Skip to content

Commit

Permalink
bring this branch up to date with main and resolve conflict in course…
Browse files Browse the repository at this point in the history
…s/beginner/11.md

Signed-off-by: Emily Rodriguez <[email protected]>
  • Loading branch information
em-c-rod committed Dec 11, 2024
2 parents b0377c9 + 2975f5c commit 96c85ea
Show file tree
Hide file tree
Showing 33 changed files with 653 additions and 859 deletions.
Binary file modified src/assets/img/Download_STIG.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified src/assets/img/Download_STIG_Viewer.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
4 changes: 4 additions & 0 deletions src/assets/img/NIST_requirements_to_STIG.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file removed src/assets/img/STIGSources.png
Binary file not shown.
Binary file removed src/assets/img/saf-lifecycle.png
Binary file not shown.
Binary file added src/assets/img/the_stig_file.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
40 changes: 23 additions & 17 deletions src/courses/advanced/03.md
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ In the beginner class, we worked with a simple requirements set to implement in
* be owned by the `root` user and group.
* not be readable, writeable, or executable by others.
5. The NGINX shell access should be restricted to admin users.
6. NGINX admins should have documentation on security procedures.
```

:::
Expand All @@ -58,13 +59,16 @@ InSpec profiles consist of automated tests, that align to security requirements,

::: details Review

If you don't have the `my_nginx` profile, run the following command to initialize your InSpec profile.
Recall that we created a `my_nginx` InSpec profile in the [Beginner Security Automation](../beginner/README.md) class

```
inspec init profile my_nginx
```
If you don't have the `my_nginx` profile for any reason, or if you have tinkered with it too much to use it easily, you can use the `my_nginx_answer_key` profile instead.

Our profile has several components:

Append the `inputs` sections in your profile at `my_nginx/inspec.yml`
- an `inspec.yml` file
- a `controls` directory

You should have an `inputs` section in your profile at `my_nginx/inspec.yml`

```yaml
name: my_nginx
Expand Down Expand Up @@ -96,15 +100,15 @@ inputs:
- admin
```
Create an inputs file in your profile at `inputs-linux.yml`
You should have an inputs file in your profile at `inputs-linux.yml`

```yaml
admin_users:
- admin
- root
```

Paste the following controls in your profile at `my_nginx/controls/example.rb`
You should have the following controls in your profile at `my_nginx/controls/example.rb`

```ruby
control 'nginx-version' do
Expand Down Expand Up @@ -168,23 +172,23 @@ end

### Running the Controls

To run `inspec exec` on the target, ensure that you are in the directory that has `my_nginx` profile.

::: code-tabs

@tab command

```sh
inspec exec my_nginx -t docker://nginx --input-file inputs-linux.yml
inspec exec my_nginx -t docker://nginx --input-file my_nginx/inputs.yml --enhanced-outcomes
```

@tab output

```sh
Profile: InSpec Profile (my_nginx)
Version: 0.1.0
Target: docker://DOCKER_CONTAINER_ID
Target ID: TARGET_ID
Redirecting to cinc-auditor...
Profile: InSpec Profile (my_nginx_answer_key)
Version: 0.1.0
Target: docker://DOCKER_CONTAINER_ID
Target ID: TARGET_ID
✔ nginx-version: NGINX version
✔ Nginx Environment version is expected to cmp >= "1.27.0"
Expand All @@ -203,10 +207,12 @@ inspec exec my_nginx -t docker://nginx --input-file inputs-linux.yml
✔ File /etc/nginx/nginx.conf is expected not to be executable by others
✔ nginx-shell-access: NGINX shell access
✔ Shell access for non-admin users should be removed.
N/R nginx-interview: NGINX interview
↺ This control must be manually reviewed.
Profile Summary: 4 successful controls, 1 control failure, 0 controls skipped
Test Summary: 10 successful, 1 failure, 0 skipped
Profile Summary: 4 successful controls, 1 control failure, 1 control not reviewed, 0 controls not applicable, 0 controls have error
Test Summary: 10 successful, 1 failure, 1 skipped
```

:::
Expand All @@ -216,7 +222,7 @@ Test Summary: 10 successful, 1 failure, 0 skipped
In the [beginner class](../beginner/08.md), we mentioned that you can specify an InSpec reporter to indicate the format in which you desire the results. If you want to read the results on the command line as well as save them in a JSON file, you can run this command.

```sh
inspec exec my_nginx -t docker://nginx --input-file inputs-linux.yml --reporter cli json:my_nginx_results.json --enhanced-outcomes
inspec exec my_nginx -t docker://nginx --input-file my_nginx/inputs.yml --reporter cli json:results/my_nginx_results.json --enhanced-outcomes
```

### Visualizing Results
Expand Down
4 changes: 4 additions & 0 deletions src/courses/advanced/05.md
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,8 @@ inspec exec git
@tab Output

```bash
Redirecting to cinc-auditor...

Profile: InSpec Profile (git)
Version: 0.1.0
Target: local://
Expand Down Expand Up @@ -145,6 +147,8 @@ inspec exec git
@tab Output

```bash
Redirecting to cinc-auditor...

[2023-02-22T03:21:41+00:00] ERROR: Failed to load profile git: Failed to load source for controls/example.rb: undefined method `git' for #<Inspec::ControlEvalContext:0x000000000540af38>
Profile: InSpec Profile (git)
Expand Down
Loading

0 comments on commit 96c85ea

Please sign in to comment.