oracle-linux-8-stig-baseline/kitchen.yml at main · mitre/oracle-linux-8-stig-baseline · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
---
platforms:
  - name: ol8

driver:
  name: oci
  compartment_id: <%= ENV['OCI_COMPARTMENT_OCID'] %>
  availability_domain: <%= ENV['OCI_AVAILABILITY_DOMAIN'] %>
  image_name: 'Oracle Linux 8\.\d+'
  shape: <%= ENV['OCI_INSTANCE_SHAPE'] %>
  subnet_id: <%= ENV['OCI_SUBNET_OCID'] %>
  ssh_keygen: true

provisioner:
  name: shell
  command: "true"

verifier:
  name: inspec
  sudo: true
  reporter:
    - cli
    - json:spec/results/%{platform}_%{suite}.json
  inspec_tests:
    - name: OL8 STIG Baseline
      path: .
  load_plugins: true

suites:
  - name: baseline

# lifecycle:
#   pre_converge:
#     - remote: |
#         # echo "+++ Refreshing DNF package cache +++"
#         # sudo dnf -y clean all
#         echo ""
#         echo "+++ Updating DNF Packages +++"
#         sudo dnf -y update --nogpgcheck --nobest
#         echo ""
#         echo "+++ Installing needed packages for workflow and utility +++\n\n"
#         sudo dnf -y install --nogpgcheck bc bind-utils redhat-lsb-core vim git wget gcc openssl-devel libffi-devel bzip2-devel
#         echo ""
#         echo "+++ Installing Python 3.9 +++\n\n"
#         export PATH=/usr/local/bin:$PATH
#         sudo dnf -y install python3.9
#         sudo dnf -y install python3-pip
#         sudo update-alternatives --set python3 /usr/bin/python3.9
#         sudo python3 -m pip install jmespath
#         echo ""
#         echo "+++ Updating the opc user to keep sudo working after hardening phase +++\n\n"
#         sudo chage -d $(( $( date +%s ) / 86400 )) opc
#         echo ""
#         echo "+++ updating opc sudo config for hardening phase +++\n\n"
#         sudo chmod 600 /etc/sudoers && sudo sed -i'' "/opc/d" /etc/sudoers && sudo chmod 400 /etc/sudoers

transport:
  username: opc