{"name":"profile","title":"InSpec Example Profile","maintainer":"Chef Software, Inc.","copyright":"Chef Software, Inc.","copyright_email":"support@chef.io","license":"Apache 2 license","summary":"Demonstrates the use of InSpec Compliance Profile","version":"1.0.0","supports":[{"os-family":"unix"}],"controls":[{"title":"Create /tmp directory","desc":"An optional description...","impact":0.7,"refs":[{"url":"http://...","ref":"Document A-12"}],"tags":{"data":"temp data","security":null},"code":"control \"tmp-1.0\" do # A unique ID for this control\n impact 0.7 # The criticality, if this control fails.\n title \"Create /tmp directory\" # A human-readable title\n desc \"An optional description...\" # Describe why this is needed\n tag data: \"temp data\" # A tag allows you to associate key information\n tag \"security\" # to the test\n ref \"Document A-12\", url: 'http://...' # Additional references\n\n describe file('/tmp') do # The actual test\n it { should be_directory }\n end\nend\n","source_location":{"ref":"examples/profile/controls/example.rb","line":8},"id":"tmp-1.0"},{"title":null,"desc":null,"impact":0.5,"refs":[],"tags":{},"code":" rule = rule_class.new(id, profile_id, {}) do\n res = describe(*args, &block)\n end\n","source_location":{"ref":"/usr/local/bundle/gems/inspec-1.0.0/lib/inspec/control_eval_context.rb","line":87},"id":"(generated from example.rb:22 c19e052d4f2a4b64feba5bb3eb181689)"},{"title":"Verify the version number of Gordon","desc":"An optional description...","impact":0.7,"refs":[{"uri":"http://...","ref":"Gordon Requirements 1.0"}],"tags":{"gordon":null},"code":"control 'gordon-1.0' do\n impact 0.7\n title 'Verify the version number of Gordon'\n desc 'An optional description...'\n tag 'gordon'\n ref 'Gordon Requirements 1.0', uri: 'http://...'\n\n # Test using the custom gordon_config Inspec resource\n # Find the resource content here: ../libraries/\n describe gordon_config do\n it { should exist }\n its('version') { should eq('1.0') }\n its('file_size') { should <= 20 }\n its('comma_count') { should eq 0 }\n end\n\n # Test the version again to showcase variables\n g = gordon_config\n g_path = g.file_path\n g_version = g.version\n describe file(g_path) do\n its('content') { should match g_version }\n end\nend\n","source_location":{"ref":"examples/profile/controls/gordon.rb","line":14},"id":"gordon-1.0"},{"title":"Allow only SSH Protocol 2","desc":"Only SSH protocol version 2 connections should be permitted. The default setting in /etc/ssh/sshd_config is correct, and can be verified by ensuring that the following line appears: Protocol 2","impact":1.0,"refs":[{"url":"https://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf","ref":"NSA-RH6-STIG - Section 3.5.2.1"},{"url":"http://iasecontent.disa.mil/stigs/zip/Jan2016/U_RedHat_6_V1R10_STIG.zip","ref":"DISA-RHEL6-SG - Section 9.2.1"},{"ref":"http://people.redhat.com/swells/scap-security-guide/RHEL/6/output/ssg-centos6-guide-C2S.html"}],"tags":{"production":null,"development":null,"ssh":null,"sshd":null,"openssh-server":null,"cce":"CCE-27072-8","disa":"RHEL-06-000227","nist":"IA-5(1)","cci":"CCI-001436","remediation":"https://supermarket.chef.io/cookbooks/ssh-hardening"},"code":"control 'ssh-1' do\n impact 1.0\n\n title 'Allow only SSH Protocol 2'\n desc 'Only SSH protocol version 2 connections should be permitted.\n The default setting in /etc/ssh/sshd_config is correct, and can be\n verified by ensuring that the following line appears: Protocol 2'\n\n tag 'production','development'\n tag 'ssh','sshd','openssh-server'\n\n tag cce: 'CCE-27072-8'\n tag disa: 'RHEL-06-000227'\n\n tag nist: 'AC-3(10).i'\n tag nist: 'IA-5(1)'\n\n tag cci: 'CCI-000776'\n tag cci: 'CCI-000774'\n tag cci: 'CCI-001436'\n\n tag remediation: 'stig_rhel6/recipes/sshd-config.rb'\n tag remediation: 'https://supermarket.chef.io/cookbooks/ssh-hardening'\n\n ref 'NSA-RH6-STIG - Section 3.5.2.1', url: 'https://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf'\n ref 'DISA-RHEL6-SG - Section 9.2.1', url: 'http://iasecontent.disa.mil/stigs/zip/Jan2016/U_RedHat_6_V1R10_STIG.zip'\n ref 'http://people.redhat.com/swells/scap-security-guide/RHEL/6/output/ssg-centos6-guide-C2S.html'\n\n describe file('/bin/sh') do\n it { should be_owned_by 'root' }\n end\nend\n","source_location":{"ref":"examples/profile/controls/meta.rb","line":3},"id":"ssh-1"}],"groups":[{"title":"/tmp profile","controls":["tmp-1.0","(generated from example.rb:22 c19e052d4f2a4b64feba5bb3eb181689)"],"id":"controls/example.rb"},{"title":"Gordon Config Checks","controls":["gordon-1.0"],"id":"controls/gordon.rb"},{"title":"SSH Server Configuration","controls":["ssh-1"],"id":"controls/meta.rb"}],"attributes":[]}