mirror of
https://github.com/inspec/inspec
synced 2024-11-26 22:50:36 +00:00
update docs
This commit is contained in:
parent
3ba8db9bb0
commit
cee48e8783
3 changed files with 6 additions and 181 deletions
|
@ -1,105 +0,0 @@
|
|||
a {
|
||||
color: #626F80;
|
||||
}
|
||||
|
||||
.active a {
|
||||
color: #70c2e8;
|
||||
}
|
||||
|
||||
a:hover {
|
||||
color: #70c2e8;
|
||||
}
|
||||
|
||||
a:focus {
|
||||
color: #70c2e8;
|
||||
}
|
||||
|
||||
a:active {
|
||||
color: #70c2e8;
|
||||
}
|
||||
|
||||
h2 {
|
||||
margin-top: 6rem;
|
||||
}
|
||||
|
||||
.bs-sidebar.affix {
|
||||
position: absolute;
|
||||
top: 2.3rem;
|
||||
}
|
||||
|
||||
.bs-sidenav .main {
|
||||
display: none;
|
||||
}
|
||||
|
||||
.navbar-default .navbar-nav>li>a:hover,
|
||||
.navbar-default .navbar-nav>li>a:focus,
|
||||
.navbar-default .navbar-brand:hover,
|
||||
.navbar-default .navbar-brand:focus {
|
||||
color: #70c2e8;
|
||||
}
|
||||
|
||||
/*
|
||||
Original file can be found here:
|
||||
https://raw.githubusercontent.com/wolfcms/docs.wolfcms.org/master/docs/themes/wolfcms/extra-css.css
|
||||
*/
|
||||
|
||||
.note, .attention, .caution, .danger, .error, .hint, .important, .tip, .warning, .seealso, .admonition-todo {
|
||||
padding: 12px;
|
||||
line-height: 24px;
|
||||
margin-bottom: 24px;
|
||||
background-color: #e7f2fa;
|
||||
}
|
||||
|
||||
.note, .seealso {
|
||||
background-color: #e7f2fa;
|
||||
}
|
||||
|
||||
.admonition-title {
|
||||
display: inline-block;
|
||||
font-family: FontAwesome;
|
||||
font-style: normal;
|
||||
font-weight: normal;
|
||||
line-height: 1;
|
||||
}
|
||||
|
||||
.admonition-title {
|
||||
font-family: inherit;
|
||||
}
|
||||
|
||||
.admonition-title {
|
||||
font-weight: bold;
|
||||
display: block;
|
||||
color: #ffffff;
|
||||
background-color: #6ab0de;
|
||||
margin: -12px -12px 12px -12px;
|
||||
padding: 6px 12px 6px 12px;
|
||||
}
|
||||
|
||||
.note .admonition-title
|
||||
{
|
||||
background-color: #6ab0de;
|
||||
}
|
||||
|
||||
.tip .admonition-title {
|
||||
background-color: #1ABC9C;
|
||||
}
|
||||
|
||||
.tip {
|
||||
background-color: #DBFAF4;
|
||||
}
|
||||
|
||||
.warning .admonition-title {
|
||||
background-color: #F0B37E;
|
||||
}
|
||||
|
||||
.warning {
|
||||
background-color: #FFEDCC;
|
||||
}
|
||||
|
||||
.danger .admonition-title {
|
||||
background-color: #b04040;
|
||||
}
|
||||
|
||||
.danger {
|
||||
background-color: #ffe9e9;
|
||||
}
|
|
@ -4,32 +4,10 @@ VulcanoSec specs is a collection of resources and matchers to test the complianc
|
|||
|
||||
### Introduction
|
||||
|
||||
All compliance profiles a grouped by `owner/profile`. Let's create an example file profile called `vulcanosec/example`.
|
||||
At first, we add our tests to the `test` folder. Each test file must end with `_spec.rb`:
|
||||
|
||||
mkdir vulcanosec-example
|
||||
cd vulcanosec-example
|
||||
touch vmetadata.rb
|
||||
|
||||
Information on this profile is stored in `vmetadata.rb`. In our example, it contains:
|
||||
|
||||
```ruby
|
||||
# encoding: utf-8
|
||||
|
||||
name "vulcanosec/example"
|
||||
version "1.0.0"
|
||||
title "Example Spec profile"
|
||||
maintainer "Example User"
|
||||
copyright "Example User"
|
||||
copyright_email "hello@example.com"
|
||||
license "Proprietary, All rights reserved"
|
||||
summary "Verify a small example profile"
|
||||
description "Full description..."
|
||||
```
|
||||
|
||||
Finally we add our tests to the `spec` folder. Each test file must end with `_spec.rb`:
|
||||
|
||||
mkdir spec
|
||||
touch spec/example_spec.rb
|
||||
mkdir test
|
||||
touch test/example_spec.rb
|
||||
|
||||
We add a rule to this file, to check the `/tmp` path in our system:
|
||||
|
||||
|
@ -46,24 +24,9 @@ rule "cis-fs-2.1" do # A unique ID for this rule
|
|||
end
|
||||
```
|
||||
|
||||
This is just a small test to get started, so let's register this profile with the server. We will use API calls to do so:
|
||||
|
||||
server="http://myserver:2134/api"
|
||||
token=$(http post $server/oauth/token -a username:password | jq '.access_token' | tr -d '"')
|
||||
|
||||
# run this command from the folder, where vmetadata.rb is located
|
||||
tar -cz . | http -a $token: $server/owners/vulcanosec/compliance/example/tar
|
||||
|
||||
You will see a confirming:
|
||||
|
||||
HTTP/1.1 200 OK
|
||||
...
|
||||
|
||||
You can take a look at the profile in the web UI.
|
||||
|
||||
Let's add another spec for checking the SSH server configuration:
|
||||
|
||||
touch spec/sshd_spec.rb
|
||||
touch test/sshd_spec.rb
|
||||
|
||||
It will contain:
|
||||
|
||||
|
@ -75,9 +38,6 @@ only_if do
|
|||
command('sshd').exists?
|
||||
end
|
||||
|
||||
# load the configuration file
|
||||
sshd_conf = SshConf.new('/etc/ssh/sshd_config')
|
||||
|
||||
rule "sshd-11" do
|
||||
impact 1.0
|
||||
title "Server: Set protocol version to SSHv2"
|
||||
|
@ -85,7 +45,7 @@ rule "sshd-11" do
|
|||
Set the SSH protocol version to 2. Don't use legacy
|
||||
insecure SSHv1 connections anymore.
|
||||
"
|
||||
describe sshd_conf do
|
||||
describe sshd_config do
|
||||
its('Protocol') { should eq('2') }
|
||||
end
|
||||
end
|
||||
|
@ -98,36 +58,8 @@ rule "sshd-7" do
|
|||
of a system in the course of an attack (by either misconfiguration
|
||||
or vulnerabilities), do not allow login as root with password
|
||||
"
|
||||
describe sshd_conf do
|
||||
describe sshd_config do
|
||||
its('PermitRootLogin') { should match(/no|without-password/) }
|
||||
end
|
||||
end
|
||||
```
|
||||
|
||||
We can upload this file again:
|
||||
|
||||
tar -cz . | http -a $token: post $server/owners/vulcanosec/compliance/example/tar
|
||||
|
||||
|
||||
### Upload a profile
|
||||
|
||||
Change into the profile's directory:
|
||||
|
||||
cd my_profile
|
||||
|
||||
It should contain the `vmetadata.rb` and all tests in the `spec` folder.
|
||||
|
||||
Add this profile to the server. In our example, we add the profile `vulcanosec/example`.
|
||||
|
||||
tar -cz . | http -a $token: post $server/owners/vulcanosec/compliance/example/tar
|
||||
|
||||
### Download a profile
|
||||
|
||||
To download a profile, follow this simple call to retrieve all data in a `tar.gz` file. To get the `vulcanosec/example` profile, call:
|
||||
|
||||
http -a $token: get $server/owners/vulcanosec/compliance/example/tar > example.tar.gz
|
||||
|
||||
Or to directly extract it:
|
||||
|
||||
http -a $token: get $server/owners/vulcanosec/compliance/example/tar | tar xzf -
|
||||
cd vulcanosec/example
|
|
@ -1,7 +1,5 @@
|
|||
# Resources
|
||||
|
||||
All basic resources known from serverspec are included. Please see its [documentation here](http://serverspec.org/resource_types.html).
|
||||
|
||||
## audit_policy
|
||||
|
||||
Check Microsoft Windows Audit Policies:
|
||||
|
|
Loading…
Reference in a new issue