Skip to content
SAF Advanced InSpec Profile Developer CourseSAF Advanced InSpec Profile Developer Course
MITRE InSpec Advanced Profile Developer Course
Course
Resources
Installation
  • Course

    • 1. Course Overview
      • 2. Review the Fundamentals
        • 3. Practice the Fundamentals
          • 4. Tools for Automation
            • 5. Automate Security Testing
              • 6. Explore InSpec Resources
                • 7. Local vs Built-in Resources
                  • 8. Create a Custom Resource - The Git Example
                    • 9. Create a Custom Resource - The Docker Example
                      • 10. Writing Plural Resources
                        • 11. Dissecting Resources
                          • 12. Exercise - Develop your own resources
                            • 13. Add Your Resource to InSpec
                              • 14. Custom Resource Examples from InSpec

                              Class Resources

                              June 7, 2022About 1 min

                              On This Page
                              • Code Background & Primers
                                • Ruby Tutorials and Documentation
                                • InSpec Documentation
                                • InSpec Tutorials and Videos
                                • rspec documentation
                              • Codespaces and Git
                                • Learning and Using Git
                                • GitHub Codespaces
                              • Tools and Applications
                              • RHEL8 Baseline 'Stubs'
                                • Generating the Stubs
                              • MITRE SAF InSpec Profiles
                              • DOD STIGs and Benchmarks
                                • DISA STIGs
                                • STIG and SRG Aligned Profiles
                                • CIS Benchmarks and Profiles
                              • Chef Community Slack

                              # Class Resources

                              # Code Background & Primers

                              # Ruby Tutorials and Documentation

                              • https://ruby-for-beginners.rubymonstas.org/open in new window
                              • Ruby Video Tutorialopen in new window

                              # InSpec Documentation

                              • InSpec Docsopen in new window
                              • InSpec Profilesopen in new window
                              • InSpec Resourcesopen in new window
                              • InSpec Matchersopen in new window
                              • InSpec Shellopen in new window
                              • InSpec Reportersopen in new window
                              • InSpec Profile Inheritanceopen in new window

                              # InSpec Tutorials and Videos

                              • Introduction to InSpec Playlistopen in new window
                              • Getting started with InSpec - The InSpec basics seriesopen in new window
                              • Windows infrastructure testing using InSpec – Part Iopen in new window
                              • Windows infrastructure testing using InSpec and Profiles – Part IIopen in new window

                              # rspec documentation

                              • Explicit Subjectopen in new window
                              • should and should_notopen in new window
                              • Built in matchersopen in new window

                              # Codespaces and Git

                              # Learning and Using Git

                              • Git Primer & Introductionopen in new window
                              • Git Command Documentationopen in new window
                              • Create a Pull Requestopen in new window

                              # GitHub Codespaces

                              • GitHub CodeSpaces Video Introductionopen in new window

                              • GitHub Codespaces Overviewopen in new window

                              # Tools and Applications

                              • InSpecopen in new window
                              • SAF CLIopen in new window
                              • CINCopen in new window
                              • VSCodeopen in new window

                              # RHEL8 Baseline 'Stubs'

                              The RHEL8 Baseline Stubs were saf-cli generate command as documented in Section 10 . You can use this as a reference while you develop your controls.

                              # Generating the Stubs

                              To create the RedHat Enterprise Linux 8 STIG Profile stubs, we used the saf-cli generate command:

                              saf generate:xccdf2inspec_stub -i U_RHEL_8_STIG_V1R6_Manual-xccdf.xml -r -o rhel8-baseline-stubs
                              

                              This created a starter profile based of the RHEL8 STIG XCCDF Bechmark

                              • rhel8-baseline-stubs.tar.gzopen in new window

                              # MITRE SAF InSpec Profiles

                              • MITRE InSpec Profile Repositoriesopen in new window

                              # DOD STIGs and Benchmarks

                              # DISA STIGs

                              • DISA Cyber.mil STIG Downlaodsopen in new window

                              # STIG and SRG Aligned Profiles

                              • https://github.com/CMSgov/redhat-enterprise-linux-8-stig-baselineopen in new window

                              • https://github.com/mitre/nginx-srg-baselineopen in new window

                              # CIS Benchmarks and Profiles

                              • Center for Internet Security Benchmarksopen in new window

                              # Chef Community Slack

                              • http://community-slack.chef.io/open in new window
                              Edit this pageopen in new window
                              Last update: 6/7/2022, 7:18:57 PM
                              Contributors: Emily Rodriguez
                              Prev
                              MITRE InSpec Advanced Profile Developer Course
                              Apache-2.0 | Copyright © 2022 - The MITRE Corporation
                              Copyright © 2022 MITRE SAF Team