Merge remote-tracking branch 'origin/main' into post-dec24-updates

package.json

@@ -18,7 +18,7 @@
     "@vuepress/bundler-vite": "2.0.0-rc.18",
     "@vuepress/plugin-markdown-image": "2.0.0-rc.61",
     "@vuepress/plugin-markdown-tab": "2.0.0-rc.61",
-    "cypress": "^13.16.0",
+    "cypress": "^13.16.1",
     "cypress-each": "^1.14.0",
     "flowchart.ts": "^3.0.1",
     "mermaid": "^11.4.1",

src/courses/advanced/02.md

@@ -4,27 +4,30 @@ next: 03.md
 title: 2. Review the Fundamentals
 author: Aaron Lippold
 ---
+
 ## InSpec Content Review
 
-In the [beginner class](../beginner/README.md), we explained the structure and output of InSpec Profiles. Let's review some content, then practice by revisiting, running, and viewing results of an InSpec profile.
+In the [beginner class](../beginner/README.md), we explained the structure of InSpec profiles and controls, how to run them, and how to understand their results.  Let's do a brief review of that fundamental content and then practice those basic skills again.
 
 ### InSpec Profile Structure
-Remember that a `profile` is a set of automated tests that usually relates directly back to a Security Requirements Benchmark.
+Remember that a `profile` is a set of automated tests that usually relates directly back to some upstream security guidance document.
 
 Profiles have two (2) **required** elements:
-- An `inspec.yml` file 
+
+- An `inspec.yml` file
 - A `controls` directory
 
-and **optional** elements such as: 
-- A `libraries` directory 
+and **optional** elements such as:
+
+- A `libraries` directory
 - A `files` directory
-- An `inputs.yml` file 
+- An `inputs.yml` file
 - A `README.md` file
 
 InSpec can create the profile structure for you using the following command:
 
 ```sh
-$ inspec init profile my_inspec_profile
+inspec init profile my_inspec_profile
 ```
 
 This will give you the required files along with some optional files.
@@ -43,7 +46,7 @@ $ tree my_inspec_profile
 
 #### Control File Structure
 
-Let's take a look at the default ruby file in the `controls` directory.
+Let's take a look at the default Ruby file in the `controls` directory.
 
 ::: code-tabs
 @tab controls/example.rb
@@ -66,6 +69,7 @@ control 'tmp-1.0' do                        # A unique ID for this control
   end
 end
 ```
+
 :::
 
 This example shows two tests. Both tests check for the existence of the `/tmp` directory. The second test provides additional information about the test. Let's break down each component.
@@ -90,10 +94,10 @@ end
 ::: tabs
 
 @tab Resources
-InSpec uses resources like the `file` resource to aid in control development. These resources can often be used as the `< entity >` in the describe block. Find a list of resources in the [InSpec documentation ](https://docs.chef.io/inspec/resources/)
+InSpec uses resources like the `file` resource to aid in control development. These resources can often be used as the `< entity >` in the describe block. Find a list of resources in the [InSpec documentation](https://docs.chef.io/inspec/resources/)
 
 @tab Matchers
-InSpec uses matchers like the `cmp` or `eq` to aid in control development. These matchers can often be used as the `< expectation >` in the describe block where the expectation is checking a requirement of that entity. Find a list of matchers in the [InSpec documentation ](https://docs.chef.io/inspec/matchers/)
+InSpec uses matchers like the `cmp` or `eq` to aid in control development. These matchers can often be used as the `< expectation >` in the describe block where the expectation is checking a requirement of that entity. Find a list of matchers in the [InSpec documentation](https://docs.chef.io/inspec/matchers/)
 
 :::
 
@@ -132,6 +136,7 @@ inputs:
     type: < data type of the input (String, Array, Numeric, Hash) >
     value: < default value for the input >
 ```
+
 :::
 
 This example shows default metadata of the InSpec profile along with the optional sections. Find more information about [inputs](../beginner/06.md) and [overlays](../beginner/10.md) in the beginner class.
@@ -172,4 +177,4 @@ superusers:
   - 'kali'
 ```
 
-:::
+:::

src/courses/advanced/03.md

@@ -6,13 +6,14 @@ author: Aaron Lippold
 headerDepth: 3
 ---
 ## Revisiting the NGINX Web Server InSpec Profile
+
 In the [beginner class](../beginner/05.md), we wrote and ran an InSpec profile against a test container. We then generated a report on our results and loaded them into Heimdall for analysis. Let's recap this process with some practice.
 
 ### The Target
 
-InSpec is a framework which is used to validate the security configuration of a certain target. In this case, we are interested in validating that an NGINX server complies with our requirements.
+InSpec is a framework used to validate the security configuration of a target. In this case, we are interested in validating that an NGINX server complies with our requirements.
 
-First let's find our nginx container id using the `docker ps` command:
+First, let's find our NGINX container ID using the `docker ps` command:
 
 ```shell
 docker ps
@@ -26,13 +27,17 @@ CONTAINER ID   IMAGE         COMMAND      CREATED      STATUS     PORTS   NAMES
 8ba6b8av5n7s   nginx:latest  "/docker.…"  2 weeks ago  Up 1 hour  80/tcp  nginx
 ```
 
-We can then use the container name of our nginx container `nginx` to target the inspec validation scans at that container.
+We can then use the name of our NGINX container, `nginx`, to target the InSpec validation scans at that container.
+
 ### The Requirements
 
-InSpec profiles are a set of automated tests that relate back to a security requirements benchmark, so the controls are always motivated by the requirements.
+InSpec profiles are a set of automated tests that relate back to a security guidance document, so the controls are always motivated by the requirements.
 
 ::: details Review
 
+In the beginner class, we worked with a simple requirements set to implement in InSpec.
+
+```sh
 1. NGINX should be installed as version 1.27.0 or later.
 2. The following NGINX modules should be installed:
    * `http_ssl`
@@ -43,16 +48,18 @@ InSpec profiles are a set of automated tests that relate back to a security requ
    * be owned by the `root` user and group.
    * not be readable, writeable, or executable by others.
 5. The NGINX shell access should be restricted to admin users.
+```
 
 :::
 
 ### The Controls
 
-InSpec profiles consist of automated tests, that align to security requirements, written in ruby files inside the controls directory.
+InSpec profiles consist of automated tests, that align to security requirements, written in Ruby files inside the controls directory.
 
 ::: details Review
 
-If you don't have `my_nginx` profile, run the following command to initialize your InSpec profile.
+If you don't have the `my_nginx` profile, run the following command to initialize your InSpec profile.
+
 ```
 inspec init profile my_nginx
 ```
@@ -158,6 +165,7 @@ end
 ```
 
 :::
+
 ### Running the Controls
 
 To run `inspec exec` on the target, ensure that you are in the directory that has `my_nginx` profile.
@@ -169,8 +177,9 @@ To run `inspec exec` on the target, ensure that you are in the directory that ha
 ```sh
 inspec exec my_nginx -t docker://nginx --input-file inputs-linux.yml 
 ```
- 
+
 @tab output
+
 ```sh
   Profile: InSpec Profile (my_nginx)
   Version: 0.1.0
@@ -199,14 +208,19 @@ inspec exec my_nginx -t docker://nginx --input-file inputs-linux.yml
 Profile Summary: 4 successful controls, 1 control failure, 0 controls skipped
 Test Summary: 10 successful, 1 failure, 0 skipped
 ```
+
 :::
+
 ### Reporting Results
+
 In the [beginner class](../beginner/08.md), we mentioned that you can specify an InSpec reporter to indicate the format in which you desire the results. If you want to read the results on the command line as well as save them in a JSON file, you can run this command.
+
 ```sh
-inspec exec my_nginx -t docker://nginx --input-file inputs-linux.yml --reporter cli json:my_nginx_results.json
+inspec exec my_nginx -t docker://nginx --input-file inputs-linux.yml --reporter cli json:my_nginx_results.json --enhanced-outcomes
 ```
 
 ### Visualizing Results
-You can use this output file to upload and visualize your results in [Heimdall ](https://heimdall-lite.mitre.org/).
+
+You can use this output file to upload and visualize your results in [Heimdall](https://heimdall-lite.mitre.org/).
 
 ![NGINX Heimdall Report View](../../assets/img/NGINX_Heimdall_Report_View.png)