Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-12-19 01:23:50 +00:00
Code Issues Projects Releases Packages Wiki Activity
inspec/www/tutorial/instructions.json
Victoria Jeffrey 66e54b675f load content into demo and handle shell commands
2016-09-12 09:39:16 +02:00

1 line
No EOL
5.1 KiB
JSON
Raw Blame History

[["0:intro","Welcome to the interactive InSpec demo. You will learn how to use the command line and shell and get an introduction to all aspects of the language.\n\nTo navigate this demo, type `next` to move forward and `prev` to move back.\nUse `clear` to clear the terminal screen.\n"],["1:inspec-help","InSpec is called via\n```\ninspec\n```\nTry it out! You will see the help menu. You can also view it with:\n```\ninspec help\n```\n"],["1:inspec-help-cmd","This list of subcommands may be intimidating at first. It is easy to get help on any of these commands via `inspec help <COMMAND>`. Let's try it out for a few:\n\n```\ninspec help version\ninspec help detect\ninspec help exec\n```\n"],["1:inspec-version","The easiest subcommand is `inspec version`. It tells you which version of InSpec is running.\n"],["1:inspec-check","The most frequent use of InSpec is to execute profiles. You can find the `examples/profile` in the InSpec repository. Before executing it for the first time, let's verify if it is valid profile\n```\ninspec check examples/profile\n```\nThis command is not only used for syntax testing and linting, but can also provide information on valid profiles including its version and control overview.\n"],["1:inspec-exec","Let's try testing some profiles! To run the profile and test the local machine, type:\n```\ninspec exec examples/profile\n```\nThe result is shown in the report.\n"],["1:inspec-exec-ssh","InSpec can also test your remote machines! Let's assume there is node `host.node` registered with SSH configured for user `bob` with a keyfile in the current directory (`bob.rsa`). You can run the same profile against this node via:\n```\ninspec exec examples/profile -t ssh://bob@host.node -i bob.rsa\n```\n"],["1:inspec-exec-ssh-long","The wonderful `-t` option (or `--target`) is a shorthand for specifying all fields separately:\n```\ninspec exec examples/profile -b ssh --host host.node --user bob -i bob.rsa\n```\nFor more options try:\n```\ninspec help exec\n```\n"],["1:inspec-exec-winrm","We can also scan Windows machines. Let's assume `windows.node` is configured with WinRM access for user `alice` with a password `pass`. The command will now read:\n```\ninspec exec examples/profile -t winrm://alice:pass@windows.node\n```\n"],["1:inspec-exec-winrm-ssl","The previous example is not quite realistic. Most Windows nodes with WinRM are configured to use SSL. Let's assume the user also has a self-signed certificate. It would now read\n```\ninspec exec examples/profile -t winrm://alice:pass@windows.node --ssl --self-signed\n```\n"],["1:inspec-exec-docker","InSpec also supports scanning containers. Let's try it with Docker and pick a container\n```\ninspec exec examples/profile -t docker://abcdef123\n```\n"],["1:inspec-detect","InSpec is able to verify local and remote nodes before running tests. This is a utility command to check connections and get information on the target\n```\ninspec detect\ninspec detect -t ssh://bob@host.node -i bob.rsa\n```\n"],["2:inspec-shell-c","Let's explore the InSpec shell. It's an integrated utility to test and debug the InSpec language. Before we start it interactively, let's try the command execution mode. It runs code and resources and prints the result.\n\nFirst, we start with the OS detection:\n```\ninspec shell -c 'os.params'\n```\n\nAnother example is to test an existing resource:\n```\ninspec shell -c 'sshd_config.Protocol'\n```\n"],["2:inspec-shell-c-t","These commands also work with remote targets\n\n```\ninspec shell -c 'sshd_config.Protocol' -t ssh://bob@host.node -i bob.rsa\ninspec shell -c 'os.params' -t docker://abcdef123\n```\n"],["2:inspec-shell","It's time to see the interactive shell! Type\n```\ninspec shell\n```\nYou can still use `next` and `prev` to move between demos. Look at how the shell prompt looks different between the system shell and the inspec shell.\n"],["2:inspec-shell-help","The greeting of the InSpec shell suggests to run the help command:\n```\nhelp\n```\nYou will not only see the help menu, but also a quick summary of the machine where this is running.\n"],["2:inspec-shell-help-resources","To get a list of all available resources, you can type:\n```\nhelp resources\n```\n"],["2:inspec-shell-help-resource","To explore any of these resources, you can try:\n```\nhelp file\nhelp command\nhelp os\n```\nThese 3 resources are the core trinity of all executions. All other resources reference them in some way. They lead of system interactions.\n"],["2:inspec-shell-command","To use any of these resources, you can call it and its arguments. Try these examples:\n```\ncommand('uname -a').stdout\nfile('/proc/cpuinfo').owner\nsshd_config.params\n```\n"],["2:inspec-shell-describe","`describe` blocks are used to create simple checks. We will create a test that verifies a file's access permissions.\n```\ndescribe file('/root') do\n it { should exist }\n its('mode') { should cmp '0750'}\nend\n```\n"],["2:inspec-shell-control","Tests can be combined in controls, which offer more context. They are mainly used for policy/compliance testing:\n```\ncontrol \"id\" do\n title \"Check permissions on /root!\"\n impact 0.5\n describe file('/root') do\n its('mode') { should cmp '0750'}\n end\nend\n```\n"]]
Reference in a new issue View git blame Copy permalink