From ad2747d6073a521f522632d035916e1a36512097 Mon Sep 17 00:00:00 2001 From: seanlongcc Date: Thu, 6 Jun 2024 16:18:41 -0400 Subject: [PATCH] update readme --- README.md | 23 +++++++++++++------ .../roles/mongo-stig/defaults/main.yml | 4 ++-- 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 73694ef..8768b0c 100644 --- a/README.md +++ b/README.md @@ -54,19 +54,28 @@ certificate_key_file: "/etc/ssl/mongodb.pem" cd mongo-hardening ``` -2. **Download the DoD Certificates PKI Bundle** +2. **Create MongoDB Certificates** - Download the DoD Certificates PKI Bundle by following the instructions in the `README.md` under the `certificates` directory. + Follow the `README.md` under the `certificates` directory to download the DoD Certificates PKI Bundle and to create any other necessary certificates. -3. **Create `inputs.yml`** +3. **Update `main.yml` for the Ansible Playbook** - Execute the following command to create the inputs.yml file under `spec/mongo-inspec-profile` by copying `inputs_template.yml` and renaming it to `inputs.yml`: + Update the `main.yml` file located at `spec/ansible/roles/mongo-stig/defaults/main.yml` with your values. + +4. **Create and Update `inputs.yml` for Inspec** + + Execute the following command to create the `inputs.yml` file under `spec/mongo-inspec-profile` by copying `inputs_template.yml` and renaming it to `inputs.yml`. + Update this file with your values. ```sh cp spec/mongo-inspec-profile/inputs_template.yml spec/mongo-inspec-profile/inputs.yml ``` -4. **Initialize Packer** +5. **Update `inspec.yml` for InSpec** + + Update the `inspec.yml` file located at `spec/mongo-inspec-profile/inspec.yml` with any your values. + +6. **Initialize Packer** Initialize Packer to install the required Ansible and Docker plugins: @@ -74,7 +83,7 @@ certificate_key_file: "/etc/ssl/mongodb.pem" packer init . ``` -5. **Build the Hardened Image** +7. **Build the Hardened Image** Execute the following command to build, test, and save the hardened Mongo image: @@ -82,7 +91,7 @@ certificate_key_file: "/etc/ssl/mongodb.pem" packer build mongo-hardening.pkr.hcl ``` -6. **Run the Hardened Image** +8. **Run the Hardened Image** Execute the following command to run the hardened Mongo image: diff --git a/spec/ansible/roles/mongo-stig/defaults/main.yml b/spec/ansible/roles/mongo-stig/defaults/main.yml index e1b2623..b39653c 100644 --- a/spec/ansible/roles/mongo-stig/defaults/main.yml +++ b/spec/ansible/roles/mongo-stig/defaults/main.yml @@ -4,7 +4,7 @@ enterprise_edition: true fips_mode: true mongostig_cat1: true mongostig_cat2: true -# Enable if any data is PII, classified or is deemed by the organization the need to be encrypted at rest. +# Enable 'encryption_at_rest' if any data is PII, classified or is deemed by the organization the need to be encrypted at rest. encryption_at_rest: false kmip_enabled: false @@ -32,7 +32,7 @@ authentication_mechanism: mongod_config_path: /etc/mongod.conf -# Set `audit_log_destination` to either "file" or "syslog" +# Set 'audit_log_destination' to either "file" or "syslog" audit_log_destination: file mongo_audit_directory_path: /var/log/mongodb/audit/ mongo_audit_file_path: /var/log/mongodb/audit/auditLog.bson