Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-14 17:07:09 +00:00
Code Issues Projects Releases Packages Wiki Activity
inspec/www/tutorial/tutorial.yml
Dominik Richter 6b07f3337a add demo yml contents 
Closes https://github.com/chef/inspec/issues/954
2016-09-06 13:30:06 +02:00

190 lines
6.2 KiB
YAML
Raw Blame History

# Demos
demos:
- demo: 0:intro
desc: |
Welcome to the interactive InSpec demo. You will learn how to use the commandline and shell and get an introduction to all aspects of the language.
To navigate this demo, type `next` to move forward and `prev` to move back.
- demo: 1:inspec-help
desc: |
InSpec is called via
```
inspec
```
Try it out!
You will see the help menu. You can also view it with
```
inspec help
```
- demo: 1:inspec-help-cmd
desc: |
This list of subcommands may be intimidating at first. It is easy to get help on any of these commands via `inspec help <COMMAND>`. Let's try it out for a few:
```
inspec help version
inspec help detect
inspec help exec
```
- demo: 1:inspec-version
desc: |
The easiest subcommand is `inspec version`. It tells you which version of InSpec is running.
- demo: 1:inspec-check
desc: |
The most frequent use of InSpec is to execute profiles. You can find the `example/profile` in the InSpec repository. Before executing it for the first time, let's verify if it is valid profile
```
inspec check example/profile
```
This command is not only used for syntax testing and linting, but can also provide information on valid profiles including its version and control overview.
- demo: 1:inspec-exec
desc: |
Let's try testing some profiles! To run the profile and test the local machine, type:
```
inspec exec example/profile
```
The result is shown in the report.
- demo: 1:inspec-exec-ssh
desc: |
InSpec can also test your remote machines! Let's assume there is node `host.node` registered with SSH configured for user `bob` with a keyfile in the current directory (`bob.rsa`). You can run the same profile against this node via:
```
inspec exec example/profile -t ssh://bob@host.node -i bob.rsa
```
- demo: 1:inspec-exec-ssh-long
desc: |
The wonderful `-t` option (or `--target`) is a shorthand for specifying all fields separately:
```
inspec exec example/profile -b ssh --host host.node --user bob -i bob.rsa
```
For more options try
```
inspec help exec
```
- demo: 1:inspec-exec-winrm
desc: |
We can also scan Windows machines. Let's assume `windows.node` is configured with WinRM access for user `alice` with a password `pass`. The command will now read:
```
inspec exec example/profile -t winrm://alice:pass@windows.node
```
- demo: 1:inspec-exec-winrm-ssl
desc: |
The previous example is not quite realistic. Most Windows nodes with WinRM are configured to use SSL. Let's assume the user also has a self-signed certificate. It would now read
```
inspec exec example/profile -t winrm://alice:pass@windows.node --ssl --self-signed
```
- demo: 1:inspec-exec-docker
desc: |
InSpec also supports scanning containers. Let's try it with Docker and pick a container
```
inspec exec example/profile -t docker://abcdef123
```
- demo: 1:inspec-detect
desc: |
InSpec is able to verify local and remote nodes before running tests. This is a utility command to check connections and get information on the target
```
inspec detect
inspec detect -t ssh://bob@host.node -i bob.rsa
```
- demo: 2:inspec-shell-c
desc: |
Let's explore the InSpec shell. It's an integrated utility to test and debug the InSpec language. Before we start it interactively, let's try the command execution mode. It runs code and resources and prints the result.
First, we start with the OS detection:
```
inspec shell -c 'os.params'
```
Another example is to test an existing resource:
```
inspec shell -c 'sshd_config.Protocol'
```
- demo: 2:inspec-shell-c-t
desc: |
These commands also work with remote targets
```
inspec shell -c 'sshd_config.Protocol' -t ssh://bob@host.node -i bob.rsa
inspec shell -c 'os.params' -t docker://abcdef123
```
- demo: 2:inspec-shell
desc: |
It's time to see the interactive shell! Type
```
inspec shell
```
You can still use `next` and `prev` to move between demos. Look at how the shell prompt looks different between the system shell and the inspec shell.
- demo: 2:inspec-shell-help
desc: |
The greeting of the InSpec shell suggests to run the help command:
```
help
```
You will not only see the help menu, but also a quick summary of the machine where this is running.
- demo: 2:inspec-shell-help-resources
desc: |
To get a list of all available resources, you can type:
```
help resources
```
- demo: 2:inspec-shell-help-resource
desc: |
To explore any of these resources, you can try:
```
help file
help command
help os
```
These 3 resources are the core trinity of all executions. All other resources reference them in some way. They lead of system interactions.
- demo: 2:inspec-shell-command
desc: |
To use any of these resources, you can call it and its arguments. Try these examples:
```
command('uname -a').stdout
file('/proc/cpuinfo').owner
sshd_config.params
```
- demo: 2:inspec-shell-describe
desc: |
`describe` blocks are used to create simple checks. We will create a test that verifies a file's access permissions.
```
describe file('/root') do
it { should exist }
its('mode') { should cmp '0750'}
end
```
- demo: 2:inspec-shell-control
desc: |
Tests can be combined in controls, which offer more context. They are mainly used for policy/compliance testing:
```
control "id" do
title "Check permissions on /root!"
impact 0.5
describe file('/root') do
its('mode') { should cmp '0750'}
end
end
```
parts:
- part: InSpec commandline
demos:
- 1:inspec-help
- 1:inspec-help-cmd
- 1:inspec-version
- 1:inspec-check
- 1:inspec-exec
- 1:inspec-exec-ssh
- 1:inspec-exec-ssh-long
- 1:inspec-exec-winrm
- 1:inspec-exec-winrm-ssl
- 1:inspec-exec-docker
- 1:inspec-detect
- part: InSpec shell
demos:
- 2:inspec-shell-c
- 2:inspec-shell-c-t
- 2:inspec-shell-help
- 2:inspec-shell-help-resources
- 2:inspec-shell-help-resource
- 2:inspec-shell-command
- 2:inspec-shell-describe
- 2:inspec-shell-control
# - part: Profiles
Reference in a new issue View git blame Copy permalink