The InSpec Assessor Lab is a GitHub environment that makes it quick and easy for you to start learning and working on executing your own InSpec profiles.
It is also a great, quick, and easy way to test and demonstrate what you have learned or collaborate with others to get help with what you are working on.
The repository is setup to be very low overhead, we use a simple setup.sh script to quickly add the tools you need to get started easily, along with two containers to act as testing targets.
- CodeSpaces Linux Base Community Image
- InSpec Omnitruk install of the latest InSpec
curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -c stable -P inspec
- MITRE SAF CLI
- Docker Compose File which starts:
- RedHat UBI8 Container
- NGINX Web Server Container
To use the lab:
- Make sure you've signed in to your GitHub Account
- On the SAF Training repo, click the green 'Use this template' dropdown button and select 'Create a new repository'
-
Check to make sure your username is the owner of the new repository and enter a name for your repository. We recommend to name it
saf-training-lab-environmentfor ease. Additionally, feel free to make your repository public, if it isn't already. -
Click the 'Create repository from template' button at the bottom
- if the button is greyed out, check to make sure you've selected your username as the owner, and named the repository.
-
Wait for your repository to open up, then click the 'Code' drop down button
-
After clicking the 'Code' button, a drop down menu should display, with a 'Local' and a 'Codespace' option. Select the 'Codespace' tab, then click the button that says 'Create codespace on main'
- Note: please make sure to read the Codespace section of this README, as GitHub has updated their policy about Codespaces.
-
A new tab in your browser should open up with your Codespace. It should open up the README.md file, with a terminal at the bottom.
-
We will then install three extensions - Click the extensions box on the left-hand bar.
Search and install these three extensions:
- Ruby
- Docker
- Prettier
- In the terminal, run the
lab-setup.shscript
source ./lab-setup.shOnce this has finished, your terminal should display something like this, right before your username and the path to your codespace.
You should have InSpec installed in your environment, the MITRE SAF CLI and two running docker containers - tagged as nginx and redhat8.
- Once complete, you can verify the setup in your environment with the
verify-lab.shscript:
./verify-lab.shWhich should return something like:
MITRE SAF version:
@mitre/saf/1.1.6 darwin-arm64 node-v18.2.0
InSpec version:
5.14.0
Docker is running the container(s):
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4f0ceb9b5974 nginx:latest "/docker-entrypoint.…" 2 months ago Up 6 minutes 0.0.0.0:80->80/tcp nginx
Previously, the SAF Training courses utilized GitHub Codespaces as a way for users to learn and work on executing InSpec profiles. GitHub has updated their policy so that Codespaces can be used for a certain amount of time before the user gets billed. If you have a free GitHub account, you're given 120 core hours per month. This means that if you use a 2-core machine, and your codespace runs for 8 hours, you've used up 16 (2 mulitplied by 8 = 16) core hours out of the 120. You can read more about it here:
Additionally, all active Codespaces can be found here:
From the above link, you can access all of your codespaces, and stop the codespace as well.
Docker Container Restart May be Needed
Occasionally, you may have to restart your Docker containers again. To do this:
- Run:
docker ps - If your containers are not running, then just run:
lab-setup.sh - Run:
docker psagain to verify that your containers are again running in your environment.
Your repository is yours to command, you have full sudo access and can install any software or services you like, run databases, web-servers, etc. and expose any ports that you might need to do your work.
Go for it and if for some reason you break your environment, just start a new one.
© 2018-2022 The MITRE Corporation.
Approved for Public Release; Distribution Unlimited. Case Number 18-3678.
MITRE hereby grants express written permission to use, reproduce, distribute, modify, and otherwise leverage this software to the extent permitted by the licensed terms provided in the LICENSE.md file included with this project.
This software was produced for the U. S. Government under Contract Number HHSM-500-2012-00008I, and is subject to Federal Acquisition Regulation Clause 52.227-14, Rights in Data-General.
No other use other than that granted to the U. S. Government, or to those acting on behalf of the U. S. Government under that Clause is authorized without the express written permission of The MITRE Corporation.
For further information, please contact The MITRE Corporation, Contracts Management Office, 7515 Colshire Drive, McLean, VA 22102-7539, (703) 983-6000.