Class Resources

Code Background & Primers

Ruby Tutorials and Documentation

• https://ruby-for-beginners.rubymonstas.org/
• Ruby Video Tutorial

InSpec Documentation

• InSpec Docs
• InSpec Profiles
• InSpec Resources
• InSpec Matchers
• InSpec Shell
• InSpec Reporters
• InSpec Profile Inheritance

InSpec Tutorials and Videos

• Introduction to InSpec Playlist
• Getting started with InSpec - The InSpec basics series
• Windows infrastructure testing using InSpec – Part I
• Windows infrastructure testing using InSpec and Profiles – Part II

rspec documentation

• Explicit Subject
• should and should_not
• Built in matchers

Codespaces and Git

Learning and Using Git

• Git Primer & Introduction
• Git Command Documentation
• Create a Pull Request

GitHub Codespaces

• GitHub CodeSpaces Video Introduction

• GitHub Codespaces Overview

Tools and Applications

• InSpec
• SAF CLI
• CINC
• VSCode

RHEL8 Baseline 'Stubs'

The RHEL8 Baseline Stubs were saf-cli generate command as documented in Section 10 . You can use this as a reference while you develop your controls.

Generating the Stubs

To create the RedHat Enterprise Linux 8 STIG Profile stubs, we used the saf-cli generate command:

saf generate:xccdf2inspec_stub -i U_RHEL_8_STIG_V1R6_Manual-xccdf.xml -r -o rhel8-baseline-stubs

This created a starter profile based of the RHEL8 STIG XCCDF Bechmark

• rhel8-baseline-stubs.tar.gz

MITRE SAF InSpec Profiles

• MITRE InSpec Profile Repositories

DOD STIGs and Benchmarks

DISA STIGs

• DISA Cyber.mil STIG Downlaods

STIG and SRG Aligned Profiles

• https://github.com/CMSgov/redhat-enterprise-linux-8-stig-baseline

• https://github.com/mitre/nginx-srg-baseline

CIS Benchmarks and Profiles

• Center for Internet Security Benchmarks

Chef Community Slack

• http://community-slack.chef.io/