Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2025-02-17 06:28:40 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1087 from chef/vj/update-resp

Browse source 
update responses
This commit is contained in:
Dominik Richter 2016-09-16 20:13:12 +02:00 committed by GitHub
commit f09797875c
33 changed files with 199 additions and 197 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
www/tutorial/app/responses/cat_README_md.txt
View file

@ -1 +1 @@
Only a few commands are implemented in this terminal. Please follow the demo.
Only a few commands are implemented in this terminal. Please follow the demo.

4
www/tutorial/app/responses/echo_command_uname_a_stdout_inspec_shell.txt
View file

@ -1,5 +1,5 @@
inspec> command('uname -a').stdout
inspec> command('uname -a').stdout
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
inspec> => "Linux 88d033cb7c95 4.4.20-moby #1 SMP Thu Sep 8 21:27:34 UTC 2016 x86_64 Linux\n"
inspec> => "Linux 2e958a7a89d6 4.4.19-moby #1 SMP Mon Aug 22 23:30:19 UTC 2016 x86_64 Linux\n"

26
www/tutorial/app/responses/echo_control_id_do_title_Check_permissions_on_root_impact_0_5_describe_file_root_do_its_mode_should_cmp_0750_end_end_inspec_shell.txt
View file

@ -1,19 +1,19 @@
inspec> control "id" do
inspec>  title "Check permissions on /root!"
inspec>  impact 0.5
inspec>  describe file('/root') do
inspec>  its('mode') { should cmp '0750'}
inspec>  end
inspec>  end
inspec> control "id" do
inspec>  title "Check permissions on /root!"
inspec>  impact 0.5
inspec>  describe file('/root') do
inspec>  its('mode') { should cmp '0750'}
inspec>  end
inspec>  end
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
inspec>  ✖ id: File /root mode should cmp "0750" (
expected: "0750"
got: 0700
(compared using `cmp` matcher)
)
inspec>  ✖ id: File /root mode should cmp "0750" (
expected: "0750"
got: 0700
(compared using `cmp` matcher)
)
Summary: 0 successful, 1 failures, 0 skipped

14
www/tutorial/app/responses/echo_describe_file_root_do_it_should_exist_its_mode_should_cmp_0750_end_inspec_shell.txt
View file

@ -1,12 +1,12 @@
inspec> describe file('/root') do
inspec>  it { should exist }
inspec>  its('mode') { should cmp '0750'}
inspec>  end
inspec> describe file('/root') do
inspec>  it { should exist }
inspec>  its('mode') { should cmp '0750'}
inspec>  end
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
inspec> 
inspec> 
File /root
 ✔ should exist
 ✔ should exist
Summary: 1 successful, 1 failures, 0 skipped
Summary: 1 successful, 1 failures, 0 skipped

4
www/tutorial/app/responses/echo_file_proc_cpuinfo_owner_inspec_shell.txt
View file

@ -1,5 +1,5 @@
inspec> file('/proc/cpuinfo').owner
inspec> file('/proc/cpuinfo').owner
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
inspec> => "root"
inspec> => "root"

6
www/tutorial/app/responses/echo_help_command_inspec_shell.txt
View file

@ -1,8 +1,8 @@
inspec> help command
inspec> Welcome to the interactive InSpec Shell
inspec> help command
inspec> Welcome to the interactive InSpec Shell
To find out how to use it, type: help
Name: command
Name: command
Description:

6
www/tutorial/app/responses/echo_help_file_inspec_shell.txt
View file

@ -1,8 +1,8 @@
inspec> help file
inspec> Welcome to the interactive InSpec Shell
inspec> help file
inspec> Welcome to the interactive InSpec Shell
To find out how to use it, type: help
Name: file
Name: file
Description:

12
www/tutorial/app/responses/echo_help_inspec_shell.txt
View file

@ -1,8 +1,8 @@
inspec> help
inspec> Welcome to the interactive InSpec Shell
inspec> help
inspec> Welcome to the interactive InSpec Shell
To find out how to use it, type: help


Available commands:
`[resource]` - run resource on target machine
@ -17,7 +17,7 @@ You can use resources in this environment to test the target machine. For exampl
You are currently running on:
OS platform: alpine
OS family: alpine
OS release: 3.4.0
OS platform: alpine
OS family: alpine
OS release: 3.4.0

6
www/tutorial/app/responses/echo_help_os_inspec_shell.txt
View file

@ -1,8 +1,8 @@
inspec> help os
inspec> Welcome to the interactive InSpec Shell
inspec> help os
inspec> Welcome to the interactive InSpec Shell
To find out how to use it, type: help
Name: os
Name: os
Description:

6
www/tutorial/app/responses/echo_help_resources_inspec_shell.txt
View file

@ -1,5 +1,5 @@
inspec> help resources
inspec> Welcome to the interactive InSpec Shell
inspec> help resources
inspec> Welcome to the interactive InSpec Shell
To find out how to use it, type: help
apache apache_conf apt ppa audit_policy auditd_conf auditd_rules command bash file bond bridge directory etc_group gem group grub_conf host iis_site inetd_conf interface iptables json kernel_module kernel_parameter linux_kernel_parameter limits_conf login_defs mount mssql_session mysql mysql_conf mysql_session npm ntp_conf oneget os os_env package parse_config parse_config_file passwd pip port postgres postgres_conf postgres_session powershell script processes registry_key windows_registry_key security_policy service systemd_service upstart_service sysv_service bsd_service launchd_service runit_service shadow ssl ssh_config sshd_config sys_info users user vbscript windows_feature xinetd_conf wmi yum yumrepo yaml csv ini
apache apache_conf apt ppa audit_policy auditd_conf auditd_rules command bash file bond bridge directory etc_group gem group grub_conf host iis_site inetd_conf interface iptables json kernel_module kernel_parameter linux_kernel_parameter limits_conf login_defs mount mssql_session mysql mysql_conf mysql_session npm ntp_conf oneget os os_env package parse_config parse_config_file passwd pip port postgres postgres_conf postgres_session powershell script processes registry_key windows_registry_key security_policy service systemd_service upstart_service sysv_service bsd_service launchd_service runit_service shadow ssl ssh_config sshd_config sys_info users user vbscript windows_feature xinetd_conf wmi yum yumrepo yaml csv ini

6
www/tutorial/app/responses/echo_sshd_config_params_inspec_shell.txt
View file

@ -1,6 +1,6 @@
inspec> sshd_config.params
inspec> sshd_config.params
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
inspec> => {"authorizedkeysfile"=>[".ssh/authorized_keys"],
"subsystem"=>["sftp\t/usr/lib/ssh/sftp-server"]}
inspec> => {"authorizedkeysfile"=>[".ssh/authorized_keys"],
"subsystem"=>["sftp\t/usr/lib/ssh/sftp-server"]}

27
www/tutorial/app/responses/inspec.txt
View file

@ -1,18 +1,17 @@
Commands:
inspec archive PATH # archive a profile to tar.gz (de...
inspec check PATH # verify all tests at the specifi...
inspec compliance SUBCOMMAND ... # Chef Compliance commands
inspec detect # detect the target OS
inspec env # Output shell-appropriate comple...
inspec exec PATHS # run all test files at the speci...
inspec help [COMMAND] # Describe available commands or ...
inspec init TEMPLATE ... # Scaffolds a new project
inspec json PATH # read all tests in PATH and gene...
inspec secrets-chef-vault SUBCOMMAND ... # Vault commands
inspec shell # open an interactive debugging s...
inspec supermarket SUBCOMMAND ... # Supermarket commands
inspec vendor # Download all dependencies and g...
inspec version # prints the version of this tool
inspec archive PATH # archive a profile to tar.gz (default) ...
inspec check PATH # verify all tests at the specified PATH
inspec compliance SUBCOMMAND ... # Chef Compliance commands
inspec detect # detect the target OS
inspec env # Output shell-appropriate completion co...
inspec exec PATHS # run all test files at the specified PATH.
inspec help [COMMAND] # Describe available commands or one spe...
inspec init TEMPLATE ... # Scaffolds a new project
inspec json PATH # read all tests in PATH and generate a ...
inspec shell # open an interactive debugging shell
inspec supermarket SUBCOMMAND ... # Supermarket commands
inspec vendor # Download all dependencies and generate...
inspec version # prints the version of this tool
Options:
l, [--log-level=LOG_LEVEL] # Set the log level: info (default), debug, warn, error

12
www/tutorial/app/responses/inspec_archive_examples_profile.txt
View file

@ -1,6 +1,6 @@
I, [2016-09-15T07:40:39.668289 #1155] INFO -- : Checking profile in examples/profile
I, [2016-09-15T07:40:39.668397 #1155] INFO -- : Metadata OK.
I, [2016-09-15T07:40:39.683376 #1155] INFO -- : Found 4 controls.
I, [2016-09-15T07:40:39.683410 #1155] INFO -- : Control definitions OK.
I, [2016-09-15T07:40:39.683591 #1155] INFO -- : Generate archive /filesystem/profile.tar.gz.
I, [2016-09-15T07:40:39.686313 #1155] INFO -- : Finished archive generation.
I, [2016-09-16T13:59:42.964480 #1147] INFO -- : Checking profile in examples/profile
I, [2016-09-16T13:59:42.964582 #1147] INFO -- : Metadata OK.
I, [2016-09-16T13:59:42.976429 #1147] INFO -- : Found 4 controls.
I, [2016-09-16T13:59:42.976466 #1147] INFO -- : Control definitions OK.
I, [2016-09-16T13:59:42.976604 #1147] INFO -- : Generate archive /filesystem/profile.tar.gz.
I, [2016-09-16T13:59:42.978718 #1147] INFO -- : Finished archive generation.

2
www/tutorial/app/responses/inspec_check_examples_profile.txt
View file

@ -1,7 +1,7 @@
Location: examples/profile
Profile: profile
Controls: 4
Timestamp: 2016-09-15T07:40:21+00:00
Timestamp: 2016-09-16T13:59:27+00:00
Valid: true
No errors or warnings

6
www/tutorial/app/responses/inspec_detect.txt
View file

@ -1,7 +1,7 @@
== Operating System Details
Name: alpine
Family: alpine
Release: 3.4.0
Name: alpine
Family: alpine
Release: 3.4.0
Arch: x86_64

2
www/tutorial/app/responses/inspec_detect_format_json.txt
View file

@ -1 +1 @@
{"name":"alpine","family":"alpine","release":"3.4.0","arch":"x86_64"}
{"name":"alpine","family":"alpine","release":"3.4.0","arch":"x86_64"}

14
www/tutorial/app/responses/inspec_detect_t_ssh_bob_host_node_i_bob_rsa.txt
View file

@ -1,7 +1,7 @@
== Operating System Details
Name: alpine
Family: alpine
Release: 3.4.0
Arch: x86_64
== Operating System Details
Name: alpine
Family: alpine
Release: 3.4.0
Arch: x86_64

34
www/tutorial/app/responses/inspec_exec_examples_profile_b_ssh_host_host_node_user_bob_i_bob_rsa.txt
View file

@ -1,17 +1,17 @@
Profile: InSpec Example Profile (profile)
Version: 1.0.0
Target: ssh://bob@host.node:
 ✔ tmp-1.0: Create /tmp directory
 ✔ File /tmp should be directory
 ○ gordon-1.0: Verify the version number of Gordon (1 skipped)
 ○ Can't find file "/tmp/gordon/config.yaml"
 ✔ File content should match nil
 ✔ ssh-1: Allow only SSH Protocol 2
 ✔ File /bin/sh should be owned by "root"
File /tmp
 ✔ should be directory
Summary: 4 successful, 0 failures, 1 skipped
Profile: InSpec Example Profile (profile)
Version: 1.0.0
Target: ssh://bob@host.node:
 ✔ tmp-1.0: Create /tmp directory
 ✔ File /tmp should be directory
 ○ gordon-1.0: Verify the version number of Gordon (1 skipped)
 ○ Can't find file "/tmp/gordon/config.yaml"
 ✔ File content should match nil
 ✔ ssh-1: Allow only SSH Protocol 2
 ✔ File /bin/sh should be owned by "root"
File /tmp
 ✔ should be directory
Summary: 4 successful, 0 failures, 1 skipped

2
www/tutorial/app/responses/inspec_exec_examples_profile_format_json.txt
View file

File diff suppressed because one or more lines are too long

34
www/tutorial/app/responses/inspec_exec_examples_profile_t_docker_abcdef123.txt
View file

@ -1,17 +1,17 @@
Profile: InSpec Example Profile (profile)
Version: 1.0.0
Target: docker://abcdef123
 ✔ tmp-1.0: Create /tmp directory
 ✔ File /tmp should be directory
 ○ gordon-1.0: Verify the version number of Gordon (1 skipped)
 ○ Can't find file "/tmp/gordon/config.yaml"
 ✔ File content should match nil
 ✔ ssh-1: Allow only SSH Protocol 2
 ✔ File /bin/sh should be owned by "root"
File /tmp
 ✔ should be directory
Summary: 4 successful, 0 failures, 1 skipped
Profile: InSpec Example Profile (profile)
Version: 1.0.0
Target: docker://abcdef123
 ✔ tmp-1.0: Create /tmp directory
 ✔ File /tmp should be directory
 ○ gordon-1.0: Verify the version number of Gordon (1 skipped)
 ○ Can't find file "/tmp/gordon/config.yaml"
 ✔ File content should match nil
 ✔ ssh-1: Allow only SSH Protocol 2
 ✔ File /bin/sh should be owned by "root"
File /tmp
 ✔ should be directory
Summary: 4 successful, 0 failures, 1 skipped

34
www/tutorial/app/responses/inspec_exec_examples_profile_t_ssh_bob_host_node_i_bob_rsa.txt
View file

@ -1,17 +1,17 @@
Profile: InSpec Example Profile (profile)
Version: 1.0.0
Target: ssh://bob@host.node:
 ✔ tmp-1.0: Create /tmp directory
 ✔ File /tmp should be directory
 ○ gordon-1.0: Verify the version number of Gordon (1 skipped)
 ○ Can't find file "/tmp/gordon/config.yaml"
 ✔ File content should match nil
 ✔ ssh-1: Allow only SSH Protocol 2
 ✔ File /bin/sh should be owned by "root"
File /tmp
 ✔ should be directory
Summary: 4 successful, 0 failures, 1 skipped
Profile: InSpec Example Profile (profile)
Version: 1.0.0
Target: ssh://bob@host.node:
 ✔ tmp-1.0: Create /tmp directory
 ✔ File /tmp should be directory
 ○ gordon-1.0: Verify the version number of Gordon (1 skipped)
 ○ Can't find file "/tmp/gordon/config.yaml"
 ✔ File content should match nil
 ✔ ssh-1: Allow only SSH Protocol 2
 ✔ File /bin/sh should be owned by "root"
File /tmp
 ✔ should be directory
Summary: 4 successful, 0 failures, 1 skipped

34
www/tutorial/app/responses/inspec_exec_examples_profile_t_winrm_alice_pass_windows_node.txt
View file

@ -1,17 +1,17 @@
Profile: InSpec Example Profile (profile)
Version: 1.0.0
Target: winrm://alice@windows.node:
 ✔ tmp-1.0: Create /tmp directory
 ✔ File /tmp should be directory
 ○ gordon-1.0: Verify the version number of Gordon (1 skipped)
 ○ Can't find file "/tmp/gordon/config.yaml"
 ✔ File content should match nil
 ✔ ssh-1: Allow only SSH Protocol 2
 ✔ File /bin/sh should be owned by "root"
File /tmp
 ✔ should be directory
Summary: 4 successful, 0 failures, 1 skipped
Profile: InSpec Example Profile (profile)
Version: 1.0.0
Target: winrm://alice@windows.node:
 ✔ tmp-1.0: Create /tmp directory
 ✔ File /tmp should be directory
 ○ gordon-1.0: Verify the version number of Gordon (1 skipped)
 ○ Can't find file "/tmp/gordon/config.yaml"
 ✔ File content should match nil
 ✔ ssh-1: Allow only SSH Protocol 2
 ✔ File /bin/sh should be owned by "root"
File /tmp
 ✔ should be directory
Summary: 4 successful, 0 failures, 1 skipped

34
www/tutorial/app/responses/inspec_exec_examples_profile_t_winrm_alice_pass_windows_node_ssl_self_signed.txt
View file

@ -1,17 +1,17 @@
Profile: InSpec Example Profile (profile)
Version: 1.0.0
Target: winrm://alice@windows.node:
 ✔ tmp-1.0: Create /tmp directory
 ✔ File /tmp should be directory
 ○ gordon-1.0: Verify the version number of Gordon (1 skipped)
 ○ Can't find file "/tmp/gordon/config.yaml"
 ✔ File content should match nil
 ✔ ssh-1: Allow only SSH Protocol 2
 ✔ File /bin/sh should be owned by "root"
File /tmp
 ✔ should be directory
Summary: 4 successful, 0 failures, 1 skipped
Profile: InSpec Example Profile (profile)
Version: 1.0.0
Target: winrm://alice@windows.node:
 ✔ tmp-1.0: Create /tmp directory
 ✔ File /tmp should be directory
 ○ gordon-1.0: Verify the version number of Gordon (1 skipped)
 ○ Can't find file "/tmp/gordon/config.yaml"
 ✔ File content should match nil
 ✔ ssh-1: Allow only SSH Protocol 2
 ✔ File /bin/sh should be owned by "root"
File /tmp
 ✔ should be directory
Summary: 4 successful, 0 failures, 1 skipped

27
www/tutorial/app/responses/inspec_help.txt
View file

@ -1,18 +1,17 @@
Commands:
inspec archive PATH # archive a profile to tar.gz (de...
inspec check PATH # verify all tests at the specifi...
inspec compliance SUBCOMMAND ... # Chef Compliance commands
inspec detect # detect the target OS
inspec env # Output shell-appropriate comple...
inspec exec PATHS # run all test files at the speci...
inspec help [COMMAND] # Describe available commands or ...
inspec init TEMPLATE ... # Scaffolds a new project
inspec json PATH # read all tests in PATH and gene...
inspec secrets-chef-vault SUBCOMMAND ... # Vault commands
inspec shell # open an interactive debugging s...
inspec supermarket SUBCOMMAND ... # Supermarket commands
inspec vendor # Download all dependencies and g...
inspec version # prints the version of this tool
inspec archive PATH # archive a profile to tar.gz (default) ...
inspec check PATH # verify all tests at the specified PATH
inspec compliance SUBCOMMAND ... # Chef Compliance commands
inspec detect # detect the target OS
inspec env # Output shell-appropriate completion co...
inspec exec PATHS # run all test files at the specified PATH.
inspec help [COMMAND] # Describe available commands or one spe...
inspec init TEMPLATE ... # Scaffolds a new project
inspec json PATH # read all tests in PATH and generate a ...
inspec shell # open an interactive debugging shell
inspec supermarket SUBCOMMAND ... # Supermarket commands
inspec vendor # Download all dependencies and generate...
inspec version # prints the version of this tool
Options:
l, [--log-level=LOG_LEVEL] # Set the log level: info (default), debug, warn, error

17
www/tutorial/app/responses/inspec_help_compliance.txt
View file

@ -1,8 +1,9 @@
Commands:
inspec compliance exec PROFILE # ...
inspec compliance help [COMMAND] # ...
inspec compliance login SERVER --insecure --user='USER' --token='TOKEN' # ...
inspec compliance logout # ...
inspec compliance profiles # ...
inspec compliance upload PATH # ...
inspec compliance version # ...
Commands:
inspec compliance exec PROFILE # ...
inspec compliance help [COMMAND] # ...
inspec compliance login SERVER --insecure --user='USER' --token='TOKEN' # ...
inspec compliance logout # ...
inspec compliance profiles # ...
inspec compliance upload PATH # ...
inspec compliance version # ...

11
www/tutorial/app/responses/inspec_help_supermarket.txt
View file

@ -1,5 +1,6 @@
Commands:
inspec supermarket exec PROFILE # execute a Supermarket profile
inspec supermarket help [COMMAND] # Describe subcommands or one specific s...
inspec supermarket info PROFILE # display Supermarket profile details
inspec supermarket profiles # list all available profiles in Chef Su...
Commands:
inspec supermarket exec PROFILE # execute a Supermarket profile
inspec supermarket help [COMMAND] # Describe subcommands or one specific s...
inspec supermarket info PROFILE # display Supermarket profile details
inspec supermarket profiles # list all available profiles in Chef Su...

2
www/tutorial/app/responses/inspec_json_examples_profile.txt
View file

@ -1 +1 @@
{"name":"profile","title":"InSpec Example Profile","maintainer":"Chef Software, Inc.","copyright":"Chef Software, Inc.","copyright_email":"support@chef.io","license":"Apache 2 license","summary":"Demonstrates the use of InSpec Compliance Profile","version":"1.0.0","supports":[{"os-family":"unix"}],"controls":{"tmp-1.0":{"title":"Create /tmp directory","desc":"An optional description...","impact":0.7,"refs":[{"url":"http://...","ref":"Document A-12"}],"tags":{"data":"temp data","security":null},"code":"control \"tmp-1.0\" do # A unique ID for this control\n impact 0.7 # The criticality, if this control fails.\n title \"Create /tmp directory\" # A human-readable title\n desc \"An optional description...\" # Describe why this is needed\n tag data: \"temp data\" # A tag allows you to associate key information\n tag \"security\" # to the test\n ref \"Document A-12\", url: 'http://...' # Additional references\n\n describe file('/tmp') do # The actual test\n it { should be_directory }\n end\nend\n","source_location":{"ref":"examples/profile/controls/example.rb","line":8}},"(generated from example.rb:22 31b549e80899bf668c99eeef8f169bf2)":{"title":null,"desc":null,"impact":0.5,"refs":[],"tags":{},"code":" rule = rule_class.new(id, profile_id, {}) do\n res = describe(*args, &block)\n end\n","source_location":{"ref":"/usr/local/bundle/gems/inspec-0.34.1/lib/inspec/control_eval_context.rb","line":87}},"gordon-1.0":{"title":"Verify the version number of Gordon","desc":"An optional description...","impact":0.7,"refs":[{"uri":"http://...","ref":"Gordon Requirements 1.0"}],"tags":{"gordon":null},"code":"control 'gordon-1.0' do\n impact 0.7\n title 'Verify the version number of Gordon'\n desc 'An optional description...'\n tag 'gordon'\n ref 'Gordon Requirements 1.0', uri: 'http://...'\n\n # Test using the custom gordon_config Inspec resource\n # Find the resource content here: ../libraries/\n describe gordon_config do\n it { should exist }\n its('version') { should eq('1.0') }\n its('file_size') { should <= 20 }\n its('comma_count') { should eq 0 }\n end\n\n # Test the version again to showcase variables\n g = gordon_config\n g_path = g.file_path\n g_version = g.version\n describe file(g_path) do\n its('content') { should match g_version }\n end\nend\n","source_location":{"ref":"examples/profile/controls/gordon.rb","line":14}},"ssh-1":{"title":"Allow only SSH Protocol 2","desc":"Only SSH protocol version 2 connections should be permitted. The default setting in /etc/ssh/sshd_config is correct, and can be verified by ensuring that the following line appears: Protocol 2","impact":1.0,"refs":[{"url":"https://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf","ref":"NSA-RH6-STIG - Section 3.5.2.1"},{"url":"http://iasecontent.disa.mil/stigs/zip/Jan2016/U_RedHat_6_V1R10_STIG.zip","ref":"DISA-RHEL6-SG - Section 9.2.1"},{"ref":"http://people.redhat.com/swells/scap-security-guide/RHEL/6/output/ssg-centos6-guide-C2S.html"}],"tags":{"production":null,"development":null,"ssh":null,"sshd":null,"openssh-server":null,"cce":"CCE-27072-8","disa":"RHEL-06-000227","nist":"IA-5(1)","cci":"CCI-001436","remediation":"https://supermarket.chef.io/cookbooks/ssh-hardening"},"code":"control 'ssh-1' do\n impact 1.0\n\n title 'Allow only SSH Protocol 2'\n desc 'Only SSH protocol version 2 connections should be permitted.\n The default setting in /etc/ssh/sshd_config is correct, and can be\n verified by ensuring that the following line appears: Protocol 2'\n\n tag 'production','development'\n tag 'ssh','sshd','openssh-server'\n\n tag cce: 'CCE-27072-8'\n tag disa: 'RHEL-06-000227'\n\n tag nist: 'AC-3(10).i'\n tag nist: 'IA-5(1)'\n\n tag cci: 'CCI-000776'\n tag cci: 'CCI-000774'\n tag cci: 'CCI-001436'\n\n tag remediation: 'stig_rhel6/recipes/sshd-config.rb'\n tag remediation: 'https://supermarket.chef.io/cookbooks/ssh-hardening'\n\n ref 'NSA-RH6-STIG - Section 3.5.2.1', url: 'https://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf'\n ref 'DISA-RHEL6-SG - Section 9.2.1', url: 'http://iasecontent.disa.mil/stigs/zip/Jan2016/U_RedHat_6_V1R10_STIG.zip'\n ref 'http://people.redhat.com/swells/scap-security-guide/RHEL/6/output/ssg-centos6-guide-C2S.html'\n\n describe file('/bin/sh') do\n it { should be_owned_by 'root' }\n end\nend\n","source_location":{"ref":"examples/profile/controls/meta.rb","line":3}}},"groups":{"controls/example.rb":{"title":"/tmp profile","controls":["tmp-1.0","(generated from example.rb:22 31b549e80899bf668c99eeef8f169bf2)"]},"controls/gordon.rb":{"title":"Gordon Config Checks","controls":["gordon-1.0"]},"controls/meta.rb":{"title":"SSH Server Configuration","controls":["ssh-1"]}},"attributes":[]}
{"name":"profile","title":"InSpec Example Profile","maintainer":"Chef Software, Inc.","copyright":"Chef Software, Inc.","copyright_email":"support@chef.io","license":"Apache 2 license","summary":"Demonstrates the use of InSpec Compliance Profile","version":"1.0.0","supports":[{"os-family":"unix"}],"controls":{"tmp-1.0":{"title":"Create /tmp directory","desc":"An optional description...","impact":0.7,"refs":[{"url":"http://...","ref":"Document A-12"}],"tags":{"data":"temp data","security":null},"code":"control \"tmp-1.0\" do # A unique ID for this control\n impact 0.7 # The criticality, if this control fails.\n title \"Create /tmp directory\" # A human-readable title\n desc \"An optional description...\" # Describe why this is needed\n tag data: \"temp data\" # A tag allows you to associate key information\n tag \"security\" # to the test\n ref \"Document A-12\", url: 'http://...' # Additional references\n\n describe file('/tmp') do # The actual test\n it { should be_directory }\n end\nend\n","source_location":{"ref":"examples/profile/controls/example.rb","line":8}},"(generated from example.rb:22 7195529956129b055ac310a3a55c6d56)":{"title":null,"desc":null,"impact":0.5,"refs":[],"tags":{},"code":" rule = rule_class.new(id, profile_id, {}) do\n res = describe(*args, &block)\n end\n","source_location":{"ref":"/usr/local/bundle/gems/inspec-0.35.0/lib/inspec/control_eval_context.rb","line":87}},"gordon-1.0":{"title":"Verify the version number of Gordon","desc":"An optional description...","impact":0.7,"refs":[{"uri":"http://...","ref":"Gordon Requirements 1.0"}],"tags":{"gordon":null},"code":"control 'gordon-1.0' do\n impact 0.7\n title 'Verify the version number of Gordon'\n desc 'An optional description...'\n tag 'gordon'\n ref 'Gordon Requirements 1.0', uri: 'http://...'\n\n # Test using the custom gordon_config Inspec resource\n # Find the resource content here: ../libraries/\n describe gordon_config do\n it { should exist }\n its('version') { should eq('1.0') }\n its('file_size') { should <= 20 }\n its('comma_count') { should eq 0 }\n end\n\n # Test the version again to showcase variables\n g = gordon_config\n g_path = g.file_path\n g_version = g.version\n describe file(g_path) do\n its('content') { should match g_version }\n end\nend\n","source_location":{"ref":"examples/profile/controls/gordon.rb","line":14}},"ssh-1":{"title":"Allow only SSH Protocol 2","desc":"Only SSH protocol version 2 connections should be permitted. The default setting in /etc/ssh/sshd_config is correct, and can be verified by ensuring that the following line appears: Protocol 2","impact":1.0,"refs":[{"url":"https://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf","ref":"NSA-RH6-STIG - Section 3.5.2.1"},{"url":"http://iasecontent.disa.mil/stigs/zip/Jan2016/U_RedHat_6_V1R10_STIG.zip","ref":"DISA-RHEL6-SG - Section 9.2.1"},{"ref":"http://people.redhat.com/swells/scap-security-guide/RHEL/6/output/ssg-centos6-guide-C2S.html"}],"tags":{"production":null,"development":null,"ssh":null,"sshd":null,"openssh-server":null,"cce":"CCE-27072-8","disa":"RHEL-06-000227","nist":"IA-5(1)","cci":"CCI-001436","remediation":"https://supermarket.chef.io/cookbooks/ssh-hardening"},"code":"control 'ssh-1' do\n impact 1.0\n\n title 'Allow only SSH Protocol 2'\n desc 'Only SSH protocol version 2 connections should be permitted.\n The default setting in /etc/ssh/sshd_config is correct, and can be\n verified by ensuring that the following line appears: Protocol 2'\n\n tag 'production','development'\n tag 'ssh','sshd','openssh-server'\n\n tag cce: 'CCE-27072-8'\n tag disa: 'RHEL-06-000227'\n\n tag nist: 'AC-3(10).i'\n tag nist: 'IA-5(1)'\n\n tag cci: 'CCI-000776'\n tag cci: 'CCI-000774'\n tag cci: 'CCI-001436'\n\n tag remediation: 'stig_rhel6/recipes/sshd-config.rb'\n tag remediation: 'https://supermarket.chef.io/cookbooks/ssh-hardening'\n\n ref 'NSA-RH6-STIG - Section 3.5.2.1', url: 'https://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf'\n ref 'DISA-RHEL6-SG - Section 9.2.1', url: 'http://iasecontent.disa.mil/stigs/zip/Jan2016/U_RedHat_6_V1R10_STIG.zip'\n ref 'http://people.redhat.com/swells/scap-security-guide/RHEL/6/output/ssg-centos6-guide-C2S.html'\n\n describe file('/bin/sh') do\n it { should be_owned_by 'root' }\n end\nend\n","source_location":{"ref":"examples/profile/controls/meta.rb","line":3}}},"groups":{"controls/example.rb":{"title":"/tmp profile","controls":["tmp-1.0","(generated from example.rb:22 7195529956129b055ac310a3a55c6d56)"]},"controls/gordon.rb":{"title":"Gordon Config Checks","controls":["gordon-1.0"]},"controls/meta.rb":{"title":"SSH Server Configuration","controls":["ssh-1"]}},"attributes":[]}

2
www/tutorial/app/responses/inspec_shell_c_os_params_.txt
View file

@ -1 +1 @@
{:name=>"alpine", :family=>"alpine", :release=>"3.4.0", :arch=>"x86_64"}
{:name=>"alpine", :family=>"alpine", :release=>"3.4.0", :arch=>"x86_64"}

2
www/tutorial/app/responses/inspec_shell_c_os_params_t_docker_abcdef123.txt
View file

@ -1 +1 @@
{:name=>"alpine", :family=>"alpine", :release=>"3.4.0", :arch=>"x86_64"}
{:name=>"alpine", :family=>"alpine", :release=>"3.4.0", :arch=>"x86_64"}

1
www/tutorial/app/responses/inspec_shell_c_sshd_config_Protocol_.txt
View file

@ -0,0 +1 @@

1
www/tutorial/app/responses/inspec_shell_c_sshd_config_Protocol_t_ssh_bob_host_node_i_bob_rsa.txt
View file

@ -0,0 +1 @@

2
www/tutorial/app/responses/inspec_version.txt
View file

@ -1 +1 @@
0.34.1
0.35.0

4
www/tutorial/app/responses/ls.txt
View file

@ -1,2 +1,2 @@
README.md
examples
README.md
examples