5 +1,5 @@
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
[?1034hinspec> apache apache_conf apt ppa audit_policy auditd_conf auditd_rules command bash file bond bridge directory etc_group gem group grub_conf host iis_site inetd_conf interface iptables json kernel_module kernel_parameter linux_kernel_parameter limits_conf login_defs mount mssql_session mysql mysql_conf mysql_session npm ntp_conf oneget os os_env package parse_config parse_config_file passwd pip port postgres postgres_conf postgres_session powershell script processes registry_key windows_registry_key security_policy service systemd_service upstart_service sysv_service bsd_service launchd_service runit_service shadow ssl ssh_config sshd_config sys_info users user vbscript windows_feature xinetd_conf wmi yum yumrepo yaml csv ini
inspec> 
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
[?1034hinspec> apache apache_conf apt ppa audit_policy auditd_conf auditd_rules command bash file bond bridge directory etc_group gem group grub_conf host iis_site inetd_conf interface iptables json kernel_module kernel_parameter linux_kernel_parameter limits_conf login_defs mount mssql_session mysql mysql_conf mysql_session npm ntp_conf oneget os os_env package parse_config parse_config_file passwd pip port postgres postgres_conf postgres_session powershell script processes registry_key windows_registry_key security_policy service systemd_service upstart_service sysv_service bsd_service launchd_service runit_service shadow ssl ssh_config sshd_config sys_info users user vbscript windows_feature xinetd_conf wmi yum yumrepo yaml csv ini
inspec> 

20
www/tutorial/app/responses/echo_sshd_config_params_inspec_shell.txt
View file

@ -1,10 +1,10 @@
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
[?1034hinspec> => {"protocol"=>["2"],
"syslogfacility"=>["AUTHPRIV"],
"authorizedkeysfile"=>[".ssh/authorized_keys"],
"useprivilegeseparation"=>["sandbox"],
"acceptenv"=>["LANG LC_*"],
"subsystem"=>["sftp\t/usr/libexec/sftp-server"]}
inspec> 
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
[?1034hinspec> => {"protocol"=>["2"],
"syslogfacility"=>["AUTHPRIV"],
"authorizedkeysfile"=>[".ssh/authorized_keys"],
"useprivilegeseparation"=>["sandbox"],
"acceptenv"=>["LANG LC_*"],
"subsystem"=>["sftp\t/usr/libexec/sftp-server"]}
inspec> 

39
www/tutorial/app/responses/inspec.txt
View file

@ -1,19 +1,20 @@
Commands:
inspec archive PATH # archive a profile to tar.gz (default) ...
inspec check PATH # verify all tests at the specified PATH
inspec compliance SUBCOMMAND ... # Chef Compliance commands
inspec detect # detect the target OS
inspec env # Output shell-appropriate completion co...
inspec exec PATHS # run all test files at the specified PATH.
inspec help [COMMAND] # Describe available commands or one spe...
inspec init TEMPLATE ... # Scaffolds a new project
inspec json PATH # read all tests in PATH and generate a ...
inspec shell # open an interactive debugging shell
inspec supermarket SUBCOMMAND ... # Supermarket commands
inspec vendor # Download all dependencies and generate...
inspec version # prints the version of this tool
Options:
l, [--log-level=LOG_LEVEL] # Set the log level: info (default), debug, warn, error
[--log-location=LOG_LOCATION] # Location to send diagnostic log messages to. (default: STDOUT or STDERR)
[--diagnose], [--no-diagnose] # Show diagnostics (versions, configurations)
Commands:
inspec archive PATH # archive a profile to tar.gz (default) ...
inspec check PATH # verify all tests at the specified PATH
inspec compliance SUBCOMMAND ... # Chef Compliance commands
inspec detect # detect the target OS
inspec env # Output shell-appropriate completion co...
inspec exec PATHS # run all test files at the specified PATH.
inspec help [COMMAND] # Describe available commands or one spe...
inspec init TEMPLATE ... # Scaffolds a new project
inspec json PATH # read all tests in PATH and generate a ...
inspec shell # open an interactive debugging shell
inspec supermarket SUBCOMMAND ... # Supermarket commands
inspec vendor # Download all dependencies and generate...
inspec version # prints the version of this tool
Options:
l, [--log-level=LOG_LEVEL] # Set the log level: info (default), debug, warn, error
[--log-location=LOG_LOCATION] # Location to send diagnostic log messages to. (default: STDOUT or STDERR)
[--diagnose], [--no-diagnose] # Show diagnostics (versions, configurations)

10
www/tutorial/app/responses/inspec_archive_examples_profile.txt
View file

@ -1,5 +1,5 @@
I, [2016-09-11T18:48:39.514660 #65769] INFO -- : Checking profile in examples/profile
I, [2016-09-11T18:48:39.514820 #65769] INFO -- : Metadata OK.
I, [2016-09-11T18:48:39.532230 #65769] INFO -- : Found 4 controls.
I, [2016-09-11T18:48:39.532272 #65769] INFO -- : Control definitions OK.
I, [2016-09-11T18:48:39.532442 #65769] INFO -- : Archive /Users/vjeffrey/code/compliance/inspec/profile.tar.gz exists already. Use --overwrite.
I, [2016-09-12T11:14:11.355216 #80401] INFO -- : Checking profile in examples/profile
I, [2016-09-12T11:14:11.355374 #80401] INFO -- : Metadata OK.
I, [2016-09-12T11:14:11.371905 #80401] INFO -- : Found 4 controls.
I, [2016-09-12T11:14:11.371945 #80401] INFO -- : Control definitions OK.
I, [2016-09-12T11:14:11.372150 #80401] INFO -- : Archive /Users/vjeffrey/code/compliance/inspec/profile.tar.gz exists already. Use --overwrite.

14
www/tutorial/app/responses/inspec_check_examples_profile.txt
View file

@ -1,7 +1,7 @@
Location: examples/profile
Profile: profile
Controls: 4
Timestamp: 2016-09-11T18:48:28-04:00
Valid: true
No errors or warnings
Location: examples/profile
Profile: profile
Controls: 4
Timestamp: 2016-09-12T11:13:59-04:00
Valid: true
No errors or warnings

14
www/tutorial/app/responses/inspec_detect.txt
View file

@ -1,7 +1,7 @@
== Operating System Details
Name: mac_os_x
Family: darwin
Release: 10.11.6
Arch: x86_64
== Operating System Details
Name: mac_os_x
Family: darwin
Release: 10.11.6
Arch: x86_64

2
www/tutorial/app/responses/inspec_detect_format_json.txt
View file

@ -1 +1 @@
{"name":"mac_os_x","family":"darwin","release":"10.11.6","arch":"x86_64"}
{"name":"mac_os_x","family":"darwin","release":"10.11.6","arch":"x86_64"}

220
www/tutorial/app/responses/inspec_env.txt
View file

@ -1,110 +1,110 @@
function _inspec() {
local curcontext="$curcontext" state line
typeset -A opt_args
local -a _top_level_commands _compliance_commands _init_commands _supermarket_commands
_top_level_commands=(
"help:Describe\ available\ commands\ or\ one\ specific\ command"
"json:read\ all\ tests\ in\ PATH\ and\ generate\ a\ JSON\ summary"
"check:verify\ all\ tests\ at\ the\ specified\ PATH"
"vendor:Download\ all\ dependencies\ and\ generate\ a\ lockfile"
"archive:archive\ a\ profile\ to\ tar.gz\ \(default\)\ or\ zip"
"exec:run\ all\ test\ files\ at\ the\ specified\ PATH."
"detect:detect\ the\ target\ OS"
"shell:open\ an\ interactive\ debugging\ shell"
"env:Output\ shell-appropriate\ completion\ configuration"
"version:prints\ the\ version\ of\ this\ tool"
"compliance:Chef\ Compliance\ commands"
"init:Scaffolds\ a\ new\ project"
"supermarket:Supermarket\ commands"
)
_compliance_commands=(
"help:Describe\ subcommands\ or\ one\ specific\ subcommand"
"login:Log\ in\ to\ a\ Chef\ Compliance\ SERVER"
"profiles:list\ all\ available\ profiles\ in\ Chef\ Compliance"
"exec:executes\ a\ Chef\ Compliance\ profile"
"upload:uploads\ a\ local\ profile\ to\ Chef\ Compliance"
"version:displays\ the\ version\ of\ the\ Chef\ Compliance\ server"
"logout:user\ logout\ from\ Chef\ Compliance"
)
_init_commands=(
"help:Describe\ subcommands\ or\ one\ specific\ subcommand"
"profile:Create\ a\ new\ profile"
)
_supermarket_commands=(
"help:Describe\ subcommands\ or\ one\ specific\ subcommand"
"profiles:list\ all\ available\ profiles\ in\ Chef\ Supermarket"
"exec:execute\ a\ Supermarket\ profile"
"info:display\ Supermarket\ profile\ details"
)
_arguments '1:::->toplevel' && return 0
_arguments '2:::->subcommand' && return 0
_arguments '3:::->subsubcommand' && return 0
#
# Are you thinking? "Jeez, whoever wrote this really doesn't get
# zsh's completion system?" If so, you are correct. However, I
# have goodnews! Pull requests are accepted!
#
case $state in
toplevel)
_describe -t commands "InSpec subcommands" _top_level_commands
;;
subcommand)
case "$words[2]" in
archive|check|exec|json)
_alternative 'files:filenames:_files'
;;
help)
_describe -t commands "InSpec subcommands" _top_level_commands
;;
compliance)
_describe -t compliance_commands "InSpec compliance subcommands" _compliance_commands
;;
init)
_describe -t init_commands "InSpec init subcommands" _init_commands
;;
supermarket)
_describe -t supermarket_commands "InSpec supermarket subcommands" _supermarket_commands
;;
esac
;;
subsubcommand)
case "$words[2]-$words[3]" in
compliance-upload)
_alternative 'files:filenames:_files'
;;
compliance-help)
_describe -t compliance_commands "InSpec compliance subcommands" _compliance_commands
;;
init-help)
_describe -t init_commands "InSpec init subcommands" _init_commands
;;
supermarket-help)
_describe -t supermarket_commands "InSpec supermarket subcommands" _supermarket_commands
;;
esac
esac
}
compdef _inspec inspec
#
# The shell zsh was auto-detected. If this is incorrect, please
# specify a shell explicitly by running:
#
# inspec env SHELLNAME
#
# Currently supported shells are: bash, zsh
#
# To use this, eval it in your shell
#
# eval "$(inspec env zsh)"
#
#
function _inspec() {
local curcontext="$curcontext" state line
typeset -A opt_args
local -a _top_level_commands _compliance_commands _init_commands _supermarket_commands
_top_level_commands=(
"help:Describe\ available\ commands\ or\ one\ specific\ command"
"json:read\ all\ tests\ in\ PATH\ and\ generate\ a\ JSON\ summary"
"check:verify\ all\ tests\ at\ the\ specified\ PATH"
"vendor:Download\ all\ dependencies\ and\ generate\ a\ lockfile"
"archive:archive\ a\ profile\ to\ tar.gz\ \(default\)\ or\ zip"
"exec:run\ all\ test\ files\ at\ the\ specified\ PATH."
"detect:detect\ the\ target\ OS"
"shell:open\ an\ interactive\ debugging\ shell"
"env:Output\ shell-appropriate\ completion\ configuration"
"version:prints\ the\ version\ of\ this\ tool"
"compliance:Chef\ Compliance\ commands"
"init:Scaffolds\ a\ new\ project"
"supermarket:Supermarket\ commands"
)
_compliance_commands=(
"help:Describe\ subcommands\ or\ one\ specific\ subcommand"
"login:Log\ in\ to\ a\ Chef\ Compliance\ SERVER"
"profiles:list\ all\ available\ profiles\ in\ Chef\ Compliance"
"exec:executes\ a\ Chef\ Compliance\ profile"
"upload:uploads\ a\ local\ profile\ to\ Chef\ Compliance"
"version:displays\ the\ version\ of\ the\ Chef\ Compliance\ server"
"logout:user\ logout\ from\ Chef\ Compliance"
)
_init_commands=(
"help:Describe\ subcommands\ or\ one\ specific\ subcommand"
"profile:Create\ a\ new\ profile"
)
_supermarket_commands=(
"help:Describe\ subcommands\ or\ one\ specific\ subcommand"
"profiles:list\ all\ available\ profiles\ in\ Chef\ Supermarket"
"exec:execute\ a\ Supermarket\ profile"
"info:display\ Supermarket\ profile\ details"
)
_arguments '1:::->toplevel' && return 0
_arguments '2:::->subcommand' && return 0
_arguments '3:::->subsubcommand' && return 0
#
# Are you thinking? "Jeez, whoever wrote this really doesn't get
# zsh's completion system?" If so, you are correct. However, I
# have goodnews! Pull requests are accepted!
#
case $state in
toplevel)
_describe -t commands "InSpec subcommands" _top_level_commands
;;
subcommand)
case "$words[2]" in
archive|check|exec|json)
_alternative 'files:filenames:_files'
;;
help)
_describe -t commands "InSpec subcommands" _top_level_commands
;;
compliance)
_describe -t compliance_commands "InSpec compliance subcommands" _compliance_commands
;;
init)
_describe -t init_commands "InSpec init subcommands" _init_commands
;;
supermarket)
_describe -t supermarket_commands "InSpec supermarket subcommands" _supermarket_commands
;;
esac
;;
subsubcommand)
case "$words[2]-$words[3]" in
compliance-upload)
_alternative 'files:filenames:_files'
;;
compliance-help)
_describe -t compliance_commands "InSpec compliance subcommands" _compliance_commands
;;
init-help)
_describe -t init_commands "InSpec init subcommands" _init_commands
;;
supermarket-help)
_describe -t supermarket_commands "InSpec supermarket subcommands" _supermarket_commands
;;
esac
esac
}
compdef _inspec inspec
#
# The shell zsh was auto-detected. If this is incorrect, please
# specify a shell explicitly by running:
#
# inspec env SHELLNAME
#
# Currently supported shells are: bash, zsh
#
# To use this, eval it in your shell
#
# eval "$(inspec env zsh)"
#
#

32
www/tutorial/app/responses/inspec_exec_examples_inheritance.txt
View file

@ -1,16 +1,16 @@
 ○ gordon-1.0: Verify the version number of Gordon (1 skipped)
 ○ Can't find file "/tmp/gordon/config.yaml"
 ✔ File content should match nil
 ✔ ssh-1: Allow only SSH Protocol 2
 ✔ File /bin/sh should be owned by "root"
File /tmp
 ✔ should be directory
Profile: InSpec example inheritance (inheritance)
Version: 1.0.0
Target: local://
Summary: 3 successful, 0 failures, 1 skipped
 ○ gordon-1.0: Verify the version number of Gordon (1 skipped)
 ○ Can't find file "/tmp/gordon/config.yaml"
 ✔ File content should match nil
 ✔ ssh-1: Allow only SSH Protocol 2
 ✔ File /bin/sh should be owned by "root"
File /tmp
 ✔ should be directory
Profile: InSpec example inheritance (inheritance)
Version: 1.0.0
Target: local://
Summary: 3 successful, 0 failures, 1 skipped

34
www/tutorial/app/responses/inspec_exec_examples_profile.txt
View file

@ -1,17 +1,17 @@
Profile: InSpec Example Profile (profile)
Version: 1.0.0
Target: local://
 ✔ tmp-1.0: Create /tmp directory
 ✔ File /tmp should be directory
 ○ gordon-1.0: Verify the version number of Gordon (1 skipped)
 ○ Can't find file "/tmp/gordon/config.yaml"
 ✔ File content should match nil
 ✔ ssh-1: Allow only SSH Protocol 2
 ✔ File /bin/sh should be owned by "root"
File /tmp
 ✔ should be directory
Summary: 4 successful, 0 failures, 1 skipped
Profile: InSpec Example Profile (profile)
Version: 1.0.0
Target: local://
 ✔ tmp-1.0: Create /tmp directory
 ✔ File /tmp should be directory
 ○ gordon-1.0: Verify the version number of Gordon (1 skipped)
 ○ Can't find file "/tmp/gordon/config.yaml"
 ✔ File content should match nil
 ✔ ssh-1: Allow only SSH Protocol 2
 ✔ File /bin/sh should be owned by "root"
File /tmp
 ✔ should be directory
Summary: 4 successful, 0 failures, 1 skipped

2
www/tutorial/app/responses/inspec_exec_examples_profile_format_json.txt
View file

File diff suppressed because one or more lines are too long

36
www/tutorial/app/responses/inspec_exec_test_unit_mock_profiles_failures.txt
View file

@ -1,18 +1,18 @@
Profile: InSpec Profile (failures)
Version: 0.1.0
Target: local://
 ✖ tmp-1.0: Create /tmp directory (1 failed)
 ✖ expected `File /tmp.directory?` to return false, got true
 ✔ File /tmp should be directory
File /tmp
 ✔ should be directory
 ✖ undefined method `should_nota' for #<RSpec::ExampleGroups::FileTmp_2:0x007fd2fc4f8e50>
File /tmp
 ✖ should not be directory
expected `File /tmp.directory?` to return false, got true
 ✔ should be directory
Summary: 3 successful, 3 failures, 0 skipped
Profile: InSpec Profile (failures)
Version: 0.1.0
Target: local://
 ✖ tmp-1.0: Create /tmp directory (1 failed)
 ✖ expected `File /tmp.directory?` to return false, got true
 ✔ File /tmp should be directory
File /tmp
 ✔ should be directory
 ✖ undefined method `should_nota' for #<RSpec::ExampleGroups::FileTmp_2:0x007fc456a241b8>
File /tmp
 ✖ should not be directory
expected `File /tmp.directory?` to return false, got true
 ✔ should be directory
Summary: 3 successful, 3 failures, 0 skipped

39
www/tutorial/app/responses/inspec_help.txt
View file

@ -1,19 +1,20 @@
Commands:
inspec archive PATH # archive a profile to tar.gz (default) ...
inspec check PATH # verify all tests at the specified PATH
inspec compliance SUBCOMMAND ... # Chef Compliance commands
inspec detect # detect the target OS
inspec env # Output shell-appropriate completion co...
inspec exec PATHS # run all test files at the specified PATH.
inspec help [COMMAND] # Describe available commands or one spe...
inspec init TEMPLATE ... # Scaffolds a new project
inspec json PATH # read all tests in PATH and generate a ...
inspec shell # open an interactive debugging shell
inspec supermarket SUBCOMMAND ... # Supermarket commands
inspec vendor # Download all dependencies and generate...
inspec version # prints the version of this tool
Options:
l, [--log-level=LOG_LEVEL] # Set the log level: info (default), debug, warn, error
[--log-location=LOG_LOCATION] # Location to send diagnostic log messages to. (default: STDOUT or STDERR)
[--diagnose], [--no-diagnose] # Show diagnostics (versions, configurations)
Commands:
inspec archive PATH # archive a profile to tar.gz (default) ...
inspec check PATH # verify all tests at the specified PATH
inspec compliance SUBCOMMAND ... # Chef Compliance commands
inspec detect # detect the target OS
inspec env # Output shell-appropriate completion co...
inspec exec PATHS # run all test files at the specified PATH.
inspec help [COMMAND] # Describe available commands or one spe...
inspec init TEMPLATE ... # Scaffolds a new project
inspec json PATH # read all tests in PATH and generate a ...
inspec shell # open an interactive debugging shell
inspec supermarket SUBCOMMAND ... # Supermarket commands
inspec vendor # Download all dependencies and generate...
inspec version # prints the version of this tool
Options:
l, [--log-level=LOG_LEVEL] # Set the log level: info (default), debug, warn, error
[--log-location=LOG_LOCATION] # Location to send diagnostic log messages to. (default: STDOUT or STDERR)
[--diagnose], [--no-diagnose] # Show diagnostics (versions, configurations)

52
www/tutorial/app/responses/inspec_help_detect.txt
View file

@ -1,26 +1,26 @@
Usage:
inspec detect
Options:
t, [--target=TARGET] # Simple targeting option using URIs, e.g. ssh://user:pass@host:port
b, [--backend=BACKEND] # Choose a backend: local, ssh, winrm, docker.
[--host=HOST] # Specify a remote host which is tested.
p, [--port=N] # Specify the login port for a remote scan.
[--user=USER] # The login user for a remote scan.
[--password=PASSWORD] # Login password for a remote scan, if required.
i, [--key-files=one two three] # Login key or certificate file for a remote scan.
[--path=PATH] # Login path to use when connecting to the target (WinRM).
[--sudo], [--no-sudo] # Run scans with sudo. Only activates on Unix and non-root user.
[--sudo-password=SUDO_PASSWORD] # Specify a sudo password, if it is required.
[--sudo-options=SUDO_OPTIONS] # Additional sudo options for a remote scan.
[--sudo-command=SUDO_COMMAND] # Alternate command for sudo.
[--ssl], [--no-ssl] # Use SSL for transport layer encryption (WinRM).
[--self-signed], [--no-self-signed] # Allow remote scans with self-signed certificates (WinRM).
[--json-config=JSON_CONFIG] # Read configuration from JSON file (`-` reads from stdin).
l, [--log-level=LOG_LEVEL] # Set the log level: info (default), debug, warn, error
[--format=FORMAT]
l, [--log-level=LOG_LEVEL] # Set the log level: info (default), debug, warn, error
[--log-location=LOG_LOCATION] # Location to send diagnostic log messages to. (default: STDOUT or STDERR)
[--diagnose], [--no-diagnose] # Show diagnostics (versions, configurations)
detect the target OS
Usage:
inspec detect
Options:
t, [--target=TARGET] # Simple targeting option using URIs, e.g. ssh://user:pass@host:port
b, [--backend=BACKEND] # Choose a backend: local, ssh, winrm, docker.
[--host=HOST] # Specify a remote host which is tested.
p, [--port=N] # Specify the login port for a remote scan.
[--user=USER] # The login user for a remote scan.
[--password=PASSWORD] # Login password for a remote scan, if required.
i, [--key-files=one two three] # Login key or certificate file for a remote scan.
[--path=PATH] # Login path to use when connecting to the target (WinRM).
[--sudo], [--no-sudo] # Run scans with sudo. Only activates on Unix and non-root user.
[--sudo-password=SUDO_PASSWORD] # Specify a sudo password, if it is required.
[--sudo-options=SUDO_OPTIONS] # Additional sudo options for a remote scan.
[--sudo-command=SUDO_COMMAND] # Alternate command for sudo.
[--ssl], [--no-ssl] # Use SSL for transport layer encryption (WinRM).
[--self-signed], [--no-self-signed] # Allow remote scans with self-signed certificates (WinRM).
[--json-config=JSON_CONFIG] # Read configuration from JSON file (`-` reads from stdin).
l, [--log-level=LOG_LEVEL] # Set the log level: info (default), debug, warn, error
[--format=FORMAT]
l, [--log-level=LOG_LEVEL] # Set the log level: info (default), debug, warn, error
[--log-location=LOG_LOCATION] # Location to send diagnostic log messages to. (default: STDOUT or STDERR)
[--diagnose], [--no-diagnose] # Show diagnostics (versions, configurations)
detect the target OS

62
www/tutorial/app/responses/inspec_help_exec.txt
View file

@ -1,31 +1,31 @@
Usage:
inspec exec PATHS
Options:
t, [--target=TARGET] # Simple targeting option using URIs, e.g. ssh://user:pass@host:port
b, [--backend=BACKEND] # Choose a backend: local, ssh, winrm, docker.
[--host=HOST] # Specify a remote host which is tested.
p, [--port=N] # Specify the login port for a remote scan.
[--user=USER] # The login user for a remote scan.
[--password=PASSWORD] # Login password for a remote scan, if required.
i, [--key-files=one two three] # Login key or certificate file for a remote scan.
[--path=PATH] # Login path to use when connecting to the target (WinRM).
[--sudo], [--no-sudo] # Run scans with sudo. Only activates on Unix and non-root user.
[--sudo-password=SUDO_PASSWORD] # Specify a sudo password, if it is required.
[--sudo-options=SUDO_OPTIONS] # Additional sudo options for a remote scan.
[--sudo-command=SUDO_COMMAND] # Alternate command for sudo.
[--ssl], [--no-ssl] # Use SSL for transport layer encryption (WinRM).
[--self-signed], [--no-self-signed] # Allow remote scans with self-signed certificates (WinRM).
[--json-config=JSON_CONFIG] # Read configuration from JSON file (`-` reads from stdin).
l, [--log-level=LOG_LEVEL] # Set the log level: info (default), debug, warn, error
[--profiles-path=PROFILES_PATH] # Folder which contains referenced profiles.
[--controls=one two three] # A list of controls to run. Ignore all other tests.
[--format=FORMAT] # Which formatter to use: cli, progress, documentation, json, json-min
[--color], [--no-color] # Use colors in output.
# Default: true
[--attrs=one two three] # Load attributes file (experimental)
l, [--log-level=LOG_LEVEL] # Set the log level: info (default), debug, warn, error
[--log-location=LOG_LOCATION] # Location to send diagnostic log messages to. (default: STDOUT or STDERR)
[--diagnose], [--no-diagnose] # Show diagnostics (versions, configurations)
run all test files at the specified PATH.
Usage:
inspec exec PATHS
Options:
t, [--target=TARGET] # Simple targeting option using URIs, e.g. ssh://user:pass@host:port
b, [--backend=BACKEND] # Choose a backend: local, ssh, winrm, docker.
[--host=HOST] # Specify a remote host which is tested.
p, [--port=N] # Specify the login port for a remote scan.
[--user=USER] # The login user for a remote scan.
[--password=PASSWORD] # Login password for a remote scan, if required.
i, [--key-files=one two three] # Login key or certificate file for a remote scan.
[--path=PATH] # Login path to use when connecting to the target (WinRM).
[--sudo], [--no-sudo] # Run scans with sudo. Only activates on Unix and non-root user.
[--sudo-password=SUDO_PASSWORD] # Specify a sudo password, if it is required.
[--sudo-options=SUDO_OPTIONS] # Additional sudo options for a remote scan.
[--sudo-command=SUDO_COMMAND] # Alternate command for sudo.
[--ssl], [--no-ssl] # Use SSL for transport layer encryption (WinRM).
[--self-signed], [--no-self-signed] # Allow remote scans with self-signed certificates (WinRM).
[--json-config=JSON_CONFIG] # Read configuration from JSON file (`-` reads from stdin).
l, [--log-level=LOG_LEVEL] # Set the log level: info (default), debug, warn, error
[--profiles-path=PROFILES_PATH] # Folder which contains referenced profiles.
[--controls=one two three] # A list of controls to run. Ignore all other tests.
[--format=FORMAT] # Which formatter to use: cli, progress, documentation, json, json-min
[--color], [--no-color] # Use colors in output.
# Default: true
[--attrs=one two three] # Load attributes file (experimental)
l, [--log-level=LOG_LEVEL] # Set the log level: info (default), debug, warn, error
[--log-location=LOG_LOCATION] # Location to send diagnostic log messages to. (default: STDOUT or STDERR)
[--diagnose], [--no-diagnose] # Show diagnostics (versions, configurations)
run all test files at the specified PATH.

18
www/tutorial/app/responses/inspec_help_version.txt
View file

@ -1,9 +1,9 @@
Usage:
inspec version
Options:
l, [--log-level=LOG_LEVEL] # Set the log level: info (default), debug, warn, error
[--log-location=LOG_LOCATION] # Location to send diagnostic log messages to. (default: STDOUT or STDERR)
[--diagnose], [--no-diagnose] # Show diagnostics (versions, configurations)
prints the version of this tool
Usage:
inspec version
Options:
l, [--log-level=LOG_LEVEL] # Set the log level: info (default), debug, warn, error
[--log-location=LOG_LOCATION] # Location to send diagnostic log messages to. (default: STDOUT or STDERR)
[--diagnose], [--no-diagnose] # Show diagnostics (versions, configurations)
prints the version of this tool

2
www/tutorial/app/responses/inspec_json_examples_profile.txt
View file

@ -1 +1 @@
{"name":"profile","title":"InSpec Example Profile","maintainer":"Chef Software, Inc.","copyright":"Chef Software, Inc.","copyright_email":"support@chef.io","license":"Apache 2 license","summary":"Demonstrates the use of InSpec Compliance Profile","version":"1.0.0","supports":[{"os-family":"unix"}],"controls":{"tmp-1.0":{"title":"Create /tmp directory","desc":"An optional description...","impact":0.7,"refs":[{"url":"http://...","ref":"Document A-12"}],"tags":{"data":"temp data","security":null},"code":"control \"tmp-1.0\" do # A unique ID for this control\n impact 0.7 # The criticality, if this control fails.\n title \"Create /tmp directory\" # A human-readable title\n desc \"An optional description...\" # Describe why this is needed\n tag data: \"temp data\" # A tag allows you to associate key information\n tag \"security\" # to the test\n ref \"Document A-12\", url: 'http://...' # Additional references\n\n describe file('/tmp') do # The actual test\n it { should be_directory }\n end\nend\n","source_location":{"ref":"examples/profile/controls/example.rb","line":8}},"(generated from example.rb:22 3dea2a8293410b58623a60f2e924ba9a)":{"title":null,"desc":null,"impact":0.5,"refs":[],"tags":{},"code":" rule = rule_class.new(id, profile_id, {}) do\n res = describe(*args, &block)\n end\n","source_location":{"ref":"/Users/vjeffrey/code/compliance/inspec/lib/inspec/control_eval_context.rb","line":87}},"gordon-1.0":{"title":"Verify the version number of Gordon","desc":"An optional description...","impact":0.7,"refs":[{"uri":"http://...","ref":"Gordon Requirements 1.0"}],"tags":{"gordon":null},"code":"control 'gordon-1.0' do\n impact 0.7\n title 'Verify the version number of Gordon'\n desc 'An optional description...'\n tag 'gordon'\n ref 'Gordon Requirements 1.0', uri: 'http://...'\n\n # Test using the custom gordon_config Inspec resource\n # Find the resource content here: ../libraries/\n describe gordon_config do\n it { should exist }\n its('version') { should eq('1.0') }\n its('file_size') { should <= 20 }\n its('comma_count') { should eq 0 }\n end\n\n # Test the version again to showcase variables\n g = gordon_config\n g_path = g.file_path\n g_version = g.version\n describe file(g_path) do\n its('content') { should match g_version }\n end\nend\n","source_location":{"ref":"examples/profile/controls/gordon.rb","line":14}},"ssh-1":{"title":"Allow only SSH Protocol 2","desc":"Only SSH protocol version 2 connections should be permitted. The default setting in /etc/ssh/sshd_config is correct, and can be verified by ensuring that the following line appears: Protocol 2","impact":1.0,"refs":[{"url":"https://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf","ref":"NSA-RH6-STIG - Section 3.5.2.1"},{"url":"http://iasecontent.disa.mil/stigs/zip/Jan2016/U_RedHat_6_V1R10_STIG.zip","ref":"DISA-RHEL6-SG - Section 9.2.1"},{"ref":"http://people.redhat.com/swells/scap-security-guide/RHEL/6/output/ssg-centos6-guide-C2S.html"}],"tags":{"production":null,"development":null,"ssh":null,"sshd":null,"openssh-server":null,"cce":"CCE-27072-8","disa":"RHEL-06-000227","nist":"IA-5(1)","cci":"CCI-001436","remediation":"https://supermarket.chef.io/cookbooks/ssh-hardening"},"code":"control 'ssh-1' do\n impact 1.0\n\n title 'Allow only SSH Protocol 2'\n desc 'Only SSH protocol version 2 connections should be permitted.\n The default setting in /etc/ssh/sshd_config is correct, and can be\n verified by ensuring that the following line appears: Protocol 2'\n\n tag 'production','development'\n tag 'ssh','sshd','openssh-server'\n\n tag cce: 'CCE-27072-8'\n tag disa: 'RHEL-06-000227'\n\n tag nist: 'AC-3(10).i'\n tag nist: 'IA-5(1)'\n\n tag cci: 'CCI-000776'\n tag cci: 'CCI-000774'\n tag cci: 'CCI-001436'\n\n tag remediation: 'stig_rhel6/recipes/sshd-config.rb'\n tag remediation: 'https://supermarket.chef.io/cookbooks/ssh-hardening'\n\n ref 'NSA-RH6-STIG - Section 3.5.2.1', url: 'https://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf'\n ref 'DISA-RHEL6-SG - Section 9.2.1', url: 'http://iasecontent.disa.mil/stigs/zip/Jan2016/U_RedHat_6_V1R10_STIG.zip'\n ref 'http://people.redhat.com/swells/scap-security-guide/RHEL/6/output/ssg-centos6-guide-C2S.html'\n\n describe file('/bin/sh') do\n it { should be_owned_by 'root' }\n end\nend\n","source_location":{"ref":"examples/profile/controls/meta.rb","line":3}}},"groups":{"controls/example.rb":{"title":"/tmp profile","controls":["tmp-1.0","(generated from example.rb:22 3dea2a8293410b58623a60f2e924ba9a)"]},"controls/gordon.rb":{"title":"Gordon Config Checks","controls":["gordon-1.0"]},"controls/meta.rb":{"title":"SSH Server Configuration","controls":["ssh-1"]}},"attributes":[]}
{"name":"profile","title":"InSpec Example Profile","maintainer":"Chef Software, Inc.","copyright":"Chef Software, Inc.","copyright_email":"support@chef.io","license":"Apache 2 license","summary":"Demonstrates the use of InSpec Compliance Profile","version":"1.0.0","supports":[{"os-family":"unix"}],"controls":{"tmp-1.0":{"title":"Create /tmp directory","desc":"An optional description...","impact":0.7,"refs":[{"url":"http://...","ref":"Document A-12"}],"tags":{"data":"temp data","security":null},"code":"control \"tmp-1.0\" do # A unique ID for this control\n impact 0.7 # The criticality, if this control fails.\n title \"Create /tmp directory\" # A human-readable title\n desc \"An optional description...\" # Describe why this is needed\n tag data: \"temp data\" # A tag allows you to associate key information\n tag \"security\" # to the test\n ref \"Document A-12\", url: 'http://...' # Additional references\n\n describe file('/tmp') do # The actual test\n it { should be_directory }\n end\nend\n","source_location":{"ref":"examples/profile/controls/example.rb","line":8}},"(generated from example.rb:22 98ad099b09a0c8bc6ee85f29494bdbff)":{"title":null,"desc":null,"impact":0.5,"refs":[],"tags":{},"code":" rule = rule_class.new(id, profile_id, {}) do\n res = describe(*args, &block)\n end\n","source_location":{"ref":"/Users/vjeffrey/code/compliance/inspec/lib/inspec/control_eval_context.rb","line":87}},"gordon-1.0":{"title":"Verify the version number of Gordon","desc":"An optional description...","impact":0.7,"refs":[{"uri":"http://...","ref":"Gordon Requirements 1.0"}],"tags":{"gordon":null},"code":"control 'gordon-1.0' do\n impact 0.7\n title 'Verify the version number of Gordon'\n desc 'An optional description...'\n tag 'gordon'\n ref 'Gordon Requirements 1.0', uri: 'http://...'\n\n # Test using the custom gordon_config Inspec resource\n # Find the resource content here: ../libraries/\n describe gordon_config do\n it { should exist }\n its('version') { should eq('1.0') }\n its('file_size') { should <= 20 }\n its('comma_count') { should eq 0 }\n end\n\n # Test the version again to showcase variables\n g = gordon_config\n g_path = g.file_path\n g_version = g.version\n describe file(g_path) do\n its('content') { should match g_version }\n end\nend\n","source_location":{"ref":"examples/profile/controls/gordon.rb","line":14}},"ssh-1":{"title":"Allow only SSH Protocol 2","desc":"Only SSH protocol version 2 connections should be permitted. The default setting in /etc/ssh/sshd_config is correct, and can be verified by ensuring that the following line appears: Protocol 2","impact":1.0,"refs":[{"url":"https://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf","ref":"NSA-RH6-STIG - Section 3.5.2.1"},{"url":"http://iasecontent.disa.mil/stigs/zip/Jan2016/U_RedHat_6_V1R10_STIG.zip","ref":"DISA-RHEL6-SG - Section 9.2.1"},{"ref":"http://people.redhat.com/swells/scap-security-guide/RHEL/6/output/ssg-centos6-guide-C2S.html"}],"tags":{"production":null,"development":null,"ssh":null,"sshd":null,"openssh-server":null,"cce":"CCE-27072-8","disa":"RHEL-06-000227","nist":"IA-5(1)","cci":"CCI-001436","remediation":"https://supermarket.chef.io/cookbooks/ssh-hardening"},"code":"control 'ssh-1' do\n impact 1.0\n\n title 'Allow only SSH Protocol 2'\n desc 'Only SSH protocol version 2 connections should be permitted.\n The default setting in /etc/ssh/sshd_config is correct, and can be\n verified by ensuring that the following line appears: Protocol 2'\n\n tag 'production','development'\n tag 'ssh','sshd','openssh-server'\n\n tag cce: 'CCE-27072-8'\n tag disa: 'RHEL-06-000227'\n\n tag nist: 'AC-3(10).i'\n tag nist: 'IA-5(1)'\n\n tag cci: 'CCI-000776'\n tag cci: 'CCI-000774'\n tag cci: 'CCI-001436'\n\n tag remediation: 'stig_rhel6/recipes/sshd-config.rb'\n tag remediation: 'https://supermarket.chef.io/cookbooks/ssh-hardening'\n\n ref 'NSA-RH6-STIG - Section 3.5.2.1', url: 'https://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf'\n ref 'DISA-RHEL6-SG - Section 9.2.1', url: 'http://iasecontent.disa.mil/stigs/zip/Jan2016/U_RedHat_6_V1R10_STIG.zip'\n ref 'http://people.redhat.com/swells/scap-security-guide/RHEL/6/output/ssg-centos6-guide-C2S.html'\n\n describe file('/bin/sh') do\n it { should be_owned_by 'root' }\n end\nend\n","source_location":{"ref":"examples/profile/controls/meta.rb","line":3}}},"groups":{"controls/example.rb":{"title":"/tmp profile","controls":["tmp-1.0","(generated from example.rb:22 98ad099b09a0c8bc6ee85f29494bdbff)"]},"controls/gordon.rb":{"title":"Gordon Config Checks","controls":["gordon-1.0"]},"controls/meta.rb":{"title":"SSH Server Configuration","controls":["ssh-1"]}},"attributes":[]}

8
www/tutorial/app/responses/inspec_shell.txt
View file

@ -1,4 +1,4 @@
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
[?1034hinspec> 
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
[?1034hinspec> 

2
www/tutorial/app/responses/inspec_shell_c_os_params_.txt
View file

@ -1 +1 @@
{:name=>"mac_os_x", :family=>"darwin", :release=>"10.11.6", :arch=>"x86_64"}
{:name=>"mac_os_x", :family=>"darwin", :release=>"10.11.6", :arch=>"x86_64"}

2
www/tutorial/app/responses/inspec_shell_c_sshd_config_Protocol_.txt
View file

@ -1 +1 @@
2
2

2
www/tutorial/app/responses/inspec_version.txt
View file

@ -1 +1 @@
0.33.2
0.33.2

5
www/tutorial/app/xterm-terminal/xterm-terminal.component.css
View file

@ -1,10 +1,9 @@
#terminal-container {
width: 1200px;
height: 400px;
max-width: 1200px;
height: 350px;
margin: 0 auto;
padding: 2px;
font-size: 16px;
margin-left: 70px;
}
#terminal-container .terminal {

20
www/tutorial/app/xterm-terminal/xterm-terminal.component.ts
View file

@ -79,12 +79,8 @@ export class XtermTerminalComponent implements OnInit {
// print response and set prompt
printResponse(response) {
if (response.match(/.30mnext|.30mprev/)) {
this.deleteCharacters();
if (this.term.x < 3) {
// this check prevents us from printing a second prompt on the line
// when the arrow in the nav is used to move forward
this.setPrompt();
}
// call createTerminal to clear terminal screen on next and prev
this.createTerminal();
} else {
this.term.writeln(response);
this.setPrompt();
@ -102,14 +98,14 @@ export class XtermTerminalComponent implements OnInit {
this.term.write(' inspec> '); // green inspec shell prompt
}
} else {
this.term.write(' $ '); // blue regular shell prompt
this.term.write('$ '); // blue regular shell prompt
}
}
// delete everything on the line
deleteCharacters() {
// don't delete the prompt
let letters = this.term.x - 3;
let letters = this.term.x - 2;
for (var i = 0; i < letters; i++) {
this.term.write('\b \b');
}
@ -157,7 +153,7 @@ export class XtermTerminalComponent implements OnInit {
// on enter, save command to array and send current value of buffer
// to parent component (app)
if (ev.keyCode == 13) {
if ((this.buffer === 'clear') || (this.buffer === 'clr')) {
if ((this.buffer === 'clear') || (this.buffer === 'cls')) {
this.createTerminal();
} else {
this.previousCommands.push(this.buffer);
@ -168,7 +164,7 @@ export class XtermTerminalComponent implements OnInit {
// value until we have the whole multi-line command
if (this.buffer.match(/^describe.*|^it.*|^end$|^impact.*|^title.*|^control.*/)) {
this.handleBlockCommand(this.buffer);
}
} else {this.command.emit(this.buffer);}
} else {
this.command.emit(this.buffer);
}
@ -178,13 +174,13 @@ export class XtermTerminalComponent implements OnInit {
else if (ev.keyCode == 8) {
// if inspec shell is being used, this needs to be set to 9 to account for the extra letters
if (this.shell === 'inspec-shell') {
if (this.term.x > 9) {
if (this.term.x > 8) {
this.buffer = this.buffer.substr(0, this.buffer.length-1);
this.term.write('\b \b');
}
} else {
// setting the value here to 3 ensures that we don't delete the promp '$' or the space after it
if (this.term.x > 3) {
if (this.term.x > 2) {
this.buffer = this.buffer.substr(0, this.buffer.length-1);
this.term.write('\b \b');
}

2
www/tutorial/instructions.json
View file

File diff suppressed because one or more lines are too long

2
www/tutorial/tsconfig.json
View file

@ -1,6 +1,6 @@
{
"compilerOptions": {
"target": "es5",
"target": "es6",
"module": "commonjs",
"moduleResolution": "node",
"sourceMap": true,

1
www/tutorial/tutorial_files/commands.json Normal file
View file

@ -0,0 +1 @@
[[{"inspec":"inspec.txt"}],[{"inspec help":"inspec_help.txt"}],[{"inspec help version":"inspec_help_version.txt"}],[{"inspec help detect":"inspec_help_detect.txt"}],[{"inspec help exec":"inspec_help_exec.txt"}],[{"inspec check examples/profile":"inspec_check_examples_profile.txt"}],[{"inspec exec examples/profile":"inspec_exec_examples_profile.txt"}],[{"inspec help exec":"inspec_help_exec.txt"}],[{"inspec detect":"inspec_detect.txt"}],[{"inspec shell -c 'os.params'":"inspec_shell_c_os_params_.txt"}],[{"inspec shell -c 'sshd_config.Protocol'":"inspec_shell_c_sshd_config_Protocol_.txt"}],[{"inspec shell":"inspec_shell.txt"}],[{"inspec version":"inspec_version.txt"}],[{"inspec detect --format json":"inspec_detect_format_json.txt"}],[{"inspec exec examples/profile --format json":"inspec_exec_examples_profile_format_json.txt"}],[{"inspec exec examples/profile --format json | jq":"inspec_exec_examples_profile_format_json_jq.txt"}],[{"inspec json examples/profile":"inspec_json_examples_profile.txt"}],[{"inspec archive examples/profile":"inspec_archive_examples_profile.txt"}],[{"inspec env":"inspec_env.txt"}],[{"inspec exec examples/inheritance":"inspec_exec_examples_inheritance.txt"}],[{"inspec exec test/unit/mock/profiles/failures":"inspec_exec_test_unit_mock_profiles_failures.txt"}],[{"echo help | inspec shell":"echo_help_inspec_shell.txt"}],[{"echo help\\ resources | inspec shell":"echo_help_resources_inspec_shell.txt"}],[{"echo help\\ file | inspec shell":"echo_help_file_inspec_shell.txt"}],[{"echo help\\ command | inspec shell":"echo_help_command_inspec_shell.txt"}],[{"echo help\\ os | inspec shell":"echo_help_os_inspec_shell.txt"}],[{"echo command\\(\\'uname\\ -a\\'\\).stdout | inspec shell":"echo_command_uname_a_stdout_inspec_shell.txt"}],[{"echo file\\(\\'/proc/cpuinfo\\'\\).owner | inspec shell":"echo_file_proc_cpuinfo_owner_inspec_shell.txt"}],[{"echo sshd_config.params | inspec shell":"echo_sshd_config_params_inspec_shell.txt"}],[{"echo describe\\ file\\(\\'/root\\'\\)\\ do'\n'\\ \\ it\\ \\{\\ should\\ exist\\ \\}'\n'\\ \\ its\\(\\'mode\\'\\)\\ \\{\\ should\\ cmp\\ \\'0750\\'\\}'\n'end | inspec shell":"echo_describe_file_root_do_it_should_exist_its_mode_should_cmp_0750_end_inspec_shell.txt"}],[{"echo control\\ \\\"id\\\"\\ do'\n'\\ \\ title\\ \\\"Check\\ permissions\\ on\\ /root\\!\\\"'\n'\\ \\ impact\\ 0.5'\n'\\ \\ describe\\ file\\(\\'/root\\'\\)\\ do'\n'\\ \\ \\ \\ its\\(\\'mode\\'\\)\\ \\{\\ should\\ cmp\\ \\'0750\\'\\}'\n'\\ \\ end'\n'end | inspec shell":"echo_control_id_do_title_Check_permissions_on_root_impact_0_5_describe_file_root_do_its_mode_should_cmp_0750_end_end_inspec_shell.txt"}]]

0
www/tutorial/commands.yml → www/tutorial/tutorial_files/commands.yml
View file

1
www/tutorial/tutorial_files/extra_commands.json Normal file
View file

@ -0,0 +1 @@
["inspec version","inspec detect --format json","inspec exec examples/profile --format json","inspec exec examples/profile --format json | jq","inspec json examples/profile","inspec archive examples/profile","inspec env","inspec exec examples/inheritance","inspec exec test/unit/mock/profiles/failures"]

1
www/tutorial/tutorial_files/instructions.json Normal file
View file

File diff suppressed because one or more lines are too long

110
www/tutorial/tutorial.yml → www/tutorial/tutorial_files/tutorial.yml
View file

@ -1,149 +1,256 @@
# Demos
demos:
- demo: 0:intro
title: InSpec Introduction
desc: |
Welcome to the interactive InSpec demo. You will learn how to use the command line and shell and get an introduction to all aspects of the language.
To navigate this demo, type `next` to move forward and `prev` to move back.
Use `clear` to clear the terminal screen.
- demo: 1:inspec-help
title: InSpec Help
desc: |
InSpec is called via
```
inspec
```
Try it out! You will see the help menu. You can also view it with:
```
inspec help
```
- demo: 1:inspec-help-cmd
title: InSpec Help Subcommands
desc: |
This list of subcommands may be intimidating at first. It is easy to get help on any of these commands via `inspec help <COMMAND>`. Let's try it out for a few:
```
inspec help version
```
```
inspec help detect
```
```
inspec help exec
```
- demo: 1:inspec-version
title: InSpec Version
desc: |
The easiest subcommand is `inspec version`. It tells you which version of InSpec is running.
- demo: 1:inspec-check
title: InSpec Check
desc: |
The most frequent use of InSpec is to execute profiles. You can find the `examples/profile` in the InSpec repository. Before executing it for the first time, let's verify if it is valid profile
```
inspec check examples/profile
```
This command is not only used for syntax testing and linting, but can also provide information on valid profiles including its version and control overview.
- demo: 1:inspec-exec
title: InSpec Exec
desc: |
Let's try testing some profiles! To run the profile and test the local machine, type:
```
inspec exec examples/profile
```
The result is shown in the report.
- demo: 1:inspec-exec-ssh
title: InSpec Exec SSH
desc: |
InSpec can also test your remote machines! Let's assume there is node `host.node` registered with SSH configured for user `bob` with a keyfile in the current directory (`bob.rsa`). You can run the same profile against this node via:
```
inspec exec examples/profile -t ssh://bob@host.node -i bob.rsa
```
- demo: 1:inspec-exec-ssh-long
title: InSpec Exec SSH (More Options)
desc: |
The wonderful `-t` option (or `--target`) is a shorthand for specifying all fields separately:
```
inspec exec examples/profile -b ssh --host host.node --user bob -i bob.rsa
```
For more options try:
```
inspec help exec
```
- demo: 1:inspec-exec-winrm
title: InSpec Exec WinRm
desc: |
We can also scan Windows machines. Let's assume `windows.node` is configured with WinRM access for user `alice` with a password `pass`. The command will now read:
```
inspec exec examples/profile -t winrm://alice:pass@windows.node
```
- demo: 1:inspec-exec-winrm-ssl
title: InSpec Exec WinRm SSL
desc: |
The previous example is not quite realistic. Most Windows nodes with WinRM are configured to use SSL. Let's assume the user also has a self-signed certificate. It would now read
```
inspec exec examples/profile -t winrm://alice:pass@windows.node --ssl --self-signed
```
- demo: 1:inspec-exec-docker
title: InSpec Exec Docker
desc: |
InSpec also supports scanning containers. Let's try it with Docker and pick a container
```
inspec exec examples/profile -t docker://abcdef123
```
- demo: 1:inspec-detect
title: InSpec Detect
desc: |
InSpec is able to verify local and remote nodes before running tests. This is a utility command to check connections and get information on the target
```
inspec detect
```
```
inspec detect -t ssh://bob@host.node -i bob.rsa
```
- demo: 2:inspec-shell-c
title: InSpec Shell Introduction
desc: |
Let's explore the InSpec shell. It's an integrated utility to test and debug the InSpec language. Before we start it interactively, let's try the command execution mode. It runs code and resources and prints the result.
First, we start with the OS detection:
```
inspec shell -c 'os.params'
```
Another example is to test an existing resource:
```
inspec shell -c 'sshd_config.Protocol'
```
- demo: 2:inspec-shell-c-t
title: InSpec Shell with Remotes
desc: |
These commands also work with remote targets
```
inspec shell -c 'sshd_config.Protocol' -t ssh://bob@host.node -i bob.rsa
```
```
inspec shell -c 'os.params' -t docker://abcdef123
```
- demo: 2:inspec-shell
title: Interactive InSpec Shell
desc: |
It's time to see the interactive shell! Type
```
inspec shell
```
You can still use `next` and `prev` to move between demos. Look at how the shell prompt looks different between the system shell and the inspec shell.
- demo: 2:inspec-shell-help
title: InSpec Shell Help
desc: |
The greeting of the InSpec shell suggests to run the help command:
```
help
```
You will not only see the help menu, but also a quick summary of the machine where this is running.
- demo: 2:inspec-shell-help-resources
title: InSpec Shell Help Resources
desc: |
To get a list of all available resources, you can type:
```
help resources
```
- demo: 2:inspec-shell-help-resource
title: InSpec Shell Help Subcommands
desc: |
To explore any of these resources, you can try:
```
help file
```
```
help command
```
```
help os
```
These 3 resources are the core trinity of all executions. All other resources reference them in some way. They lead of system interactions.
- demo: 2:inspec-shell-command
title: InSpec Shell Commands
desc: |
To use any of these resources, you can call it and its arguments. Try these examples:
```
command('uname -a').stdout
```
```
file('/proc/cpuinfo').owner
```
```
sshd_config.params
```
- demo: 2:inspec-shell-describe
title: InSpec Shell - Describe Block
desc: |
`describe` blocks are used to create simple checks. We will create a test that verifies a file's access permissions.
```
describe file('/root') do
it { should exist }
@ -151,8 +258,11 @@ demos:
end
```
- demo: 2:inspec-shell-control
title: Inspec Shell - Full Control
desc: |
Tests can be combined in controls, which offer more context. They are mainly used for policy/compliance testing:
```
control "id" do
title "Check permissions on /root!"