Created
March 3, 2017 19:11
-
-
Save valter-silva-au/96aebc5c435165c935406c3d355fc490 to your computer and use it in GitHub Desktop.
3bbAwHEAGwWw
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
clear && kitchen converge && clear && kitchen verify | |
-----> Starting Kitchen (v1.15.0) | |
-----> Converging <default-ubuntu-1404>... | |
Preparing files for transfer | |
Preparing dna.json | |
Resolving cookbook dependencies with Berkshelf 5.6.3... | |
Removing non-cookbook files before transfer | |
Preparing validation.pem | |
Preparing client.rb | |
-----> Chef Omnibus installation detected (install only if missing) | |
Transferring files to <default-ubuntu-1404> | |
[2017-03-03T19:02:12+00:00] INFO: Forking chef instance to converge... | |
Starting Chef Client, version 12.19.36 | |
[2017-03-03T19:02:12+00:00] INFO: *** Chef 12.19.36 *** | |
[2017-03-03T19:02:12+00:00] INFO: Platform: x86_64-linux | |
[2017-03-03T19:02:12+00:00] INFO: Chef-client pid: 24913 | |
[2017-03-03T19:02:14+00:00] INFO: Setting the run_list to ["recipe[tw-audit-cis::default]"] from CLI options | |
[2017-03-03T19:02:14+00:00] INFO: Run List is [recipe[tw-audit-cis::default]] | |
[2017-03-03T19:02:14+00:00] INFO: Run List expands to [tw-audit-cis::default] | |
[2017-03-03T19:02:14+00:00] INFO: Starting Chef Run for default-ubuntu-1404 | |
[2017-03-03T19:02:14+00:00] INFO: Running start handlers | |
[2017-03-03T19:02:14+00:00] INFO: Start handlers complete. | |
[2017-03-03T19:02:14+00:00] INFO: HTTP Request Returned 404 Not Found: Object not found: | |
resolving cookbooks for run list: ["tw-audit-cis::default"] | |
[2017-03-03T19:02:14+00:00] INFO: Loading cookbooks [tw-audit-cis@0.1.0] | |
Synchronizing Cookbooks: | |
- tw-audit-cis (0.1.0) | |
Installing Cookbook Gems: | |
Compiling Cookbooks... | |
Converging 16 resources | |
Recipe: tw-audit-cis::1-initial-setup | |
* template[/etc/modprobe.d/CIS.conf] action create[2017-03-03T19:02:14+00:00] INFO: Processing template[/etc/modprobe.d/CIS.conf] action create (tw-audit-cis::1-initial-setup line 17) | |
(up to date) | |
Recipe: tw-audit-cis::2-services | |
* apt_package[telnet] action purge[2017-03-03T19:02:14+00:00] INFO: Processing apt_package[telnet] action purge (tw-audit-cis::2-services line 7) | |
(up to date) | |
* service[rpcbind] action stop[2017-03-03T19:02:14+00:00] INFO: Processing service[rpcbind] action stop (tw-audit-cis::2-services line 11) | |
(up to date) | |
* service[rpcbind] action disable[2017-03-03T19:02:14+00:00] INFO: Processing service[rpcbind] action disable (tw-audit-cis::2-services line 11) | |
(up to date) | |
* service[rsyslog] action stop[2017-03-03T19:02:14+00:00] INFO: Processing service[rsyslog] action stop (tw-audit-cis::2-services line 15) | |
(up to date) | |
* service[rsyslog] action disable[2017-03-03T19:02:14+00:00] INFO: Processing service[rsyslog] action disable (tw-audit-cis::2-services line 15) | |
(up to date) | |
Recipe: tw-audit-cis::4-logging-and-auditing | |
* file[/etc/hosts.allow] action create[2017-03-03T19:02:14+00:00] INFO: Processing file[/etc/hosts.allow] action create (tw-audit-cis::4-logging-and-auditing line 7) | |
(up to date) | |
* file[/etc/crontab] action create[2017-03-03T19:02:14+00:00] INFO: Processing file[/etc/crontab] action create (tw-audit-cis::4-logging-and-auditing line 11) | |
(up to date) | |
* directory[/etc/cron.daily] action create[2017-03-03T19:02:14+00:00] INFO: Processing directory[/etc/cron.daily] action create (tw-audit-cis::4-logging-and-auditing line 16) | |
(up to date) | |
* directory[/etc/cron.hourly] action create[2017-03-03T19:02:14+00:00] INFO: Processing directory[/etc/cron.hourly] action create (tw-audit-cis::4-logging-and-auditing line 16) | |
(up to date) | |
* directory[/etc/cron.weekly] action create[2017-03-03T19:02:14+00:00] INFO: Processing directory[/etc/cron.weekly] action create (tw-audit-cis::4-logging-and-auditing line 16) | |
(up to date) | |
* directory[/etc/cron.monthly] action create[2017-03-03T19:02:14+00:00] INFO: Processing directory[/etc/cron.monthly] action create (tw-audit-cis::4-logging-and-auditing line 16) | |
(up to date) | |
* directory[/etc/cron.d] action create[2017-03-03T19:02:14+00:00] INFO: Processing directory[/etc/cron.d] action create (tw-audit-cis::4-logging-and-auditing line 16) | |
(up to date) | |
* file[/etc/at.deny] action delete[2017-03-03T19:02:14+00:00] INFO: Processing file[/etc/at.deny] action delete (tw-audit-cis::4-logging-and-auditing line 23) | |
(skipped due to only_if) | |
* file[/etc/at.allow] action create_if_missing[2017-03-03T19:02:14+00:00] INFO: Processing file[/etc/at.allow] action create_if_missing (tw-audit-cis::4-logging-and-auditing line 29) | |
(up to date) | |
* file[/etc/cron.allow] action create_if_missing[2017-03-03T19:02:14+00:00] INFO: Processing file[/etc/cron.allow] action create_if_missing (tw-audit-cis::4-logging-and-auditing line 29) | |
(up to date) | |
* directory[/etc/audit/] action create[2017-03-03T19:02:14+00:00] INFO: Processing directory[/etc/audit/] action create (tw-audit-cis::4-logging-and-auditing line 37) | |
(up to date) | |
* template[/etc/audit/auditd.conf] action create[2017-03-03T19:02:14+00:00] INFO: Processing template[/etc/audit/auditd.conf] action create (tw-audit-cis::4-logging-and-auditing line 43) | |
[2017-03-03T19:02:14+00:00] INFO: template[/etc/audit/auditd.conf] backed up to /tmp/kitchen/backup/etc/audit/auditd.conf.chef-20170303190214.114506 | |
[2017-03-03T19:02:14+00:00] INFO: template[/etc/audit/auditd.conf] updated file contents /etc/audit/auditd.conf | |
- update content in file /etc/audit/auditd.conf from b77d0d to f43a34 | |
--- /etc/audit/auditd.conf 2017-03-03 19:01:44.949570026 +0000 | |
+++ /etc/audit/.chef-auditd20170303-24913-1bm78ma.conf 2017-03-03 19:02:14.109570026 +0000 | |
@@ -1,4 +1,4 @@ | |
-max_log_file = 30000 | |
+max_log_file = 30 | |
space_left_action = email | |
action_mail_acct = root | |
admin_space_left_action = halt | |
[2017-03-03T19:02:14+00:00] INFO: Chef Run complete in 0.102173641 seconds | |
Running handlers: | |
[2017-03-03T19:02:14+00:00] INFO: Running report handlers | |
Running handlers complete | |
[2017-03-03T19:02:14+00:00] INFO: Report handlers complete | |
Chef Client finished, 1/18 resources updated in 01 seconds | |
Finished converging <default-ubuntu-1404> (0m2.82s). | |
-----> Kitchen is finished. (0m3.40s) | |
-----> Starting Kitchen (v1.15.0) | |
-----> Setting up <default-ubuntu-1404>... | |
Finished setting up <default-ubuntu-1404> (0m0.00s). | |
-----> Verifying <default-ubuntu-1404>... | |
Loaded | |
Target: ssh://vagrant@127.0.0.1:2222 | |
System Package | |
✔ setroubleshoot should not be installed | |
System Package | |
✔ mcstrans should not be installed | |
System Package | |
✔ telnet-server should not be installed | |
System Package | |
✔ telnet should not be installed | |
System Package | |
✔ rsh-server should not be installed | |
System Package | |
✔ rsh should not be installed | |
System Package | |
✔ ypbind should not be installed | |
System Package | |
✔ ypserv should not be installed | |
System Package | |
✔ tftp should not be installed | |
System Package | |
✔ tftp-server should not be installed | |
System Package | |
✔ talk should not be installed | |
System Package | |
✔ talk-server should not be installed | |
System Package | |
✔ xinetd should not be installed | |
System Package | |
✔ xorg-x11-server-common should not be installed | |
System Package | |
✔ dhcp should not be installed | |
System Package | |
✔ openldap-servers should not be installed | |
System Package | |
✔ openldap-clients should not be installed | |
System Package | |
✔ bind should not be installed | |
System Package | |
✔ vsftpd should not be installed | |
System Package | |
✔ httpd should not be installed | |
System Package | |
✔ dovecot should not be installed | |
System Package | |
✔ samba should not be installed | |
System Package | |
✔ squid should not be installed | |
System Package | |
✔ net-snmp should not be installed | |
Service chargen-dgram | |
✔ should not be running | |
Service chargen-dgram | |
✔ should not be enabled | |
Service chargen-stream | |
✔ should not be running | |
Service chargen-stream | |
✔ should not be enabled | |
Service daytime-dgram | |
✔ should not be running | |
Service daytime-dgram | |
✔ should not be enabled | |
Service daytime-stream | |
✔ should not be running | |
Service daytime-stream | |
✔ should not be enabled | |
Service echo-dgram | |
✔ should not be running | |
Service echo-dgram | |
✔ should not be enabled | |
Service echo-stream | |
✔ should not be running | |
Service echo-stream | |
✔ should not be enabled | |
Service tcpmux-server | |
✔ should not be running | |
Service tcpmux-server | |
✔ should not be enabled | |
Service graphical.target | |
✔ should not be running | |
Service graphical.target | |
✔ should not be enabled | |
Service avahi-daemon | |
✔ should not be running | |
Service avahi-daemon | |
✔ should not be enabled | |
Service cups | |
✔ should not be running | |
Service cups | |
✔ should not be enabled | |
Service nfslock | |
✔ should not be running | |
Service nfslock | |
✔ should not be enabled | |
Service rpcgssd | |
✔ should not be running | |
Service rpcgssd | |
✔ should not be enabled | |
Service rpcbind | |
✔ should not be running | |
Service rpcbind | |
✔ should not be enabled | |
Service rpcidmapd | |
✔ should not be running | |
Service rpcidmapd | |
✔ should not be enabled | |
Service rpcsvcgssd | |
✔ should not be running | |
Service rpcsvcgssd | |
✔ should not be enabled | |
Service firewalld | |
✔ should not be enabled | |
Service firewalld | |
✔ should not be running | |
Service rsyslog | |
✔ should not be enabled | |
Service rsyslog | |
✔ should not be running | |
Service auditd | |
✔ should not be enabled | |
Service auditd | |
✔ should not be running | |
Service crond | |
✔ should not be enabled | |
Service crond | |
✔ should not be running | |
Command modprobe | |
✔ -n -v cramfs stdout should match /install \/bin\/true/ | |
Command lsmod | |
✔ | grep cramfs stdout should eq "" | |
Command modprobe | |
✔ -n -v freevxfs stdout should match /install \/bin\/true/ | |
Command lsmod | |
✔ | grep freevxfs stdout should eq "" | |
Command modprobe | |
✔ -n -v jffs2 stdout should match /install \/bin\/true/ | |
Command lsmod | |
✔ | grep jffs2 stdout should eq "" | |
Command modprobe | |
✔ -n -v hfs stdout should match /install \/bin\/true/ | |
Command lsmod | |
✔ | grep hfs stdout should eq "" | |
Command modprobe | |
✔ -n -v hfsplus stdout should match /install \/bin\/true/ | |
Command lsmod | |
✔ | grep hfsplus stdout should eq "" | |
Command modprobe | |
✔ -n -v udf stdout should match /install \/bin\/true/ | |
Command lsmod | |
✔ | grep udf stdout should eq "" | |
File /run/shm | |
✔ should be mounted [:options, {:nodev=>true}] | |
✔ should be mounted [:options, {:nosuid=>true}] | |
✔ should be mounted [:options, {:noexec=>true}] | |
File /etc/hosts.allow | |
✔ should be file | |
✔ mode should cmp == "0644" | |
File /etc/hosts.deny | |
✔ should be file | |
✔ mode should cmp == "0644" | |
File /etc/rsyslog.d/50-default.conf | |
✔ content should match /\/var\/log\/auth.log$/ | |
✔ content should match /\/var\/log\/cron.log$/ | |
✔ content should match /\/var\/log\/daemon.log$/ | |
✔ content should match /\/var\/log\/kern.log$/ | |
✔ content should match /\/var\/log\/lpr.log$/ | |
✔ content should match /\/var\/log\/mail.err$/ | |
✔ content should match /\/var\/log\/mail.info$/ | |
✔ content should match /\/var\/log\/mail.log$/ | |
✔ content should match /\/var\/log\/mail.warn$/ | |
✔ content should match /\/var\/log\/syslog$/ | |
✔ content should match /\/var\/log\/user.log$/ | |
File /etc/audit/auditd.conf | |
✔ content should match /max_log_file = 30$/ | |
✔ content should match /space_left_action = email$/ | |
✔ content should match /action_mail_acct = root$/ | |
✔ content should match /admin_space_left_action = halt$/ | |
✔ content should match /max_log_file_action = keep_logs$/ | |
File /etc/crontab | |
✔ should be owned by "root" | |
✔ should be grouped into "root" | |
✔ mode should cmp == "0600" | |
File /etc/cron.hourly | |
✔ should be owned by "root" | |
✔ should be grouped into "root" | |
✔ mode should cmp == "0700" | |
File /etc/cron.daily | |
✔ should be owned by "root" | |
✔ should be grouped into "root" | |
✔ mode should cmp == "0700" | |
File /etc/cron.weekly | |
✔ should be owned by "root" | |
✔ should be grouped into "root" | |
✔ mode should cmp == "0700" | |
File /etc/cron.monthly | |
✔ should be owned by "root" | |
✔ should be grouped into "root" | |
✔ mode should cmp == "0700" | |
File /etc/cron.d | |
✔ should be owned by "root" | |
✔ should be grouped into "root" | |
✔ mode should cmp == "0700" | |
File /etc/at.deny | |
✔ should not exist | |
File /etc/at.allow | |
✔ should be file | |
✔ should be owned by "root" | |
✔ should be grouped into "root" | |
✔ mode should cmp == "0600" | |
File /etc/cron.deny | |
✔ should not be file | |
File /etc/cron.allow | |
✔ should be file | |
✔ should be owned by "root" | |
✔ should be grouped into "root" | |
✔ mode should cmp == "0600" | |
Test Summary: 125 successful, 0 failures, 0 skipped | |
Finished verifying <default-ubuntu-1404> (0m6.63s). | |
-----> Kitchen is finished. (0m7.22s) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment