ssl-baseline
ssl-baseline copied to clipboard
dev-sec
DevSec SSL/TLS Baseline - InSpec Profile
**Describe the bug** ssl-baseline skipped checks, please see attached code **Expected behavior** ssl-baseline start all checks **Example code** `Profile: DevSec SSL/TLS Baseline (ssl-baseline) Version: 1.6.4 Target: ssh://root@xxxx:22 ✔ debugging: Inspec::Version=4.37.20...
**Describe the bug** It appears that this profile would work on Windows. There does not appears to be any method of over writing the platform support on dependent profiles. **Expected...
**Describe the bug** Inspec cannot run this profile against Amazon Linux 2. **Expected behavior** Inspec profile runs and reports detectable flaws in target system ssl/tls listeners. **Actual behavior** ```paste below...
Explicit FTPS (FTP over TLS) requires a normal, non-encrypted connection be made, then the command "AUTH TLS" to invoke the encryption handshake. Because that doesn't happen until after the connection...
Hi, if I try running this profile I get the following error: ` inspec exec https://github.com/dev-sec/ssl-baseline -t ssh://user@host:port [2018-06-20T07:59:14+02:00] WARN: URL target https://github.com/dev-sec/ssl-baseline transformed to https://github.com/dev-sec/ssl-baseline/archive/master.tar.gz. Consider using the git...
### Background: I have been using the ssl-baseline profile to demonstrate a simple failure/remediation story using this cookbook to configure apache for ssl: https://github.com/chef-cft/bjc/tree/master/cookbooks/bjc-ecommerce Recent updates look to produce an...
That's a fun issue title! Let's elaborate some. When running out of test kitchen in any version later than 1.1.1 (tested and confirmed failure pinned to 1.2.0), there is different...