From cee48e878359ff74ea66e8cea354f885e42969f1 Mon Sep 17 00:00:00 2001 From: Christoph Hartmann Date: Wed, 7 Oct 2015 13:38:18 +0200 Subject: [PATCH] update docs --- docs/css/extra.css | 105 --------------------------------------------- docs/index.md | 80 +++------------------------------- docs/resources.md | 2 - 3 files changed, 6 insertions(+), 181 deletions(-) delete mode 100644 docs/css/extra.css diff --git a/docs/css/extra.css b/docs/css/extra.css deleted file mode 100644 index 148c900e1..000000000 --- a/docs/css/extra.css +++ /dev/null @@ -1,105 +0,0 @@ -a { - color: #626F80; -} - -.active a { - color: #70c2e8; -} - -a:hover { - color: #70c2e8; -} - -a:focus { - color: #70c2e8; -} - -a:active { - color: #70c2e8; -} - -h2 { - margin-top: 6rem; -} - -.bs-sidebar.affix { - position: absolute; - top: 2.3rem; -} - -.bs-sidenav .main { - display: none; -} - -.navbar-default .navbar-nav>li>a:hover, -.navbar-default .navbar-nav>li>a:focus, -.navbar-default .navbar-brand:hover, -.navbar-default .navbar-brand:focus { - color: #70c2e8; -} - -/* -Original file can be found here: -https://raw.githubusercontent.com/wolfcms/docs.wolfcms.org/master/docs/themes/wolfcms/extra-css.css -*/ - -.note, .attention, .caution, .danger, .error, .hint, .important, .tip, .warning, .seealso, .admonition-todo { - padding: 12px; - line-height: 24px; - margin-bottom: 24px; - background-color: #e7f2fa; -} - -.note, .seealso { - background-color: #e7f2fa; -} - -.admonition-title { - display: inline-block; - font-family: FontAwesome; - font-style: normal; - font-weight: normal; - line-height: 1; -} - -.admonition-title { - font-family: inherit; -} - -.admonition-title { - font-weight: bold; - display: block; - color: #ffffff; - background-color: #6ab0de; - margin: -12px -12px 12px -12px; - padding: 6px 12px 6px 12px; -} - -.note .admonition-title -{ - background-color: #6ab0de; -} - -.tip .admonition-title { - background-color: #1ABC9C; -} - -.tip { - background-color: #DBFAF4; -} - -.warning .admonition-title { - background-color: #F0B37E; -} - -.warning { - background-color: #FFEDCC; -} - -.danger .admonition-title { - background-color: #b04040; -} - -.danger { - background-color: #ffe9e9; -} \ No newline at end of file diff --git a/docs/index.md b/docs/index.md index 91555a806..e35efa04f 100644 --- a/docs/index.md +++ b/docs/index.md @@ -4,32 +4,10 @@ VulcanoSec specs is a collection of resources and matchers to test the complianc ### Introduction -All compliance profiles a grouped by `owner/profile`. Let's create an example file profile called `vulcanosec/example`. +At first, we add our tests to the `test` folder. Each test file must end with `_spec.rb`: - mkdir vulcanosec-example - cd vulcanosec-example - touch vmetadata.rb - -Information on this profile is stored in `vmetadata.rb`. In our example, it contains: - -```ruby -# encoding: utf-8 - -name "vulcanosec/example" -version "1.0.0" -title "Example Spec profile" -maintainer "Example User" -copyright "Example User" -copyright_email "hello@example.com" -license "Proprietary, All rights reserved" -summary "Verify a small example profile" -description "Full description..." -``` - -Finally we add our tests to the `spec` folder. Each test file must end with `_spec.rb`: - - mkdir spec - touch spec/example_spec.rb + mkdir test + touch test/example_spec.rb We add a rule to this file, to check the `/tmp` path in our system: @@ -46,24 +24,9 @@ rule "cis-fs-2.1" do # A unique ID for this rule end ``` -This is just a small test to get started, so let's register this profile with the server. We will use API calls to do so: - - server="http://myserver:2134/api" - token=$(http post $server/oauth/token -a username:password | jq '.access_token' | tr -d '"') - - # run this command from the folder, where vmetadata.rb is located - tar -cz . | http -a $token: $server/owners/vulcanosec/compliance/example/tar - -You will see a confirming: - - HTTP/1.1 200 OK - ... - -You can take a look at the profile in the web UI. - Let's add another spec for checking the SSH server configuration: - touch spec/sshd_spec.rb + touch test/sshd_spec.rb It will contain: @@ -75,9 +38,6 @@ only_if do command('sshd').exists? end -# load the configuration file -sshd_conf = SshConf.new('/etc/ssh/sshd_config') - rule "sshd-11" do impact 1.0 title "Server: Set protocol version to SSHv2" @@ -85,7 +45,7 @@ rule "sshd-11" do Set the SSH protocol version to 2. Don't use legacy insecure SSHv1 connections anymore. " - describe sshd_conf do + describe sshd_config do its('Protocol') { should eq('2') } end end @@ -98,36 +58,8 @@ rule "sshd-7" do of a system in the course of an attack (by either misconfiguration or vulnerabilities), do not allow login as root with password " - describe sshd_conf do + describe sshd_config do its('PermitRootLogin') { should match(/no|without-password/) } end end ``` - -We can upload this file again: - - tar -cz . | http -a $token: post $server/owners/vulcanosec/compliance/example/tar - - -### Upload a profile - -Change into the profile's directory: - - cd my_profile - -It should contain the `vmetadata.rb` and all tests in the `spec` folder. - -Add this profile to the server. In our example, we add the profile `vulcanosec/example`. - - tar -cz . | http -a $token: post $server/owners/vulcanosec/compliance/example/tar - -### Download a profile - -To download a profile, follow this simple call to retrieve all data in a `tar.gz` file. To get the `vulcanosec/example` profile, call: - - http -a $token: get $server/owners/vulcanosec/compliance/example/tar > example.tar.gz - -Or to directly extract it: - - http -a $token: get $server/owners/vulcanosec/compliance/example/tar | tar xzf - - cd vulcanosec/example \ No newline at end of file diff --git a/docs/resources.md b/docs/resources.md index 8c9143b76..362ba9148 100644 --- a/docs/resources.md +++ b/docs/resources.md @@ -1,7 +1,5 @@ # Resources -All basic resources known from serverspec are included. Please see its [documentation here](http://serverspec.org/resource_types.html). - ## audit_policy Check Microsoft Windows Audit Policies: