search

dev-sec / cis-docker-benchmark

CIS Docker Benchmark - InSpec Profile
https://dev-sec.io/baselines/docker/
Apache License 2.0
488 stars 114 forks source link

uploading cis docker profile to chef compliance #46

Closed raghureddy45 closed 6 years ago

raghureddy45 commented 6 years ago

chef-compliance version Version: 1.12.1(latest) I was trying to upload cis-docker-benchmark profile to compliance. I am getting following error.!!

Profile is valid Generate temporary profile archive at /var/folders/ks/x873n92n6vb62rrt_qfpt8f40000gp/T/cis-docker-benchmark20171221-24480-wzaned.tar.gz I, [2017-12-21T12:29:16.364667 #24480] INFO -- : Generate archive /var/folders/ks/x873n92n6vb62rrt_qfpt8f40000gp/T/cis-docker-benchmark20171221-24480-wzaned.tar.gz. I, [2017-12-21T12:29:16.381412 #24480] INFO -- : Finished archive generation. Start upload to walmart45/cis-docker-benchmark Uploading to Chef Compliance Error during profile upload: "Failed to POST /owners/walmart45/compliance/cis-docker-benchmark/tar."

compliance log shows.!! /var/log/chef-compliance/core/current

2017-12-21_18:29:16.84343 18:29:16.840 DEB => Extracting incoming tar to /var/opt/chef-compliance/core/runtime/compliance-profiles/upload_525211858 2017-12-21_18:29:16.84344 18:29:16.843 DEB => Extracted upload to /var/opt/chef-compliance/core/runtime/compliance-profiles/upload_525211858 2017-12-21_18:29:16.84344 18:29:16.843 DEB => Found compliance root folder in /var/opt/chef-compliance/core/runtime/compliance-profiles/upload_525211858 2017-12-21_18:29:16.84344 18:29:16.843 DEB => Run: cd /var/opt/chef-compliance/core/runtime/compliance-profiles/upload_525211858 && inspec [check . --format json --profiles-path /var/opt/chef-compliance/core/runtime/compliance-profiles] 2017-12-21_18:29:18.27781 WARN: Unresolved specs during Gem::Specification.reset: 2017-12-21_18:29:18.27782 net-ssh (< 5.0, >= 2.6.5, >= 2.9) 2017-12-21_18:29:18.27782 ffi (>= 1.0.1) 2017-12-21_18:29:18.27783 multi_json (~> 1.10) 2017-12-21_18:29:18.27783 rainbow (~> 2) 2017-12-21_18:29:18.27783 rspec (~> 3) 2017-12-21_18:29:18.27783 addressable (~> 2.4) 2017-12-21_18:29:18.27783 WARN: Clearing out unresolved specs. 2017-12-21_18:29:18.27783 Please report a bug if this causes problems. 2017-12-21_18:29:18.54880 /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/rspec-expectations-3.7.0/lib/rspec/matchers.rb:960:in method_missing': undefined local variable or methodauditd' for #<#:0x00000002de9b10> (NameError) 2017-12-21_18:29:18.54882 from ./controls/host_configuration.rb:187:in block in load_with_context' 2017-12-21_18:29:18.54882 from /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/inspec-1.34.9/lib/inspec/rule.rb:49:ininstance_eval' 2017-12-21_18:29:18.54882 from /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/inspec-1.34.9/lib/inspec/rule.rb:49:in initialize' 2017-12-21_18:29:18.54882 from /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/inspec-1.34.9/lib/inspec/control_eval_context.rb:71:innew' 2017-12-21_18:29:18.54883 from /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/inspec-1.34.9/lib/inspec/control_eval_context.rb:71:in block (2 levels) in create' 2017-12-21_18:29:18.54883 from ./controls/host_configuration.rb:173:inload_with_context' 2017-12-21_18:29:18.54883 from /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/inspec-1.34.9/lib/inspec/profile_context.rb:146:in instance_eval' 2017-12-21_18:29:18.54883 from /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/inspec-1.34.9/lib/inspec/profile_context.rb:146:inload_with_context' 2017-12-21_18:29:18.54884 from /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/inspec-1.34.9/lib/inspec/profile_context.rb:130:in load_control_file' 2017-12-21_18:29:18.54884 from /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/inspec-1.34.9/lib/inspec/profile.rb:151:inblock in collect_tests' 2017-12-21_18:29:18.54884 from /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/inspec-1.34.9/lib/inspec/profile.rb:148:in each' 2017-12-21_18:29:18.54884 from /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/inspec-1.34.9/lib/inspec/profile.rb:148:incollect_tests' 2017-12-21_18:29:18.54884 from /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/inspec-1.34.9/lib/inspec/profile.rb:454:in load_checks_params' 2017-12-21_18:29:18.54885 from /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/inspec-1.34.9/lib/inspec/profile.rb:447:inload_params' 2017-12-21_18:29:18.54885 from /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/inspec-1.34.9/lib/inspec/profile.rb:141:in params' 2017-12-21_18:29:18.54885 from /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/inspec-1.34.9/lib/inspec/profile.rb:307:incontrols_count' 2017-12-21_18:29:18.54886 from /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/inspec-1.34.9/lib/inspec/profile.rb:278:in check' 2017-12-21_18:29:18.54886 from /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/inspec-1.34.9/lib/inspec/cli.rb:69:incheck'

what am i missing here? need to update rspec version? please guide me to resolve this issue.

Thanks in advance.

chris-rock commented 6 years ago

Thank you for reporting @raghureddy45 I am going to have a look at this tomorrow.

chris-rock commented 6 years ago

We update the readme in #47 This profile requires InSpec 1.38.8 since it is using the auditd resouce, but latest Chef Compliance ships with InSpec 1.34.9. A new release for Chef Compliance is scheduled for January which includes latest InSpec.

In the meantime you can do the following:

$ git clone https://github.com/dev-sec/cis-docker-benchmark.git
Cloning into 'cis-docker-benchmark'...
remote: Counting objects: 587, done.
remote: Compressing objects: 100% (96/96), done.
remote: Total 587 (delta 81), reused 84 (delta 38), pack-reused 453
Receiving objects: 100% (587/587), 171.92 KiB | 205.00 KiB/s, done.
Resolving deltas: 100% (341/341), done.
$ cd cis-docker-benchmark 
$ rm controls/host_configuration.rb 
$ inspec archive .

Please let us know if this is helpful.