mitre · karikarshivani · Oct 18, 2024 · Oct 15, 2024 · Oct 15, 2024 · Oct 16, 2024
diff --git a/.github/workflows/verify-vagrant.yml b/.github/workflows/verify-vagrant.yml
@@ -12,49 +12,73 @@ on:
 jobs:
   my-job:
     name: Validate my profile
-    runs-on: macos-latest
+    runs-on: ubuntu-22.04
     env:
       CHEF_LICENSE: accept-silent
+      CHEF_LICENSE_KEY: ${{ secrets.SAF_CHEF_LICENSE_KEY }}
       KITCHEN_YAML: kitchen.vagrant.yml
     strategy:
       matrix:
         suite: ['hardened']
       fail-fast: false
     steps:
-      - name: Add jq for output formatting
-        run: brew install jq
+      - name: Add needed packages
+        run: |
+          sudo apt-get update
+          sudo apt-get -y install jq
+
+      - name: Add VirtualBox
+        run: sudo apt-get install virtualbox
+
+      - name: Add vagrant
+        run: |
+          wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
+          echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
+          sudo apt update && sudo apt install vagrant
+
       - name: Check out repository
         uses: actions/checkout@v4
+
       - name: Setup Ruby
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: '3.1'
+
       - name: Disable ri and rdoc
         run: 'echo "gem: --no-ri --no-rdoc" >> ~/.gemrc'
-      - name: Setup caching
-        uses: actions/cache@v3
-        with:
-          path: vendor/bundle
-          key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-gems-
+
+      # - name: Setup caching
+      #   uses: actions/cache@v3
+      #   with:
+      #     path: vendor/bundle
+      #     key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}
+      #     restore-keys: |
+      #       ${{ runner.os }}-gems-
+
       - name: Bundle install
-        run: |
-          gem install bundler
-          bundle config path vendor/bundle
-          bundle install
+        run: bundle install
+
+      - name: Installed Inspec
+        run: bundle exec inspec version
+
+      - name: Vendor the Profile
+        run: bundle exec inspec vendor . --overwrite
+
       - name: Run kitchen test
         run: |
           cd test/cookbooks/Win2019STIG
           bundle exec kitchen test ${{ matrix.suite }} || true
+
       - name: Save Test Result JSON
         uses: actions/upload-artifact@v4
         with:
           path: test/cookbooks/Win2019STIG/results/*.json
+
       - name: Display our ${{ matrix.suite }} results summary
         uses: mitre/saf_action@v1
         with:
           command_string: 'view summary -i test/cookbooks/Win2019STIG/results/${{ matrix.suite }}-test-result.json'
+
       - name: Ensure the scan meets our ${{ matrix.suite }} results threshold
         uses: mitre/saf_action@v1
         with:

diff --git a/Gemfile b/Gemfile
@@ -4,6 +4,5 @@ gem 'test-kitchen'
 gem 'kitchen-vagrant'
 gem 'kitchen-inspec'
 gem 'inspec-bin'
-gem 'inspec_tools'
 gem 'berkshelf'
 gem 'inspec'
diff --git a/controls/V-92963.rb b/controls/V-92963.rb
@@ -61,7 +61,6 @@
     end
   else
     impact 0.0
-    desc 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers'
     describe 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers' do
       skip 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers'
     end

diff --git a/controls/V-92965.rb b/controls/V-92965.rb
@@ -88,7 +88,6 @@
   case domain_role
   when '4', '5'
     impact 0.0
-    desc 'This system is dedicated to the management of Active Directory, therefore this system is exempt from this control'
     describe 'This system is dedicated to the management of Active Directory, therefore this system is exempt from this control' do
       skip 'This system is dedicated to the management of Active Directory, therefore this system is exempt from this control'
     end

diff --git a/controls/V-92989.rb b/controls/V-92989.rb
@@ -64,9 +64,8 @@
     end
   when '2', '3'
     impact 0.0
-    desc 'This system is exempt from this control'
-    describe 'This system is exempt from this control' do
-      skip 'This system is exempt from this control'
+    describe 'This applies to domain controllers. It is NA for other systems.' do
+      skip 'This applies to domain controllers. It is NA for other systems.'
     end
   end
 end
diff --git a/controls/V-93009.rb b/controls/V-93009.rb
@@ -95,7 +95,6 @@
   case domain_role
   when '4', '5'
     impact 0.0
-    desc 'This system is dedicated to the management of Active Directory, therefore this system is exempt from this control'
     describe 'This system is dedicated to the management of Active Directory, therefore this system is exempt from this control' do
       skip 'This system is dedicated to the management of Active Directory, therefore this system is exempt from this control'
     end

diff --git a/controls/V-93011.rb b/controls/V-93011.rb
@@ -76,7 +76,6 @@
   case domain_role
   when '4', '5'
     impact 0.0
-    desc 'This system is dedicated to the management of Active Directory, therefore this system is exempt from this control'
     describe 'This system is dedicated to the management of Active Directory, therefore this system is exempt from this control' do
       skip 'This system is dedicated to the management of Active Directory, therefore this system is exempt from this control'
     end

diff --git a/controls/V-93013.rb b/controls/V-93013.rb
@@ -73,7 +73,6 @@
   case domain_role
   when '4', '5'
     impact 0.0
-    desc 'This system is dedicated to the management of Active Directory, therefore this system is exempt from this control'
     describe 'This system is dedicated to the management of Active Directory, therefore this system is exempt from this control' do
       skip 'This system is dedicated to the management of Active Directory, therefore this system is exempt from this control'
     end

diff --git a/controls/V-93015.rb b/controls/V-93015.rb
@@ -77,7 +77,6 @@
   case domain_role
   when '4', '5'
     impact 0.0
-    desc 'This system is dedicated to the management of Active Directory, therefore this system is exempt from this control'
     describe 'This system is dedicated to the management of Active Directory, therefore this system is exempt from this control' do
       skip 'This system is dedicated to the management of Active Directory, therefore this system is exempt from this control'
     end

diff --git a/controls/V-93035.rb b/controls/V-93035.rb
@@ -180,7 +180,6 @@
     end
   else
     impact 0.0
-    desc 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers'
     describe 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers' do
       skip 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers'
     end

diff --git a/controls/V-93037.rb b/controls/V-93037.rb
@@ -254,7 +254,6 @@
     end
   else
     impact 0.0
-    desc 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers'
     describe 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers' do
       skip 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers'
     end

diff --git a/controls/V-93121.rb b/controls/V-93121.rb
@@ -174,7 +174,6 @@
     end
   else
     impact 0.0
-    desc 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers'
     describe 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers' do
       skip 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers'
     end

diff --git a/controls/V-93123.rb b/controls/V-93123.rb
@@ -214,7 +214,6 @@
       end
     else
       impact 0.0
-      desc 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers'
       describe 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers' do
        skip 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers'
      end

diff --git a/controls/V-93125.rb b/controls/V-93125.rb
@@ -158,7 +158,6 @@
       end
     else
       impact 0.0
-      desc 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers'
       describe 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers' do
        skip 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers'
      end

diff --git a/controls/V-93127.rb b/controls/V-93127.rb
@@ -189,7 +189,6 @@
 
     else
       impact 0.0
-      desc 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers'
       describe 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers' do
        skip 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers'
      end

diff --git a/controls/V-93129.rb b/controls/V-93129.rb
@@ -162,7 +162,6 @@
       end
     else
       impact 0.0
-      desc 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers'
       describe 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers' do
        skip 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers'
      end

diff --git a/controls/V-93131.rb b/controls/V-93131.rb
@@ -158,7 +158,6 @@
       end
     else
       impact 0.0
-      desc 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers'
       describe 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers' do
        skip 'This system is not a domain controller, therefore this control is not applicable as it only applies to domain controllers'
      end

diff --git a/inspec.yml b/inspec.yml
@@ -5,7 +5,7 @@ copyright: The Authors
 copyright_email: [email protected]
 license: Apache-2.0
 summary: "Inspec Validation Profile for Microsoft Windows Member Server 2019 STIG"
-version: 1.3.24
+version: 1.3.25
 inspec_version: ">= 4.0"
 
 inputs: