Merge branch 'delta-addons' of https://github.com/mitre/saf-training …

…into delta-addons
mitre · Dec 11, 2024 · f464b26 · f464b26
2 parents c68827c + 96c85ea
commit f464b26
Show file tree

Hide file tree

Showing 33 changed files with 653 additions and 859 deletions.
diff --git a/src/assets/img/Download_STIG.png b/src/assets/img/Download_STIG.png
diff --git a/src/assets/img/Download_STIG_Viewer.png b/src/assets/img/Download_STIG_Viewer.png
diff --git a/src/assets/img/NIST_requirements_to_STIG.svg b/src/assets/img/NIST_requirements_to_STIG.svg
diff --git a/src/assets/img/STIGSources.png b/src/assets/img/STIGSources.png
diff --git a/src/assets/img/saf-lifecycle.png b/src/assets/img/saf-lifecycle.png
diff --git a/src/assets/img/the_stig_file.png b/src/assets/img/the_stig_file.png
diff --git a/src/courses/advanced/03.md b/src/courses/advanced/03.md
@@ -48,6 +48,7 @@ In the beginner class, we worked with a simple requirements set to implement in
    * be owned by the `root` user and group.
    * not be readable, writeable, or executable by others.
 5. The NGINX shell access should be restricted to admin users.
+6. NGINX admins should have documentation on security procedures.
 ```
 
 :::
@@ -58,13 +59,16 @@ InSpec profiles consist of automated tests, that align to security requirements,
 
 ::: details Review
 
-If you don't have the `my_nginx` profile, run the following command to initialize your InSpec profile.
+Recall that we created a `my_nginx` InSpec profile in the [Beginner Security Automation](../beginner/README.md) class
 
-```
-inspec init profile my_nginx
-```
+If you don't have the `my_nginx` profile for any reason, or if you have tinkered with it too much to use it easily, you can use the `my_nginx_answer_key` profile instead.
+
+Our profile has several components:
 
-Append the `inputs` sections in your profile at `my_nginx/inspec.yml`
+- an `inspec.yml` file
+- a `controls` directory
+
+You should have an `inputs` section in your profile at `my_nginx/inspec.yml`
 
 ```yaml
 name: my_nginx
@@ -96,15 +100,15 @@ inputs:
       - admin
 ```
 
-Create an inputs file in your profile at `inputs-linux.yml`
+You should have an inputs file in your profile at `inputs-linux.yml`
 
 ```yaml
 admin_users:
   - admin
   - root
 ```
 
-Paste the following controls in your profile at `my_nginx/controls/example.rb`
+You should have the following controls in your profile at `my_nginx/controls/example.rb`
 
 ```ruby
 control 'nginx-version' do
@@ -168,23 +172,23 @@ end
 
 ### Running the Controls
 
-To run `inspec exec` on the target, ensure that you are in the directory that has `my_nginx` profile.
-
 ::: code-tabs
 
 @tab command
 
 ```sh
-inspec exec my_nginx -t docker://nginx --input-file inputs-linux.yml 
+inspec exec my_nginx -t docker://nginx --input-file my_nginx/inputs.yml --enhanced-outcomes
 ```
 
 @tab output
 
 ```sh
-  Profile: InSpec Profile (my_nginx)
-  Version: 0.1.0
-  Target:  docker://DOCKER_CONTAINER_ID
-  Target ID: TARGET_ID
+Redirecting to cinc-auditor...
+
+Profile:   InSpec Profile (my_nginx_answer_key)
+Version:   0.1.0
+Target:    docker://DOCKER_CONTAINER_ID
+Target ID: TARGET_ID
 
   ✔  nginx-version: NGINX version
      ✔  Nginx Environment version is expected to cmp >= "1.27.0"
@@ -203,10 +207,12 @@ inspec exec my_nginx -t docker://nginx --input-file inputs-linux.yml
      ✔  File /etc/nginx/nginx.conf is expected not to be executable by others
   ✔  nginx-shell-access: NGINX shell access
      ✔  Shell access for non-admin users should be removed.
+  N/R  nginx-interview: NGINX interview
+     ↺  This control must be manually reviewed.
 
 
-Profile Summary: 4 successful controls, 1 control failure, 0 controls skipped
-Test Summary: 10 successful, 1 failure, 0 skipped
+Profile Summary: 4 successful controls, 1 control failure, 1 control not reviewed, 0 controls not applicable, 0 controls have error
+Test Summary: 10 successful, 1 failure, 1 skipped
 ```
 
 :::
@@ -216,7 +222,7 @@ Test Summary: 10 successful, 1 failure, 0 skipped
 In the [beginner class](../beginner/08.md), we mentioned that you can specify an InSpec reporter to indicate the format in which you desire the results. If you want to read the results on the command line as well as save them in a JSON file, you can run this command.
 
 ```sh
-inspec exec my_nginx -t docker://nginx --input-file inputs-linux.yml --reporter cli json:my_nginx_results.json --enhanced-outcomes
+inspec exec my_nginx -t docker://nginx --input-file my_nginx/inputs.yml --reporter cli json:results/my_nginx_results.json --enhanced-outcomes
 ```
 
 ### Visualizing Results

diff --git a/src/courses/advanced/05.md b/src/courses/advanced/05.md
@@ -89,6 +89,8 @@ inspec exec git
 @tab Output
 
 ```bash
+Redirecting to cinc-auditor...
+
 Profile:   InSpec Profile (git)
 Version:   0.1.0
 Target:    local://
@@ -145,6 +147,8 @@ inspec exec git
 @tab Output
 
 ```bash
+Redirecting to cinc-auditor...
+
 [2023-02-22T03:21:41+00:00] ERROR: Failed to load profile git: Failed to load source for controls/example.rb: undefined method `git' for #<Inspec::ControlEvalContext:0x000000000540af38>
 
 Profile:         InSpec Profile (git)