updated inspec profile

spec/ansible/roles/mongo-stig/tasks/cat1.yml

@@ -38,6 +38,8 @@
   register: security_check
   changed_when: false
   ignore_errors: true
+  tags:
+    - SV-252149
 
 - name: "HIGH | SV-252149 | MongoDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | Security block does not exist."
   blockinfile:
@@ -108,14 +110,15 @@
 #     - SV-252158
 
 - name: "HIGH | SV-252159 | If passwords are used for authentication, MongoDB must store only hashed, salted representations of passwords."
+  #THERE IS A PART TWO THATS NOT COMPLETED
   blockinfile:
     path: "{{ mongod_config_path }}"
     marker: "#Rule ID SV-252159"
     prepend_newline: true
     insertafter: "EOF"
     block: |
       setParameter:
-        authenticationMechanisms: SCRAM-SHA-256 
+        authenticationMechanisms: SCRAM-SHA-256
     state: present
   register: result
   changed_when: no

spec/ansible/roles/mongo-stig/tasks/cat2.yml

@@ -106,6 +106,8 @@
   register: security_check
   changed_when: false
   ignore_errors: true
+  tags:
+    - SV-252143
 
 - name: "MEDIUM | SV-252143 | MongoDB and associated applications must reserve the use of dynamic code execution for situations that require it. | Security block does not exist."
   blockinfile:

spec/mongo-inspec-profile/controls/SV-252134.rb

@@ -77,4 +77,11 @@
   tag cci: ['CCI-000130', 'CCI-000131', 'CCI-000132', 'CCI-000133', 'CCI-000134', 'CCI-000135', 'CCI-000140', 'CCI-000166', 'CCI-000171', 'CCI-000172', 'CCI-001464', 'CCI-001487', 'CCI-001814', 'CCI-001844', 'CCI-001851', 'CCI-001858']
   tag nist: ['AU-3 a', 'AU-3 b', 'AU-3 c', 'AU-3 d', 'AU-3 e', 'AU-3 (1)', 'AU-5 b', 'AU-10', 'AU-12 b', 'AU-12 c', 'AU-14 (1)', 'AU-3 f', 'CM-5 (1)', 'AU-3 (2)', 'AU-4 (1)', 'AU-5 (2)']
 
+
+  describe yaml('/etc/mongod.conf.orig') do
+        its(['auditLog','destination']){should eq "file"}
+        its(['auditLog','format']){should eq "BSON"}
+        its(['auditLog','path']){should eq "/var/log/mongodb/audit/auditLog.bson"}
+    end
+
 end

spec/mongo-inspec-profile/controls/SV-252141.rb

@@ -46,4 +46,9 @@
   tag 'documentable'
   tag cci: ['CCI-001190', 'CCI-001665']
   tag nist: ['SC-24', 'SC-24']
+
+  describe yaml('/etc/mongod.conf.orig') do
+          its(['storage','journal','enabled']){should eq true}
+      end
+
 end

spec/mongo-inspec-profile/controls/SV-252143.rb

@@ -32,4 +32,9 @@
   tag 'documentable'
   tag cci: ['CCI-001310']
   tag nist: ['SI-10']
+
+  describe yaml('/etc/mongod.conf.orig') do
+        its(['security','javascriptEnabled']){should eq false}
+    end
+
 end

spec/mongo-inspec-profile/controls/SV-252149.rb

@@ -47,4 +47,9 @@
   tag 'documentable'
   tag cci: ['CCI-000015']
   tag nist: ['AC-2 (1)']
+
+  describe yaml('/etc/mongod.conf.orig') do
+        its(['security','authorization']){should eq "enabled"}
+    end
+
 end

spec/mongo-inspec-profile/controls/SV-252159.rb

@@ -62,4 +62,10 @@
   tag 'documentable'
   tag cci: ['CCI-000196']
   tag nist: ['IA-5 (1) (c)']
+
+  #THERE IS A PART TWO THATS NOT COMPLETED
+  describe yaml('/etc/mongod.conf.orig') do
+        its(['setParameter','authenticationMechanisms']){should eq "SCRAM-SHA-256"}
+    end
+
 end