Skip to content

Instantly share code, notes, and snippets.

@mattray
Created May 4, 2018 08:17
Show Gist options
  • Save mattray/a9db57aa906540d12a951c6524bbcdc7 to your computer and use it in GitHub Desktop.
Save mattray/a9db57aa906540d12a951c6524bbcdc7 to your computer and use it in GitHub Desktop.
---
driver:
name: ec2
instance_type: m3.medium
security_group_ids: ["sg-e6b61680"] # open up rdp, winrm-http, winrm-https
associate_public_ip: true
interface: dns
aws_ssh_key_id: <%= ENV['AWS_SSH_KEY_ID'] %>
tags:
Name: inspec-aws-exceptions-cis
provisioner:
name: chef_zero
always_update_cookbooks: true
transport:
username: administrator
ssh_key: <%= ENV['EC2_SSH_KEY_PATH'] %>
verifier:
name: inspec
platforms:
- name: windows-2012r2
suites:
- name: cis
run_list:
- recipe[windows-hardening::enable_winrm_access]
- recipe[cis-win2012r2-l1-hardening::default]
attributes:
security_policy:
rights:
SeNetworkLogonRight: '*S-1-1-0, *S-1-5-32-544, *S-1-5-32-545, *S-1-5-32-551'
SeRemoteInteractiveLogonRight: '*S-1-1-0, *S-1-5-32-544, *S-1-5-32-545, *S-1-5-32-551'
verifier:
inspec_tests:
- .
# controls:
# - SecOps 3.1.1
- name: hardening
run_list:
- recipe[windows-hardening::enable_winrm_access]
- recipe[windows-hardening::default]
attributes:
security_policy:
rights:
SeNetworkLogonRight: '*S-1-1-0, *S-1-5-32-544, *S-1-5-32-545, *S-1-5-32-551'
SeRemoteInteractiveLogonRight: '*S-1-1-0, *S-1-5-32-544, *S-1-5-32-545, *S-1-5-32-551'
verifier:
inspec_tests:
- .
- name: pristine
verifier:
inspec_tests:
- .
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment