update 168, properly tagged inspec.yml

mitre · May 3, 2024 · 0b4256f · 0b4256f
1 parent 88ae584
commit 0b4256f
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 23 deletions.
diff --git a/spec/mongo-inspec-profile/controls/SV-252168.rb b/spec/mongo-inspec-profile/controls/SV-252168.rb
@@ -49,7 +49,7 @@
 
   check_command="db.getSiblingDB('admin').runCommand({getCmdLineOpts: 1}).parsed.security.redactClientLogData"
 
-  run_check_command = "mongosh mongodb://#{input('mongo_dba')}:#{input('mongo_dba_password')}@#{input('mongo_host')}:#{input('mongo_port')} --quiet --eval \"#{check_command}\""
+  run_check_command = "mongosh \"mongodb://#{input('mongo_dba')}:#{input('mongo_dba_password')}@#{input('mongo_host')}:#{input('mongo_port')}/?tls=true&tlsCAFile=#{input('ca_file')}&tlsCertificateKeyFile=#{input('certificate_key_file')}\" --quiet --eval \"#{check_command}\""
 
   check_output = command(run_check_command)
 

diff --git a/spec/mongo-inspec-profile/inspec.yml b/spec/mongo-inspec-profile/inspec.yml
@@ -12,9 +12,10 @@ depends: []
 inspec_version: null
 
 inputs:
-  # SV-252134, SV-252135, SV-252136, SV-252137, SV-252138, SV-252139, SV-252141, SV-252142, SV-252143
-  # SV-252145, SV-252146, SV-252147, SV-252148, SV-252149, SV-252156, SV-252159, SV-252160, SV-252164
-  # SV-252167, SV-252168, SV-252169, SV-252171, SV-252172, SV-252179, SV-252180
+  # SV-252134, SV-252135, SV-252136, SV-252137, SV-252138, SV-252139, SV-252141, SV-252142, 
+  # SV-252143, SV-252145, SV-252146, SV-252147, SV-252148, SV-252149, SV-252156, SV-252157, 
+  # SV-252159, SV-252160, SV-252164, SV-252167, SV-252168, SV-252169, SV-252171, SV-252179, 
+  # SV-252180
   - name: mongod_config_path
     description: "The path to the mongod configuration file"
     type: string
@@ -37,63 +38,72 @@ inputs:
     required: true
     sensitive: true
 
-  # SV-252141, SV-252146, SV-252154,SV-252155, SV-252157, SV-252159, SV-252165, SV-252167, SV-252168, SV-252169, SV-252174, SV-252175, SV-252176
+  # SV-252140, SV-252141, SV-252146, SV-252154, SV-252155, SV-252157, SV-252159, SV-252163,
+  # SV-252165, SV-252167, SV-252168, SV-252169, SV-252174, SV-252175, SV-252176, SV-252182
   - name: mongo_dba
     description: "The mongo DBA user to access the test database"
     type: string
     required: true
     sensitive: true
 
-  # SV-252141, SV-252146, SV-252154,SV-252155, SV-252157, SV-252159, SV-252165, SV-252167, SV-252168, SV-252169, SV-252174, SV-252175, SV-252176
+  # SV-252140, SV-252141, SV-252146, SV-252154, SV-252155, SV-252157, SV-252159, SV-252163,
+  # SV-252165, SV-252167, SV-252168, SV-252169, SV-252174, SV-252175, SV-252176, SV-252182
   - name: mongo_dba_password
     description: "The password for the mongo DBA user"
     type: string
     required: true
     sensitive: true
 
-  # SV-252141, SV-252146, SV-252154,SV-252155, SV-252157, SV-252159, SV-252165, SV-252167, SV-252168, SV-252169, SV-252174, SV-252175, SV-252176
+  # SV-252140, SV-252141, SV-252146, SV-252154, SV-252155, SV-252157, SV-252159, SV-252163,
+  # SV-252165, SV-252167, SV-252168, SV-252169, SV-252174, SV-252175, SV-252176, SV-252182
   - name: mongo_host
     description: "The hostname or IP address used to connect to the database"
     type: string
     required: true
     sensitive: true
 
-  # SV-252141, SV-252146, SV-252154,SV-252155, SV-252157, SV-252159, SV-252165, SV-252167, SV-252168, SV-252169, SV-252174, SV-252175, SV-252176
+  # SV-252140, SV-252141, SV-252146, SV-252154, SV-252155, SV-252157, SV-252159, SV-252163,
+  # SV-252165, SV-252167, SV-252168, SV-252169, SV-252174, SV-252175, SV-252176, SV-252182
   - name: mongo_port
     description: "The port used to connect to the database"
     type: numeric
     required: true
     sensitive: true
 
-  # SV-252155, SV-252174
+  # SV-252140, SV-252155, SV-252157, SV-252163, SV-252174
   - name: mongo_auth_source
     description: "The database used to authorize users"
     type: string
     required: true
     sensitive: true
 
+  # SV-252134, SV-252171
   - name: mongo_filter
     description: "The filter used in authLog"
     type: string
     value: "{ atype: { $in: [ \"createCollection\", \"dropCollection\" ] } }"
     required: true
     sensitive: true
 
-  # SV-252141, SV-252146, SV-252154,SV-252155, SV-252157, SV-252159, SV-252165, SV-252167, SV-252168, SV-252169, SV-252174, SV-252175, SV-252176
+  # SV-252139, SV-252140, SV-252141, SV-252146, SV-252147, SV-252154, SV-252155, SV-252157, 
+  # SV-252159, SV-252160, SV-252163, SV-252165, SV-252167, SV-252168, SV-252169, SV-252174, 
+  # SV-252175, SV-252176, SV-252179, SV-252180, SV-252182
   - name: ca_file
     description: "The path to the CA file"
     type: string
     required: true
     sensitive: true
 
-  # SV-252141, SV-252146, SV-252154,SV-252155, SV-252157, SV-252159, SV-252165, SV-252167, SV-252168, SV-252169, SV-252174, SV-252175, SV-252176
+  # SV-252139, SV-252140, SV-252141, SV-252146, SV-252147, SV-252154, SV-252155, SV-252157, 
+  # SV-252159, SV-252160, SV-252163, SV-252165, SV-252167, SV-252168, SV-252169, SV-252174, 
+  # SV-252175, SV-252176, SV-252179, SV-252180, SV-252182
   - name: certificate_key_file
     description: "The path to the certificate key file"
     type: string
     required: true
     sensitive: true
 
-  # SV-252154, SV-252155, SV-252157
+  # SV-252140, SV-252154, SV-252155, SV-252157, SV-252163, SV-252174
   - name: mongo_superusers
     description: "Authorized superuser accounts"
     type: array
@@ -102,7 +112,7 @@ inputs:
     required: true
     sensitive: true
 
-  # SV-252154, SV-252155, SV-252157
+  # SV-252155, SV-252157
   - name: mongo_users
     description: "Authorized user accounts in the format of database.user"
     type: array
@@ -132,15 +142,6 @@ inputs:
     required: true
     sensitive: true
 
-  # SV-252154
-  - name: mongo_dbs
-    description: "Authorized mongo databases"
-    type: array
-    value:
-      - ""
-    required: true
-    sensitive: true
-
   # SV-252135, SV-252136, SV-252142, SV-252160
   - name: mongo_permissions
     description: "File and directory permissions that should be granted to mongo"
@@ -190,19 +191,21 @@ inputs:
     value: false
     required: true
 
-  # SV-252157
+  # SV-252149, SV-252157
   - name: ldap_enabled
     description: "LDAP is used for authentication and authorization"
     type: boolean
     value: false
     required: true
 
+  # SV-252141, SV-252182
   - name: mongo_version
     description: "The edition of MongoDB in use"
     type: string
     value: "7.0.5"
     required: true
 
+  # SV-252182
   - name: mongo_edition
     description: "The edition of MongoDB in use"
     type: string