-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathinspec.yml
157 lines (134 loc) · 4.25 KB
/
inspec.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
name: mongodb-enterprise-advanced-3-stig-baseline
title: mongodb-enterprise-advanced-3-stig-baseline
maintainer: The MITRE SAF Team
copyright: (c) 2020, The MITRE Corporation
copyright_email: saf@groups.mitre.org
license: Apache-2.0
summary: "Inspec Validation Profile for MongoDB Enterprise Advanced 3.x STIG"
version: 1.2.1
inspec_version: ">= 4.0"
inputs:
- name: mongod_conf
description: 'MongoDB configuration file'
type: string
value: '/etc/mongod.conf'
required: true
- name: mongo_data_dir
description: 'MongoDB Home Directory'
type: string
value: '/var/lib/mongo'
required: true
- name: mongod_pem
description: 'MongoDB Server PEM File'
type: string
value: '/etc/ssl/mongodb.pem'
required: true
- name: mongod_cafile
description: 'MongoDB CA File'
type: string
value: '/etc/ssl/mongodbca.pem'
required: true
- name: mongod_client_pem
description: 'MongoDB Client PEM File'
type: string
value: '/etc/ssl/client.pem'
required: true
- name: mongod_auditlog
description: 'MongoDB Audit Log File'
type: string
value: '/var/lib/mongo/auditLog.bson'
required: true
- name: saslauthd
description: 'MongoDB SASLAUTHD File'
type: string
value: '/etc/sysconfig/saslauthd'
required: true
- name: is_docker
description: 'MongoDB is Running in Docker Environment - True/False'
type: string
value: 'false'
required: true
- name: mongo_use_pki
description: 'MongoDB is Using PKI Authentication - True/False'
type: string
value: 'true'
required: true
- name: mongo_use_ldap
description: 'MongoDB is Using LDAP - True/False'
type: string
value: 'false'
required: true
- name: mongo_use_saslauthd
description: 'MongoDB is Using SASLAUTHD - True/False'
type: string
value: 'false'
required: true
- name: mongodb_redhat_packages
description: 'List of MongoDB Redhat Packages'
type: array
value: [
'mongodb-enterprise-3.6.20-1.el7',
'mongodb-enterprise-mongos-3.6.20-1.el7',
'mongodb-enterprise-server-3.6.20-1.el7',
'mongodb-enterprise-shell-3.6.20-1.el7',
'mongodb-enterprise-tools-3.6.20-1.el7'
]
required: true
- name: mongodb_debian_packages
description: 'List of MongoDB Debian Packages'
type: array
value: [
'mongodb-enterprise',
'mongodb-enterprise-mongos',
'mongodb-enterprise-server',
'mongodb-enterprise-shell',
'mongodb-enterprise-tools'
]
required: true
- name: user
description: 'User to log into the mongo database'
type: string
value: 'mongoadmin'
required: true
sensitive: true
- name: password
description: 'password to log into the mongo database'
type: string
value: 'mongoadmin'
required: true
sensitive: true
- name: admin_db_users
description: 'List of authorized users of the admn database'
type: array
value: ["mongodb_admin"]
required: true
sensitive: true
- name: config_db_users
description: 'List of authorized users of the admn database'
type: array
value: ["config_admin"]
required: true
sensitive: true
- name: myUserAdmin_allowed_role
description: 'List of authorized users of the admn database'
type: array
value: ['[ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }']
required: true
- name: mongoadmin_allowed_role
description: 'List of authorized users of the admn database'
type: array
value: ['[ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }']
required: true
- name: mongodb_admin_allowed_role
description: 'List of authorized users of the admn database'
type: array
value: ['[ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }']
required: true
- name: appAdmin_allowed_role
description: 'List of authorized users of the admn database'
type: array
value: ['[ { "role" : "readWrite", "db" : "config" }, { "role" : "clusterAdmin", "db" : "admin" } ] }']
- name: accountAdmin01_allowed_role
description: 'List of authorized users of the admn database'
type: array
value: ['[ { "role" : "clusterAdmin", "db" : "admin" }, { "role" : "readAnyDatabase", "db" : "admin" }, { "role" : "readWrite", "db" : "config" } ] }']