remove inspec overlay

mitre · Jul 1, 2024 · e212e68 · e212e68
1 parent f5773e4
commit e212e68
Show file tree

Hide file tree

Showing 7 changed files with 16 additions and 29 deletions.
diff --git a/README.md b/README.md
@@ -147,7 +147,7 @@ Full repository [here](https://github.com/mitre/mongodb-enterprise-advanced-4-st
   - Remove the `--controls` flag to run all inspec checks at once.
 
   ```sh
-  inspec exec spec/mongo-inspec-profile/ -t docker://mongo-hardened --controls=SV-252134 --input-file=spec/mongo-inspec-profile/inputs.yml --reporter cli json:reports/inspec_results.json --no-create-lockfile --show-progress
+  inspec exec spec/mongo-inspec-profile/ -t docker://mongo-hardened --controls=SV-252134 --input-file=spec/mongo-inspec-profile/inputs.yml --reporter cli json:reports/inspec_results.json --no-create-lockfile --enhanced-outcomes
   ```
 
 - Deeper Testing with InSpec Shell

diff --git a/mongo-validate.pkr.hcl b/mongo-validate.pkr.hcl
@@ -23,8 +23,8 @@ variable "input_hardened_image" {
 variable "scan" {
   type = map(string)
   default = {
+    "inspec_profile"         = "https://github.com/mitre/mongodb-enterprise-advanced-4-stig-baseline.git",
     "report_dir"             = "reports",
-    "inspec_profile"         = "spec/mongo-inspec-profile",
     "inspec_report_filename" = "inspec_results.json",
     "inspec_input_file"      = "spec/mongo-inspec-profile/inputs.yml"
   }

diff --git a/spec/ansible/mongo-stig-hardening-playbook.yml b/spec/ansible/mongo-stig-hardening-playbook.yml
@@ -2,11 +2,12 @@
 - hosts:
     - localhost
   roles:
-    - roles/prep
-    - mitre.yedit
-    - mongo-stig
+    - role: roles/prep
+    - role: mitre.yedit
+    - role: mongoSTIG
+      vars:
+        fips_mode: true
+        enterprise_edition: true
   serial: 50
   user: 0
-  vars:
-    fips_mode: true
-    enterprise_edition: true
+
diff --git a/spec/ansible/requirements.yml b/spec/ansible/requirements.yml
@@ -1,8 +1,9 @@
 ---
 roles:
-  - name: rhel8STIG
-    src: https://github.com/ansible-lockdown/RHEL8-STIG
-
+  - name: mongoSTIG
+    src: https://github.com/mitre/ansible-mongodb-enterprise-advanced-4-stig-hardening
+    version: main
+
   - src: mitre.yedit
 
 collections:

diff --git a/spec/mongo-inspec-profile/controls/overlay.rb b/spec/mongo-inspec-profile/controls/overlay.rb
diff --git a/spec/mongo-inspec-profile/inspec.yml b/spec/mongo-inspec-profile/inspec.yml
diff --git a/spec/scripts/scan.sh b/spec/scripts/scan.sh
@@ -8,5 +8,6 @@ echo "--- Running InSpec Profile ($PROFILE) against target ---"
 inspec exec $PROFILE \
     -t docker://$CONTAINER_ID \
     --input-file=$INPUT_FILE \
-    --reporter cli json:$REPORT_DIR/$REPORT_FILE \
-    --no-create-lockfile
+    --reporter progress-bar json:$REPORT_DIR/$REPORT_FILE \
+    --no-create-lockfile \
+    --enhanced-outcomes