Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-23 13:13:22 +00:00
Code Issues Projects Releases Packages Wiki Activity

update docs

Browse source
This commit is contained in:
Christoph Hartmann 2015-10-07 13:38:18 +02:00
parent 3ba8db9bb0
commit cee48e8783
3 changed files with 6 additions and 181 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

105
docs/css/extra.css
View file

@ -1,105 +0,0 @@
a {
color: #626F80;
}
.active a {
color: #70c2e8;
}
a:hover {
color: #70c2e8;
}
a:focus {
color: #70c2e8;
}
a:active {
color: #70c2e8;
}
h2 {
margin-top: 6rem;
}
.bs-sidebar.affix {
position: absolute;
top: 2.3rem;
}
.bs-sidenav .main {
display: none;
}
.navbar-default .navbar-nav>li>a:hover,
.navbar-default .navbar-nav>li>a:focus,
.navbar-default .navbar-brand:hover,
.navbar-default .navbar-brand:focus {
color: #70c2e8;
}
/*
Original file can be found here:
https://raw.githubusercontent.com/wolfcms/docs.wolfcms.org/master/docs/themes/wolfcms/extra-css.css
*/
.note, .attention, .caution, .danger, .error, .hint, .important, .tip, .warning, .seealso, .admonition-todo {
padding: 12px;
line-height: 24px;
margin-bottom: 24px;
background-color: #e7f2fa;
}
.note, .seealso {
background-color: #e7f2fa;
}
.admonition-title {
display: inline-block;
font-family: FontAwesome;
font-style: normal;
font-weight: normal;
line-height: 1;
}
.admonition-title {
font-family: inherit;
}
.admonition-title {
font-weight: bold;
display: block;
color: #ffffff;
background-color: #6ab0de;
margin: -12px -12px 12px -12px;
padding: 6px 12px 6px 12px;
}
.note .admonition-title
{
background-color: #6ab0de;
}
.tip .admonition-title {
background-color: #1ABC9C;
}
.tip {
background-color: #DBFAF4;
}
.warning .admonition-title {
background-color: #F0B37E;
}
.warning {
background-color: #FFEDCC;
}
.danger .admonition-title {
background-color: #b04040;
}
.danger {
background-color: #ffe9e9;
}

80
docs/index.md
View file

@ -4,32 +4,10 @@ VulcanoSec specs is a collection of resources and matchers to test the complianc
### Introduction
All compliance profiles a grouped by `owner/profile`. Let's create an example file profile called `vulcanosec/example`.
At first, we add our tests to the `test` folder. Each test file must end with `_spec.rb`:
mkdir vulcanosec-example
cd vulcanosec-example
touch vmetadata.rb
Information on this profile is stored in `vmetadata.rb`. In our example, it contains:
```ruby
# encoding: utf-8
name "vulcanosec/example"
version "1.0.0"
title "Example Spec profile"
maintainer "Example User"
copyright "Example User"
copyright_email "hello@example.com"
license "Proprietary, All rights reserved"
summary "Verify a small example profile"
description "Full description..."
```
Finally we add our tests to the `spec` folder. Each test file must end with `_spec.rb`:
mkdir spec
touch spec/example_spec.rb
mkdir test
touch test/example_spec.rb
We add a rule to this file, to check the `/tmp` path in our system:
@ -46,24 +24,9 @@ rule "cis-fs-2.1" do # A unique ID for this rule
end
```
This is just a small test to get started, so let's register this profile with the server. We will use API calls to do so:
server="http://myserver:2134/api"
token=$(http post $server/oauth/token -a username:password | jq '.access_token' | tr -d '"')
# run this command from the folder, where vmetadata.rb is located
tar -cz . | http -a $token: $server/owners/vulcanosec/compliance/example/tar
You will see a confirming:
HTTP/1.1 200 OK
...
You can take a look at the profile in the web UI.
Let's add another spec for checking the SSH server configuration:
touch spec/sshd_spec.rb
touch test/sshd_spec.rb
It will contain:
@ -75,9 +38,6 @@ only_if do
command('sshd').exists?
end
# load the configuration file
sshd_conf = SshConf.new('/etc/ssh/sshd_config')
rule "sshd-11" do
impact 1.0
title "Server: Set protocol version to SSHv2"
@ -85,7 +45,7 @@ rule "sshd-11" do
Set the SSH protocol version to 2. Don't use legacy
insecure SSHv1 connections anymore.
"
describe sshd_conf do
describe sshd_config do
its('Protocol') { should eq('2') }
end
end
@ -98,36 +58,8 @@ rule "sshd-7" do
of a system in the course of an attack (by either misconfiguration
or vulnerabilities), do not allow login as root with password
"
describe sshd_conf do
describe sshd_config do
its('PermitRootLogin') { should match(/no|without-password/) }
end
end
```
We can upload this file again:
tar -cz . | http -a $token: post $server/owners/vulcanosec/compliance/example/tar
### Upload a profile
Change into the profile's directory:
cd my_profile
It should contain the `vmetadata.rb` and all tests in the `spec` folder.
Add this profile to the server. In our example, we add the profile `vulcanosec/example`.
tar -cz . | http -a $token: post $server/owners/vulcanosec/compliance/example/tar
### Download a profile
To download a profile, follow this simple call to retrieve all data in a `tar.gz` file. To get the `vulcanosec/example` profile, call:
http -a $token: get $server/owners/vulcanosec/compliance/example/tar > example.tar.gz
Or to directly extract it:
http -a $token: get $server/owners/vulcanosec/compliance/example/tar | tar xzf -
cd vulcanosec/example

2
docs/resources.md
View file

@ -1,7 +1,5 @@
# Resources
All basic resources known from serverspec are included. Please see its [documentation here](http://serverspec.org/resource_types.html).
## audit_policy
Check Microsoft Windows Audit Policies: