-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathinspec.yml
83 lines (73 loc) · 3.2 KB
/
inspec.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
name: canonical-ubuntu-18.04-lts-server-cis-baseline
title: canonical-ubuntu-18.04-lts-server-cis-baseline
maintainer: MITRE SAF Team
copyright: MITRE, 2020
copyright_email:
license: Apache-2.0
summary: "InSpec Validation Profile for Canonical Ubuntu 18.04 LTS Server CIS"
version: 2.0.2
inspec_version: ">= 4.0"
supports:
- platform-name: ubuntu
release: 18.04
inputs:
- name: platform_name
description: Name of the OS/Platform
type: String
value: 'ubuntu'
- name: platform_release
description: Release number of the OS/Platform
type: Numeric
value: 18.04
- name: supported_until
description: Support end date for OS/Platform security updates
type: String
value: '2023-04-30'
- name: log_file_path
description: Audit log file path (SHOULD BE REPLACED/REMOVED WHEN auditd.conf_path FUNCTIONALITY BECOMES AVAILABLE IN INSPEC)
type: String
value: '/var/log/audit/audit.log'
- name: log_file_dir
description: Audit log file directory (SHOULD BE REPLACED/REMOVED WHEN auditd.conf_path FUNCTIONALITY BECOMES AVAILABLE IN INSPEC)
type: String
value: '/var/log/audit/'
- name: org_name
description: Organization Name
type: String
value: 'MITRE'
# ubuntu-18.04-server-cis-1.8.1.2
- name: banner_message_text_cli
description: Banner message text for command line interface logins.
type: String
value: "You are accessing a U.S. Government (USG) Information System (IS) that is \
provided for USG-authorized use only. By using this IS (which includes any \
device attached to this IS), you consent to the following conditions: -The USG \
routinely intercepts and monitors communications on this IS for purposes \
including, but not limited to, penetration testing, COMSEC monitoring, network \
operations and defense, personnel misconduct (PM), law enforcement (LE), and \
counterintelligence (CI) investigations. -At any time, the USG may inspect and \
seize data stored on this IS. -Communications using, or data stored on, this \
IS are not private, are subject to routine monitoring, interception, and \
search, and may be disclosed or used for any USG-authorized purpose. -This IS \
includes security measures (e.g., authentication and access controls) to \
protect USG interests--not for your personal benefit or privacy. \
-Notwithstanding the above, using this IS does not constitute consent to PM, \
LE or CI investigative searching or monitoring of the content of privileged \
communications, or work product, related to personal representation or \
services by attorneys, psychotherapists, or clergy, and their assistants. Such \
communications and work product are private and confidential. See User \
Agreement for details."
- name: banner_message_text_cli_limited
description: Banner message text for resource-limited command line interface logins.
type: String
value: "I've read & consent to terms in IS user agreem't."
- name: non_interactive_shells
description: These shells do not allow a user to login
type: Array
value:
- "/sbin/nologin"
- "/sbin/halt"
- "/sbin/shutdown"
- "/bin/false"
- "/bin/sync"
- "/bin/true"