update readme

mitre · Jun 6, 2024 · ad2747d · ad2747d
1 parent 0a32f73
commit ad2747d
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -54,35 +54,44 @@ certificate_key_file: "/etc/ssl/mongodb.pem"
    cd mongo-hardening
    ```
 
-2. **Download the DoD Certificates PKI Bundle**
+2. **Create MongoDB Certificates**
 
-   Download the DoD Certificates PKI Bundle by following the instructions in the `README.md` under the `certificates` directory.
+   Follow the `README.md` under the `certificates` directory to download the DoD Certificates PKI Bundle and to create any other necessary certificates.
 
-3. **Create `inputs.yml`**
+3. **Update `main.yml` for the Ansible Playbook**
 
-   Execute the following command to create the inputs.yml file under `spec/mongo-inspec-profile` by copying `inputs_template.yml` and renaming it to `inputs.yml`:
+   Update the `main.yml` file located at `spec/ansible/roles/mongo-stig/defaults/main.yml` with your values.
+
+4. **Create and Update `inputs.yml` for Inspec**
+
+   Execute the following command to create the `inputs.yml` file under `spec/mongo-inspec-profile` by copying `inputs_template.yml` and renaming it to `inputs.yml`.
+   Update this file with your values.
 
    ```sh
    cp spec/mongo-inspec-profile/inputs_template.yml spec/mongo-inspec-profile/inputs.yml
    ```
 
-4. **Initialize Packer**
+5. **Update `inspec.yml` for InSpec**
+
+   Update the `inspec.yml` file located at `spec/mongo-inspec-profile/inspec.yml` with any your values.
+
+6. **Initialize Packer**
 
    Initialize Packer to install the required Ansible and Docker plugins:
 
    ```sh
    packer init .
    ```
 
-5. **Build the Hardened Image**
+7. **Build the Hardened Image**
 
    Execute the following command to build, test, and save the hardened Mongo image:
 
    ```sh
    packer build mongo-hardening.pkr.hcl
    ```
 
-6. **Run the Hardened Image**
+8. **Run the Hardened Image**
 
    Execute the following command to run the hardened Mongo image:
 

diff --git a/spec/ansible/roles/mongo-stig/defaults/main.yml b/spec/ansible/roles/mongo-stig/defaults/main.yml
@@ -4,7 +4,7 @@ enterprise_edition: true
 fips_mode: true
 mongostig_cat1: true
 mongostig_cat2: true
-# Enable if any data is PII, classified or is deemed by the organization the need to be encrypted at rest.
+# Enable 'encryption_at_rest' if any data is PII, classified or is deemed by the organization the need to be encrypted at rest.
 encryption_at_rest: false
 kmip_enabled: false
 
@@ -32,7 +32,7 @@ authentication_mechanism:
 
 mongod_config_path: /etc/mongod.conf
 
-# Set `audit_log_destination` to either "file" or "syslog"
+# Set 'audit_log_destination' to either "file" or "syslog"
 audit_log_destination: file
 mongo_audit_directory_path: /var/log/mongodb/audit/
 mongo_audit_file_path: /var/log/mongodb/audit/auditLog.bson