Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Adding initial auto-generated controls * Update inspec.yml - Fixed formatting on file * Updated all controls to have "check" as secondary description instead of as a tag * Added tests for some controls * Added tests for a few more controls. Added a vagrant box to test this profile against. Updated readme with instructions to test/run this inspec profile against. * update git ignore to add vagrant specific items * update V-80969 to check for audit.rules string match * update V-80965 to check for remote_server offloading of audit logs (IPv4 only) * updated V-80965 to disregard check for IP address only * Updated all fix tags to description. Added a few controls related to aide package and it's configuration. * update V-75901 thru V-75909 * template repo docs-mitre-inspec * Added additional control tests * update gitignore to NOT account for .vscode folder * started work on kitchen and travis support (#1) * started work on kitchen and travis support Signed-off-by: Aaron Lippold <lippold@gmail.com> * added bundle install Signed-off-by: Aaron Lippold <lippold@gmail.com> * fixing bundler Signed-off-by: Aaron Lippold <lippold@gmail.com> * added a specific rvm version Signed-off-by: Aaron Lippold <lippold@gmail.com> * Removed Gemfile.lock Signed-off-by: Aaron Lippold <lippold@gmail.com> * bundle issues Signed-off-by: Aaron Lippold <lippold@gmail.com> * bundler issues Signed-off-by: Aaron Lippold <lippold@gmail.com> * further fixing of bundler Signed-off-by: Aaron Lippold <lippold@gmail.com> * bundler fix 3 Signed-off-by: Aaron Lippold <lippold@gmail.com> * kitchen didn't seem to run Signed-off-by: Aaron Lippold <lippold@gmail.com> * added inspec_tools Signed-off-by: Aaron Lippold <lippold@gmail.com> * hacking the build Signed-off-by: Aaron Lippold <lippold@gmail.com> * adding inspec_tools step to build process Signed-off-by: Aaron Lippold <lippold@gmail.com> * fixing inspec_tools Signed-off-by: Aaron Lippold <lippold@gmail.com> * updated min compliance to 1% Signed-off-by: Aaron Lippold <lippold@gmail.com> * updated to ignore kitchen error code Signed-off-by: Aaron Lippold <lippold@gmail.com> * develop 9 additional controls in 755** series * fixed small error in control (#4) * fixed small error in control Signed-off-by: Aaron Lippold <lippold@gmail.com> * Removed Gemfile.lock from the repo Added branch selection so that we didn't run the build multiple times Signed-off-by: Aaron Lippold <lippold@gmail.com> * Update README.md * Update README.md * update controls, kitchen files and gitignore * add .kitchen.vagrant.yml changes * change symlink for kitchen.yml; 11 new controls * remove Gemfile.lock * update controls and kitchen files, add attributes * 13 new and modified controls (#7) * update controls, kitchen files and gitignore * add .kitchen.vagrant.yml changes * change symlink for kitchen.yml; 11 new controls * remove Gemfile.lock * update controls and kitchen files, add attributes * attribute to input in all controls; move attributes to inspec.yml change attribute to input in all controls move attributes to inputs.yml (needs further refinement to address issue #10) remove attributes.yml update kitchen.yml files to use inspec.yml for attrs * develop new controls and update some old controls * remove results.json, develop new controls * developed 13 new controls * fix auditd controls * develop two new audit controls * new controls; updates to inspec and kitchen ymls * adding new control implementations * specify input_files tag to test travis build * edit input_files; test travis build * use chef-workstation, inputs tag, add inputs.yml * test travis by updating inspec-bin * verbose logging debug Signed-off-by: Aaron Lippold <lippold@gmail.com> * debug Signed-off-by: Aaron Lippold <lippold@gmail.com> * add debug to test travis * remove control to test travis * move inputs inside controls * move inputs inside control * move inputs inside control * remove kitchen debug from travis.yml * update travis links in README * chef gem update inspec and inspec-bin in travis * test travis by moving input out of control block * 'chef gem update inspec' to 'gem update inspec' * accept chef license before running chef commands * accept chef license inline * update inspec using embedded gem binary * debug kitchen verify * developed 4 more controls * develop 22 new controls * Update README.md * some minor fixes some minor fixes * update controls based on review for PR #11 * Some cleanup of workinprogress notice * completing 80961 * 3 additional controls developed * debug travis * disable V-78005 to test travis * fix dokken nil to string and other minor issues * fix 80963 log_file check * remove extra lines * hard code audit conf & dir paths until inspec fix * remove only_if from audit controls * adding apt-get chef workstation to before_script * use wget and dpkg instead of apt * remove debug * Update README.md * 80957 and 75437 updated with temporary measures * update controls to account for skips and N/As * update controls to use native InSpec reosurces * use InSpec resources instead of command * minor fixes * update gnome checks * update 2 controls * parameterize some controls * Adding Review.md to repo * initial review checks performed * updating review * Added more issues from review * Updating review * removed completion date from checks with open issues * Adding last check for review * Add additional inputs (#15) * minor edits to account for organization name * add emergency_accounts input * add TRAVIS_BUILD_ID to kitchen.*.yml * add required inputs * bug fix for if, else * fix for issue #19 * fixes issue #21 * fixes some issues from rubocop listed in issue #18 * move impact above describe * more fixes for issue #19 * fixes for issue #23 * minor fixes * fixes/edits for issue #23 * update completion of InSpec syntax checker * Amol's issuefixes (#24) * Fixing the status of issues to match current reality in Review.md Signed-off-by: Amol Shah <amolshah@gmail.com> * Initial fixes for issue #20 Signed-off-by: Amol Shah <amolshah@gmail.com> * Initial fixes for issue #20 Signed-off-by: Amol Shah <amolshah@gmail.com> * Initial fixes for issue #20 Signed-off-by: Amol Shah <amolshah@gmail.com> * Fixes for issue #18 Signed-off-by: Amol Shah <amolshah@gmail.com> * Fixes for issue #18 Signed-off-by: Amol Shah <amolshah@gmail.com> * Fixes for issue #13 and #13 Signed-off-by: Amol Shah <amolshah@gmail.com> * Fixes for issue #16 Signed-off-by: Amol Shah <amolshah@gmail.com> * Fixing a profile error and recreated sample data Signed-off-by: Amol Shah <amolshah@gmail.com> * remove sudo from control checks * Peer review complete Recommend merging development branch into master and removing WIP label * Update README.md * added getting started preamble ## Getting Started It is intended and recommended that InSpec run this profile from a __"runner"__ host (such as a DevOps orchestration server, an administrative management system, or a developer's workstation/laptop) against the target remotely over __winrm__. __For the best security of the runner, always install on the runner the _latest version_ of InSpec and supporting Ruby language components.__ Latest versions and installation options are available at the [InSpec](http://inspec.io/) site. * updated STIG reference An InSpec profile of the DISA Canonical Ubuntu 16.04 LTS STIG baseline to: InSpec profile to validate the secure configuration of Canonical Ubuntu 16.04 LTS against DISA's Canonical Ubuntu 16.04 LTS Security Technical Implementation Guide (STIG) Version 1 Release 1.
- Loading branch information
1 parent
5440036
commit 6f8c092