mattray/.kitchen.yml

## .kitchen.yml
---
driver:
  name: ec2
  instance_type: m3.medium
  security_group_ids: ["sg-e6b61680"] # open up rdp, winrm-http, winrm-https
  associate_public_ip: true
  interface: dns
  aws_ssh_key_id: <%= ENV['AWS_SSH_KEY_ID'] %>
  tags:
    Name: inspec-aws-exceptions-cis

provisioner:
  name: chef_zero
  always_update_cookbooks: true

transport:
  username: administrator
  ssh_key: <%= ENV['EC2_SSH_KEY_PATH'] %>

verifier:
  name: inspec

platforms:
  - name: windows-2012r2

suites:
  - name: cis
    run_list:
      - recipe[windows-hardening::enable_winrm_access]
      - recipe[cis-win2012r2-l1-hardening::default]
    attributes:
      security_policy:
        rights:
          SeNetworkLogonRight: '*S-1-1-0, *S-1-5-32-544, *S-1-5-32-545, *S-1-5-32-551'
          SeRemoteInteractiveLogonRight: '*S-1-1-0, *S-1-5-32-544, *S-1-5-32-545, *S-1-5-32-551'
    verifier:
      inspec_tests:
        - .
      # controls:
      #   - SecOps 3.1.1
  - name: hardening
    run_list:
      - recipe[windows-hardening::enable_winrm_access]
      - recipe[windows-hardening::default]
    attributes:
      security_policy:
        rights:
          SeNetworkLogonRight: '*S-1-1-0, *S-1-5-32-544, *S-1-5-32-545, *S-1-5-32-551'
          SeRemoteInteractiveLogonRight: '*S-1-1-0, *S-1-5-32-544, *S-1-5-32-545, *S-1-5-32-551'
    verifier:
      inspec_tests:
        - .
  - name: pristine
    verifier:
      inspec_tests:
        - .
	---
	driver:
	name: ec2
	instance_type: m3.medium
	security_group_ids: ["sg-e6b61680"] # open up rdp, winrm-http, winrm-https
	associate_public_ip: true
	interface: dns
	aws_ssh_key_id: <%= ENV['AWS_SSH_KEY_ID'] %>
	tags:
	Name: inspec-aws-exceptions-cis

	provisioner:
	name: chef_zero
	always_update_cookbooks: true

	transport:
	username: administrator
	ssh_key: <%= ENV['EC2_SSH_KEY_PATH'] %>

	verifier:
	name: inspec

	platforms:
	- name: windows-2012r2

	suites:
	- name: cis
	run_list:
	- recipe[windows-hardening::enable_winrm_access]
	- recipe[cis-win2012r2-l1-hardening::default]
	attributes:
	security_policy:
	rights:
	SeNetworkLogonRight: 'S-1-1-0, S-1-5-32-544, S-1-5-32-545, S-1-5-32-551'
	SeRemoteInteractiveLogonRight: 'S-1-1-0, S-1-5-32-544, S-1-5-32-545, S-1-5-32-551'
	verifier:
	inspec_tests:
	- .
	# controls:
	# - SecOps 3.1.1
	- name: hardening
	run_list:
	- recipe[windows-hardening::enable_winrm_access]
	- recipe[windows-hardening::default]
	attributes:
	security_policy:
	rights:
	SeNetworkLogonRight: 'S-1-1-0, S-1-5-32-544, S-1-5-32-545, S-1-5-32-551'
	SeRemoteInteractiveLogonRight: 'S-1-1-0, S-1-5-32-544, S-1-5-32-545, S-1-5-32-551'
	verifier:
	inspec_tests:
	- .
	- name: pristine
	verifier:
	inspec_tests:
	- .