inspec 0.35.0 → 1.0.0.beta2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +83 -2
- data/Gemfile +6 -0
- data/Rakefile +3 -55
- data/docs/README.md +20 -0
- data/docs/cli.rst +6 -0
- data/docs/dsl_inspec.md +245 -0
- data/docs/dsl_resource.md +93 -0
- data/docs/inspec_and_friends.md +102 -0
- data/docs/matchers.md +136 -0
- data/docs/plugin_kitchen_inspec.html.md +55 -0
- data/docs/profiles.md +271 -0
- data/docs/resources.rst +1 -1
- data/docs/shell.md +150 -0
- data/inspec.gemspec +1 -1
- data/lib/bundles/inspec-compliance/api.rb +28 -18
- data/lib/bundles/inspec-compliance/cli.rb +19 -27
- data/lib/fetchers/git.rb +4 -0
- data/lib/fetchers/local.rb +16 -1
- data/lib/fetchers/mock.rb +4 -0
- data/lib/fetchers/url.rb +40 -12
- data/lib/inspec/base_cli.rb +4 -0
- data/lib/inspec/cli.rb +6 -8
- data/lib/inspec/control_eval_context.rb +8 -0
- data/lib/inspec/dependencies/{vendor_index.rb → cache.rb} +5 -4
- data/lib/inspec/dependencies/dependency_set.rb +8 -14
- data/lib/inspec/dependencies/requirement.rb +10 -20
- data/lib/inspec/dependencies/resolver.rb +2 -2
- data/lib/inspec/dsl.rb +9 -0
- data/lib/inspec/fetcher.rb +1 -1
- data/lib/inspec/objects/test.rb +8 -2
- data/lib/inspec/plugins/fetcher.rb +11 -12
- data/lib/inspec/plugins/resource.rb +3 -0
- data/lib/inspec/profile.rb +60 -14
- data/lib/inspec/profile_context.rb +28 -7
- data/lib/inspec/resource.rb +17 -2
- data/lib/inspec/rspec_json_formatter.rb +80 -35
- data/lib/inspec/runner.rb +42 -18
- data/lib/inspec/shell.rb +5 -16
- data/lib/inspec/version.rb +1 -1
- data/lib/resources/apache_conf.rb +1 -1
- data/lib/resources/gem.rb +1 -0
- data/lib/resources/oneget.rb +1 -0
- data/lib/resources/os.rb +1 -1
- data/lib/resources/package.rb +3 -1
- data/lib/resources/pip.rb +1 -1
- data/lib/resources/ssl.rb +9 -11
- metadata +15 -15
- data/docs/dsl_inspec.rst +0 -259
- data/docs/dsl_resource.rst +0 -90
- data/docs/inspec_and_friends.rst +0 -85
- data/docs/matchers.rst +0 -137
- data/docs/profiles.rst +0 -169
- data/docs/readme.rst +0 -105
- data/docs/shell.rst +0 -130
- data/docs/template.rst +0 -51
data/lib/inspec/shell.rb
CHANGED
@@ -15,18 +15,13 @@ module Inspec
|
|
15
15
|
end
|
16
16
|
|
17
17
|
def start
|
18
|
-
# Create an in-memory empty runner so that we can add tests to it later.
|
19
|
-
# This context lasts for the duration of this "start" method call/pry
|
20
|
-
# session.
|
21
|
-
@ctx = @runner.create_context
|
22
|
-
configure_pry
|
23
|
-
|
24
18
|
# This will hold a single evaluation binding context as opened within
|
25
19
|
# the instance_eval context of the anonymous class that the profile
|
26
20
|
# context creates to evaluate each individual test file. We want to
|
27
21
|
# pretend like we are constantly appending to the same file and want
|
28
22
|
# to capture the local variable context from inside said class.
|
29
|
-
@ctx_binding = @
|
23
|
+
@ctx_binding = @runner.eval_with_virtual_profile('binding')
|
24
|
+
configure_pry
|
30
25
|
@ctx_binding.pry
|
31
26
|
end
|
32
27
|
|
@@ -51,26 +46,20 @@ module Inspec
|
|
51
46
|
|
52
47
|
# Track the rules currently registered and what their merge count is.
|
53
48
|
Pry.hooks.add_hook(:before_eval, 'inspec_before_eval') do
|
54
|
-
@current_eval_rules = @ctx.rules.each_with_object({}) do |(rule_id, rule), h|
|
55
|
-
h[rule_id] = Inspec::Rule.merge_count(rule)
|
56
|
-
end
|
57
49
|
@runner.reset
|
58
50
|
end
|
59
51
|
|
60
52
|
# After pry has evaluated a commanding within the binding context of a
|
61
53
|
# test file, register all the rules it discovered.
|
62
54
|
Pry.hooks.add_hook(:after_eval, 'inspec_after_eval') do
|
63
|
-
@
|
64
|
-
|
65
|
-
@current_eval_rules[rule_id] != Inspec::Rule.merge_count(rule)
|
66
|
-
end
|
67
|
-
@runner.run if @current_eval_new_tests
|
55
|
+
@runner.load
|
56
|
+
@runner.run_tests if !@runner.all_rules.empty?
|
68
57
|
end
|
69
58
|
|
70
59
|
# Don't print out control class inspection when the user uses DSL methods.
|
71
60
|
# Instead produce a result of evaluating their control.
|
72
61
|
Pry.config.print = proc do |_output_, value, pry|
|
73
|
-
next if
|
62
|
+
next if !@runner.all_rules.empty?
|
74
63
|
pry.pager.open do |pager|
|
75
64
|
pager.print pry.config.output_prefix
|
76
65
|
Pry::ColorPrinter.pp(value, pager, Pry::Terminal.width! - 1)
|
data/lib/inspec/version.rb
CHANGED
@@ -105,7 +105,7 @@ module Inspec::Resources
|
|
105
105
|
|
106
106
|
includes = []
|
107
107
|
(include_files + include_files_optional).each do |f|
|
108
|
-
id
|
108
|
+
id = Pathname.new(f).absolute? ? f : File.join(@conf_dir, f)
|
109
109
|
files = find_files(id, depth: 1, type: 'file')
|
110
110
|
|
111
111
|
includes.push(files) if files
|
data/lib/resources/gem.rb
CHANGED
data/lib/resources/oneget.rb
CHANGED
data/lib/resources/os.rb
CHANGED
data/lib/resources/package.rb
CHANGED
@@ -91,9 +91,11 @@ module Inspec::Resources
|
|
91
91
|
assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
|
92
92
|
multiple_values: false,
|
93
93
|
).params
|
94
|
+
# If the package is removed and not purged, Status is "deinstall ok config-files" with exit_status 0
|
95
|
+
# If the package is purged cmd fails with non-zero exit status
|
94
96
|
{
|
95
97
|
name: params['Package'],
|
96
|
-
installed:
|
98
|
+
installed: params['Status'].split(' ').first == 'install',
|
97
99
|
version: params['Version'],
|
98
100
|
type: 'deb',
|
99
101
|
}
|
data/lib/resources/pip.rb
CHANGED
data/lib/resources/ssl.rb
CHANGED
@@ -44,18 +44,16 @@ class SSL < Inspec.resource(1)
|
|
44
44
|
attr_reader :host, :port
|
45
45
|
|
46
46
|
def initialize(opts = {})
|
47
|
-
@host = opts[:host]
|
48
|
-
inspec.backend.instance_variable_get(:@hostname)
|
49
|
-
# FIXME: This can be removed when/if @hostname is available as a property for 'Train::Transports::WinRM::Connection'
|
50
|
-
# Train enhancement request for this here: https://github.com/chef/train/issues/128
|
51
|
-
if @host.nil? && inspec.backend.class.to_s == 'Train::Transports::WinRM::Connection'
|
52
|
-
@host = URI.parse(inspec.backend.instance_variable_get(:@options)[:endpoint]).hostname
|
53
|
-
end
|
54
|
-
if @host.nil? && inspec.backend.class.to_s == 'Train::Transports::Local::Connection'
|
55
|
-
@host = 'localhost'
|
56
|
-
end
|
47
|
+
@host = opts[:host]
|
57
48
|
if @host.nil?
|
58
|
-
|
49
|
+
# Transports like SSH and WinRM will provide a hostname
|
50
|
+
if inspec.backend.respond_to?('hostname')
|
51
|
+
@host = inspec.backend.hostname
|
52
|
+
elsif inspec.backend.class.to_s == 'Train::Transports::Local::Connection'
|
53
|
+
@host = 'localhost'
|
54
|
+
else
|
55
|
+
fail 'Cannot determine host for SSL test. Please specify it or use a different target.'
|
56
|
+
end
|
59
57
|
end
|
60
58
|
@port = opts[:port] || 443
|
61
59
|
@timeout = opts[:timeout]
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: inspec
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 1.0.0.beta2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dominik Richter
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-09-
|
11
|
+
date: 2016-09-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: train
|
@@ -16,7 +16,7 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.19.
|
19
|
+
version: 0.19.1
|
20
20
|
- - "<"
|
21
21
|
- !ruby/object:Gem::Version
|
22
22
|
version: '1.0'
|
@@ -26,7 +26,7 @@ dependencies:
|
|
26
26
|
requirements:
|
27
27
|
- - ">="
|
28
28
|
- !ruby/object:Gem::Version
|
29
|
-
version: 0.19.
|
29
|
+
version: 0.19.1
|
30
30
|
- - "<"
|
31
31
|
- !ruby/object:Gem::Version
|
32
32
|
version: '1.0'
|
@@ -224,17 +224,17 @@ files:
|
|
224
224
|
- README.md
|
225
225
|
- Rakefile
|
226
226
|
- bin/inspec
|
227
|
+
- docs/README.md
|
227
228
|
- docs/cli.rst
|
228
|
-
- docs/dsl_inspec.
|
229
|
-
- docs/dsl_resource.
|
230
|
-
- docs/inspec_and_friends.
|
231
|
-
- docs/matchers.
|
232
|
-
- docs/
|
233
|
-
- docs/
|
229
|
+
- docs/dsl_inspec.md
|
230
|
+
- docs/dsl_resource.md
|
231
|
+
- docs/inspec_and_friends.md
|
232
|
+
- docs/matchers.md
|
233
|
+
- docs/plugin_kitchen_inspec.html.md
|
234
|
+
- docs/profiles.md
|
234
235
|
- docs/resources.rst
|
235
236
|
- docs/ruby_usage.rst
|
236
|
-
- docs/shell.
|
237
|
-
- docs/template.rst
|
237
|
+
- docs/shell.md
|
238
238
|
- examples/README.md
|
239
239
|
- examples/inheritance/README.md
|
240
240
|
- examples/inheritance/controls/example.rb
|
@@ -313,11 +313,11 @@ files:
|
|
313
313
|
- lib/inspec/completions/bash.sh.erb
|
314
314
|
- lib/inspec/completions/zsh.sh.erb
|
315
315
|
- lib/inspec/control_eval_context.rb
|
316
|
+
- lib/inspec/dependencies/cache.rb
|
316
317
|
- lib/inspec/dependencies/dependency_set.rb
|
317
318
|
- lib/inspec/dependencies/lockfile.rb
|
318
319
|
- lib/inspec/dependencies/requirement.rb
|
319
320
|
- lib/inspec/dependencies/resolver.rb
|
320
|
-
- lib/inspec/dependencies/vendor_index.rb
|
321
321
|
- lib/inspec/describe.rb
|
322
322
|
- lib/inspec/dsl.rb
|
323
323
|
- lib/inspec/dsl_shared.rb
|
@@ -452,9 +452,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
452
452
|
version: '0'
|
453
453
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
454
454
|
requirements:
|
455
|
-
- - "
|
455
|
+
- - ">"
|
456
456
|
- !ruby/object:Gem::Version
|
457
|
-
version:
|
457
|
+
version: 1.3.1
|
458
458
|
requirements: []
|
459
459
|
rubyforge_project:
|
460
460
|
rubygems_version: 2.4.6
|
data/docs/dsl_inspec.rst
DELETED
@@ -1,259 +0,0 @@
|
|
1
|
-
=====================================================
|
2
|
-
InSpec DSL
|
3
|
-
=====================================================
|
4
|
-
|
5
|
-
|inspec| is a run-time framework and rule language used to specify compliance, security, and policy requirements. It includes a collection of resources that help you write auditing controls quickly and easily. The syntax used by both open source and |chef compliance| auditing is the same. The open source |inspec resource| framework is compatible with |chef compliance|.
|
6
|
-
|
7
|
-
The InSpec DSL is a Ruby DSL for writing audit controls, which includes audit resources that you can invoke.
|
8
|
-
|
9
|
-
The following sections describe the syntax and show some simple examples of using the |inspec resources| to define
|
10
|
-
|
11
|
-
Syntax
|
12
|
-
=====================================================
|
13
|
-
|
14
|
-
The following resource tests |ssh| server configuration. For example, a simple control may described as:
|
15
|
-
|
16
|
-
.. code-block:: ruby
|
17
|
-
|
18
|
-
describe sshd_config do
|
19
|
-
its('Port') { should eq('22') }
|
20
|
-
end
|
21
|
-
|
22
|
-
In various use cases like implementing IT compliance across different departments, it becomes handy to extend the control with metadata. Each control may define an additional ``impact``, ``title`` or ``desc``. An example looks like:
|
23
|
-
|
24
|
-
.. code-block:: ruby
|
25
|
-
|
26
|
-
control 'sshd-8' do
|
27
|
-
impact 0.6
|
28
|
-
title 'Server: Configure the service port'
|
29
|
-
desc '
|
30
|
-
Always specify which port the SSH server should listen to.
|
31
|
-
Prevent unexpected settings.
|
32
|
-
'
|
33
|
-
tag 'ssh','sshd','openssh-server'
|
34
|
-
tag cce: 'CCE-27072-8'
|
35
|
-
ref 'NSA-RH6-STIG - Section 3.5.2.1', url: 'https://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf'
|
36
|
-
|
37
|
-
describe sshd_config do
|
38
|
-
its('Port') { should eq('22') }
|
39
|
-
end
|
40
|
-
end
|
41
|
-
|
42
|
-
|
43
|
-
where
|
44
|
-
|
45
|
-
* ``'sshd-8'`` is the name of the control
|
46
|
-
* ``impact``, ``title``, and ``desc`` define metadata that fully describes the importance of the control, its purpose, with a succinct and complete description
|
47
|
-
* ``impact`` is an float that measures the importance of the compliance results and must be a value between ``0.0`` and ``1.0``.
|
48
|
-
* ``tag`` is optional meta-information with with key or key-value pairs
|
49
|
-
* ``ref`` is a reference to an external document
|
50
|
-
* ``describe`` is a block that contains at least one test. A ``control`` block must contain at least one ``describe`` block, but may contain as many as required
|
51
|
-
* ``sshd_config`` is an |inspec| resource. For the full list of InSpec resources, see |inspec| resource documentation
|
52
|
-
* ``its('Port')`` is the matcher; ``{ should eq('22') }`` is the test. A ``describe`` block must contain at least one matcher, but may contain as many as required
|
53
|
-
|
54
|
-
|
55
|
-
Advanced concepts
|
56
|
-
=====================================================
|
57
|
-
|
58
|
-
With inspec it is possible to check if at least one of a collection of checks is true. For example: If a setting is configured in two different locations, you may want to test if either configuration A or configuration B have been set. This is accomplished via ``describe.one``. It defines a block of tests with at least one valid check.
|
59
|
-
|
60
|
-
.. code-block:: ruby
|
61
|
-
|
62
|
-
describe.one do
|
63
|
-
describe ConfigurationA do
|
64
|
-
its('setting_1') { should eq true }
|
65
|
-
end
|
66
|
-
|
67
|
-
describe ConfigurationB do
|
68
|
-
its('setting_2') { should eq true }
|
69
|
-
end
|
70
|
-
end
|
71
|
-
|
72
|
-
Examples
|
73
|
-
=====================================================
|
74
|
-
The following examples show simple compliance tests using a single ``control`` block.
|
75
|
-
|
76
|
-
Test System Event Log
|
77
|
-
-----------------------------------------------------
|
78
|
-
The following test shows how to audit machines running |windows| 2012 R2 that pwassword complexity is enabled:
|
79
|
-
|
80
|
-
.. code-block:: ruby
|
81
|
-
|
82
|
-
control 'windows-account-102' do
|
83
|
-
impact 1.0
|
84
|
-
title 'Windows Password Complexity is Enabled'
|
85
|
-
desc 'Password must meet complexity requirement'
|
86
|
-
describe security_policy do
|
87
|
-
its('PasswordComplexity') { should eq 1 }
|
88
|
-
end
|
89
|
-
end
|
90
|
-
|
91
|
-
Are PosgtreSQL passwords empty?
|
92
|
-
-----------------------------------------------------
|
93
|
-
The following test shows how to audit machines running |postgresql| to ensure that passwords are not empty.
|
94
|
-
|
95
|
-
.. code-block:: ruby
|
96
|
-
|
97
|
-
control 'postgres-7' do
|
98
|
-
impact 1.0
|
99
|
-
title 'Don't allow empty passwords'
|
100
|
-
describe postgres_session('user', 'pass').query("SELECT * FROM pg_shadow WHERE passwd IS NULL;") do
|
101
|
-
its('output') { should eq('') }
|
102
|
-
end
|
103
|
-
end
|
104
|
-
|
105
|
-
|
106
|
-
Are MySQL passwords in ENV?
|
107
|
-
-----------------------------------------------------
|
108
|
-
The following test shows how to audit machines running |mysql| to ensure that passwords are not stored in ``ENV``:
|
109
|
-
|
110
|
-
.. code-block:: ruby
|
111
|
-
|
112
|
-
control 'mysql-3' do
|
113
|
-
impact 1.0
|
114
|
-
title 'Do not store your MySQL password in your ENV'
|
115
|
-
desc '
|
116
|
-
Storing credentials in your ENV may easily expose
|
117
|
-
them to an attacker. Prevent this at all costs.
|
118
|
-
'
|
119
|
-
describe command('env') do
|
120
|
-
its('stdout') { should_not match(/^MYSQL_PWD=/) }
|
121
|
-
end
|
122
|
-
end
|
123
|
-
|
124
|
-
Is /etc/ssh a Directory?
|
125
|
-
-----------------------------------------------------
|
126
|
-
The following test shows how to audit machines to ensure that ``/etc/ssh`` is a directory:
|
127
|
-
|
128
|
-
.. code-block:: ruby
|
129
|
-
|
130
|
-
control 'basic-1' do
|
131
|
-
impact 1.0
|
132
|
-
title '/etc/ssh should be a directory'
|
133
|
-
desc '
|
134
|
-
In order for OpenSSH to function correctly, its
|
135
|
-
configuration path must be a folder.
|
136
|
-
'
|
137
|
-
describe file('/etc/ssh') do
|
138
|
-
it { should be_directory }
|
139
|
-
end
|
140
|
-
end
|
141
|
-
|
142
|
-
Is Apache running?
|
143
|
-
-----------------------------------------------------
|
144
|
-
The following test shows how to audit machines to ensure that |apache| is enabled and running:
|
145
|
-
|
146
|
-
.. code-block:: ruby
|
147
|
-
|
148
|
-
control 'apache-1' do
|
149
|
-
impact 0.3
|
150
|
-
title 'Apache2 should be configured and running'
|
151
|
-
describe service(apache.service) do
|
152
|
-
it { should be_enabled }
|
153
|
-
it { should be_running }
|
154
|
-
end
|
155
|
-
end
|
156
|
-
|
157
|
-
Are insecure packages installed ?
|
158
|
-
-----------------------------------------------------
|
159
|
-
The following test shows how to audit machines for insecure packages:
|
160
|
-
|
161
|
-
.. code-block:: ruby
|
162
|
-
|
163
|
-
control 'cis-os-services-5.1.3' do
|
164
|
-
impact 0.7
|
165
|
-
title '5.1.3 Ensure rsh client is not installed'
|
166
|
-
|
167
|
-
describe package('rsh') do
|
168
|
-
it { should_not be_installed }
|
169
|
-
end
|
170
|
-
|
171
|
-
describe package('rsh-redone-client') do
|
172
|
-
it { should_not be_installed }
|
173
|
-
end
|
174
|
-
end
|
175
|
-
|
176
|
-
|
177
|
-
Test Windows Registry Keys
|
178
|
-
-----------------------------------------------------
|
179
|
-
The following test shows how to audit machines to ensure Safe DLL Seach Mode is enabled:
|
180
|
-
|
181
|
-
.. code-block:: ruby
|
182
|
-
|
183
|
-
control 'windows-base-101' do
|
184
|
-
impact 1.0
|
185
|
-
title 'Safe DLL Search Mode is Enabled'
|
186
|
-
desc '
|
187
|
-
@link: https://msdn.microsoft.com/en-us/library/ms682586(v=vs.85).aspx
|
188
|
-
'
|
189
|
-
describe registry_key('HKLM\\System\\CurrentControlSet\\Control\\Session Manager') do
|
190
|
-
it { should exist }
|
191
|
-
it { should_not have_property_value('SafeDllSearchMode', :type_dword, '0') }
|
192
|
-
end
|
193
|
-
end
|
194
|
-
|
195
|
-
Exclude specific test
|
196
|
-
-----------------------------------------------------
|
197
|
-
This shows how to allow skipping certain tests if conditions are not met, by using ``only_if``.
|
198
|
-
In this example the test will not be performed if ``redis-cli`` command does not exist, because for example package on remote host was not installed.
|
199
|
-
|
200
|
-
.. code-block:: ruby
|
201
|
-
|
202
|
-
control 'nutcracker-connect-redis-001' do
|
203
|
-
impact 1.0
|
204
|
-
title 'Check if nutcracker can pass commands to redis'
|
205
|
-
desc 'execute redis-cli set key command, to check connectivity of the service'
|
206
|
-
|
207
|
-
only_if do
|
208
|
-
command('redis-cli').exist?
|
209
|
-
end
|
210
|
-
|
211
|
-
describe command('redis-cli SET test_inspec "HELLO"') do
|
212
|
-
its(:stdout) { should match(/OK/) }
|
213
|
-
end
|
214
|
-
end
|
215
|
-
|
216
|
-
Mixing this with other conditionals (like checking existence of the files etc.) can help to test different test paths using inspec. This way you can skip certain tests which would 100% fail due to the way servers are prepared, but you know that the same test suites are reused later in different circumstances by different teams.
|
217
|
-
|
218
|
-
Additional metadata for controls
|
219
|
-
-----------------------------------------------------
|
220
|
-
|
221
|
-
The following example illustrates various ways to add tags and references to `control`
|
222
|
-
|
223
|
-
.. code-block:: ruby
|
224
|
-
|
225
|
-
control 'ssh-1' do
|
226
|
-
impact 1.0
|
227
|
-
|
228
|
-
title 'Allow only SSH Protocol 2'
|
229
|
-
desc 'Only SSH protocol version 2 connections should be permitted.
|
230
|
-
The default setting in /etc/ssh/sshd_config is correct, and can be
|
231
|
-
verified by ensuring that the following line appears: Protocol 2'
|
232
|
-
|
233
|
-
tag 'production','development'
|
234
|
-
tag 'ssh','sshd','openssh-server'
|
235
|
-
|
236
|
-
tag cce: 'CCE-27072-8'
|
237
|
-
tag disa: 'RHEL-06-000227'
|
238
|
-
|
239
|
-
tag remediation: 'stig_rhel6/recipes/sshd-config.rb'
|
240
|
-
tag remediation: 'https://supermarket.chef.io/cookbooks/ssh-hardening'
|
241
|
-
|
242
|
-
ref 'NSA-RH6-STIG - Section 3.5.2.1', url: 'https://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf'
|
243
|
-
ref 'http://people.redhat.com/swells/scap-security-guide/RHEL/6/output/ssg-centos6-guide-C2S.html'
|
244
|
-
|
245
|
-
describe ssh_config do
|
246
|
-
its ('Protocol') { should eq '2'}
|
247
|
-
end
|
248
|
-
end`
|
249
|
-
|
250
|
-
|
251
|
-
|
252
|
-
.. |inspec| replace:: InSpec
|
253
|
-
.. |inspec resource| replace:: InSpec Resource
|
254
|
-
.. |chef compliance| replace:: Chef Compliance
|
255
|
-
.. |ruby| replace:: Ruby
|
256
|
-
.. |ssh| replace:: SSH
|
257
|
-
.. |windows| replace:: Microsoft Windows
|
258
|
-
.. |postgresql| replace:: PostgreSQL
|
259
|
-
.. |apache| replace:: Apache
|