[["InSpec Introduction","

Welcome to the interactive InSpec demo. You will learn how to use the command line and shell and get an introduction to all aspects of the language.

\n\n

To navigate this demo, type next to move forward and prev to move back.\nUse clear to clear the terminal screen.

\n"],["InSpec Help","

InSpec is called via

\n\n

\ninspec\n

\n\n

Try it out! You will see the help menu. You can also view it with:

\n\n

\ninspec help\n

\n"],["InSpec Help Subcommands","

This list of subcommands may be intimidating at first. It is easy to get help on any of these commands via inspec help <COMMAND>. Let's try it out for a few:

\n\n

\ninspec help version\n

\n\n

\ninspec help detect\n

\n\n

\ninspec help exec\n

\n"],["InSpec Version","

The easiest subcommand is inspec version. It tells you which version of InSpec is running.

\n"],["InSpec Check","

The most frequent use of InSpec is to execute profiles. You can find the examples/profile in the InSpec repository. Before executing it for the first time, let's verify if it is valid profile

\n\n

\ninspec check examples/profile\n

\n\n

This command is not only used for syntax testing and linting, but can also provide information on valid profiles including its version and control overview.

\n"],["InSpec Exec","

Let's try testing some profiles! To run the profile and test the local machine, type:

\n\n

\ninspec exec examples/profile\n

\n\n

The result is shown in the report.

\n"],["InSpec Exec SSH","

InSpec can also test your remote machines! Let's assume there is node host.node registered with SSH configured for user bob with a keyfile in the current directory (bob.rsa). You can run the same profile against this node via:

\n\n

\ninspec exec examples/profile -t ssh://bob@host.node -i bob.rsa\n

\n"],["InSpec Exec SSH (More Options)","

The wonderful -t option (or --target) is a shorthand for specifying all fields separately:

\n\n

\ninspec exec examples/profile -b ssh --host host.node --user bob -i bob.rsa\n

\n\n

For more options try:

\n\n

\ninspec help exec\n

\n"],["InSpec Exec WinRm","

We can also scan Windows machines. Let's assume windows.node is configured with WinRM access for user alice with a password pass. The command will now read:

\n\n

\ninspec exec examples/profile -t winrm://alice:pass@windows.node\n

\n"],["InSpec Exec WinRm SSL","

The previous example is not quite realistic. Most Windows nodes with WinRM are configured to use SSL. Let's assume the user also has a self-signed certificate. It would now read

\n\n

\ninspec exec examples/profile -t winrm://alice:pass@windows.node --ssl --self-signed\n

\n"],["InSpec Exec Docker","

InSpec also supports scanning containers. Let's try it with Docker and pick a container

\n\n

\ninspec exec examples/profile -t docker://abcdef123\n

\n"],["InSpec Detect","

InSpec is able to verify local and remote nodes before running tests. This is a utility command to check connections and get information on the target

\n\n

\ninspec detect\n

\n\n

\ninspec detect -t ssh://bob@host.node -i bob.rsa\n

\n"],["InSpec Shell Introduction","

Let's explore the InSpec shell. It's an integrated utility to test and debug the InSpec language. Before we start it interactively, let's try the command execution mode. It runs code and resources and prints the result.

\n\n

First, we start with the OS detection:

\n\n

\ninspec shell -c 'os.params'\n

\n\n

Another example is to test an existing resource:

\n\n

\ninspec shell -c 'sshd_config.Protocol'\n

\n"],["InSpec Shell with Remotes","

These commands also work with remote targets

\n\n

\ninspec shell -c 'sshd_config.Protocol' -t ssh://bob@host.node -i bob.rsa\n

\n\n

\ninspec shell -c 'os.params' -t docker://abcdef123\n

\n"],["Interactive InSpec Shell","

It's time to see the interactive shell! Type

\n\n

\ninspec shell\n

\n\n

You can still use next and prev to move between demos. Look at how the shell prompt looks different between the system shell and the inspec shell.

\n"],["InSpec Shell Help","

The greeting of the InSpec shell suggests to run the help command:

\n\n

\nhelp\n

\n\n

You will not only see the help menu, but also a quick summary of the machine where this is running.

\n"],["InSpec Shell Help Resources","

To get a list of all available resources, you can type:

\n\n

\nhelp resources\n

\n"],["InSpec Shell Help Subcommands","

To explore any of these resources, you can try:

\n\n

\nhelp file\n

\n\n

\nhelp command\n

\n\n

\nhelp os\n

\n\n

These 3 resources are the core trinity of all executions. All other resources reference them in some way. They lead of system interactions.

\n"],["InSpec Shell Commands","

To use any of these resources, you can call it and its arguments. Try these examples:

\n\n

\ncommand('uname -a').stdout\n

\n\n

\nfile('/proc/cpuinfo').owner\n

\n\n

\nsshd_config.params\n

\n"],["InSpec Shell - Describe Block","

describe blocks are used to create simple checks. We will create a test that verifies a file's access permissions.

\n\n

\ndescribe file('/root') do\n it { should exist }\n its('mode') { should cmp '0750'}\nend\n

\n"],["Inspec Shell - Full Control","

Tests can be combined in controls, which offer more context. They are mainly used for policy/compliance testing:

\n\n

\ncontrol "id" do\n title "Check permissions on /root!"\n impact 0.5\n describe file('/root') do\n its('mode') { should cmp '0750'}\n end\nend\n

\n"]]