update local inspec.yml to not clash with one pulled from github

README.md

@@ -12,7 +12,7 @@ A workflow for hardening a MongoDB container against a STIG using Packer and Ans
 
 ## Tailoring Your Scan to Your Environment
 
-To ensure the profile runs correctly in your specific environment, you need to configure the inputs in the `inputs.yml`. This will **OVERRIDE THE VALUE SET** in `inspec.yml`. A template file named `inputs_template.yml` is provided to help you get started. More information about InSpec inputs can be found in the [InSpec Profile Documentation](https://docs.chef.io/inspec/profiles/).
+To ensure the profile runs correctly in your specific environment, you need to configure the inputs in the `inputs.yml`. This will **OVERRIDE THE VALUE SET** in `inspec.yml` located [here](https://github.com/mitre/mongodb-enterprise-advanced-4-stig-baseline/blob/main/inspec.yml). A template file named `inputs_template.yml` is provided to help you get started. More information about InSpec inputs can be found in the [InSpec Profile Documentation](https://docs.chef.io/inspec/profiles/).
 
 ### Verify Ansible Variables
 

spec/mongo-inspec-profile/inspec.yml

@@ -1,4 +1,4 @@
-name: MongoDB_Enterprise_Advanced_4-x_STIG
+name: MongoDB_Enterprise_Advanced_4-x_STIG_Overlay
 title: null
 maintainer: null
 copyright: null
@@ -12,207 +12,4 @@ depends:
   - name: mongodb-enterprise-advanced-4-stig-baseline
     git:  https://github.com/mitre/mongodb-enterprise-advanced-4-stig-baseline.git
     branch: main
-inspec_version: null
-
-inputs:
-  # SV-252134, SV-252135, SV-252136, SV-252137, SV-252138, SV-252139, SV-252141, SV-252142, 
-  # SV-252143, SV-252145, SV-252146, SV-252147, SV-252148, SV-252149, SV-252156, SV-252157, 
-  # SV-252159, SV-252160, SV-252164, SV-252167, SV-252168, SV-252169, SV-252171, SV-252179, 
-  # SV-252180
-  - name: mongod_config_path
-    description: "The path to the mongod configuration file"
-    type: string
-    value: "/etc/mongod.conf"
-    required: true
-
-  # SV-252135, SV-252136, SV-252142, SV-252160
-  - name: mongo_owner
-    description: "The system user of the mongod process"
-    type: string
-    value: "root"
-    required: true
-    sensitive: true
-
-  # SV-252135, SV-252136, SV-252142, SV-252160
-  - name: mongo_group
-    description: "The system group of the mongod process"
-    type: string
-    value: "root"
-    required: true
-    sensitive: true
-
-  # SV-252140, SV-252141, SV-252146, SV-252154, SV-252155, SV-252157, SV-252159, SV-252163,
-  # SV-252165, SV-252167, SV-252168, SV-252169, SV-252174, SV-252175, SV-252176, SV-252182
-  - name: mongo_dba
-    description: "The mongo DBA user to access the test database"
-    type: string
-    required: true
-    sensitive: true
-
-  # SV-252140, SV-252141, SV-252146, SV-252154, SV-252155, SV-252157, SV-252159, SV-252163,
-  # SV-252165, SV-252167, SV-252168, SV-252169, SV-252174, SV-252175, SV-252176, SV-252182
-  - name: mongo_dba_password
-    description: "The password for the mongo DBA user"
-    type: string
-    required: true
-    sensitive: true
-
-  # SV-252140, SV-252141, SV-252146, SV-252154, SV-252155, SV-252157, SV-252159, SV-252163,
-  # SV-252165, SV-252167, SV-252168, SV-252169, SV-252174, SV-252175, SV-252176, SV-252182
-  - name: mongo_host
-    description: "The hostname or IP address used to connect to the database"
-    type: string
-    required: true
-    sensitive: true
-
-  # SV-252140, SV-252141, SV-252146, SV-252154, SV-252155, SV-252157, SV-252159, SV-252163,
-  # SV-252165, SV-252167, SV-252168, SV-252169, SV-252174, SV-252175, SV-252176, SV-252182
-  - name: mongo_port
-    description: "The port used to connect to the database"
-    type: numeric
-    required: true
-    sensitive: true
-
-  # SV-252140,SV-252154, SV-252155, SV-252157, SV-252163, SV-252174
-  - name: mongo_auth_source
-    description: "The database used to authorize users"
-    type: string
-    required: true
-    sensitive: true
-
-  # SV-252134, SV-252171
-  - name: mongo_filter
-    description: "The filter used in authLog"
-    type: string
-    value: "{ atype: { $in: [ \"createCollection\", \"dropCollection\" ] } }"
-    required: true
-    sensitive: true
-
-  # SV-252139, SV-252140, SV-252141, SV-252146, SV-252147, SV-252154, SV-252155, SV-252157, 
-  # SV-252159, SV-252160, SV-252163, SV-252165, SV-252167, SV-252168, SV-252169, SV-252174, 
-  # SV-252175, SV-252176, SV-252179, SV-252180, SV-252182
-  - name: ca_file
-    description: "The path to the CA file"
-    type: string
-    required: true
-    sensitive: true
-
-  # SV-252139, SV-252140, SV-252141, SV-252146, SV-252147, SV-252154, SV-252155, SV-252157, 
-  # SV-252159, SV-252160, SV-252163, SV-252165, SV-252167, SV-252168, SV-252169, SV-252174, 
-  # SV-252175, SV-252176, SV-252179, SV-252180, SV-252182
-  - name: certificate_key_file
-    description: "The path to the certificate key file"
-    type: string
-    required: true
-    sensitive: true
-
-  # SV-252140, SV-252154, SV-252155, SV-252157, SV-252163, SV-252174
-  - name: mongo_superusers
-    description: "Authorized superuser accounts"
-    type: array
-    value:
-      - "admin.root"
-    required: true
-    sensitive: true
-
-  # SV-252155, SV-252157
-  - name: mongo_users
-    description: "Authorized user accounts in the format of database.user"
-    type: array
-    value:
-      - "test.myTester"
-      - "products.myRoleTestUser"
-    required: true
-    sensitive: true
-
-  # SV-252155
-  - name: mongo_roles
-    description: "Authorized roles for MongoDB in the format of database.role"
-    type: array
-    value:
-      - "admin.root"
-      - "products.myTestRole"
-      - "test.read"
-    required: true
-    sensitive: true
-
-  # SV-252140, SV-252163, SV-252174
-  - name: inappropriate_mongo_privileges
-    description: "Inappropriate priveleges for all roles in MongoDB"
-    type: array
-    value:
-      - "changeStream"
-      - "createCollection"
-    required: true
-    sensitive: true
-
-  # SV-252135, SV-252136, SV-252142, SV-252160
-  - name: mongo_permissions
-    description: "File and directory permissions that should be granted to mongo"
-    type: string
-    value: "0600"
-    required: true
-
-  # SV-252135
-  - name: mongo_audit_directory_path
-    description: "The path to the mongo audit directory"
-    type: string
-    value: "/var/log/mongodb/audit/"
-    required: true
-
-  # SV-252134, SV-252135, SV-252171
-  - name: mongo_audit_file_path
-    description: "The path to the mongo audit file"
-    type: string
-    value: "/var/log/mongodb/audit/auditLog.bson"
-    required: true
-
-  # SV-252139, SV-252160, SV-252179, SV-252180
-  - name: certificate_key_file_dest
-    description: "The path to the mongo certificate key"
-    type: string
-    value: "/etc/ssl/mongodb.pem"
-    required: true
-
-  # SV-252139, SV-252160, SV-252179, SV-252180
-  - name: ca_file_dest
-    description: "The path to the mongo CA file"
-    type: string
-    value: "/etc/ssl/CA_bundle.pem"
-    required: true
-
-  # SV-252142
-  - name: data_file_directory_path
-    description: "The path to the mongo data file directory"
-    type: string
-    value: "/data/db/"
-    required: true
-
-  # SV-252147, SV-252165
-  - name: encryption_at_rest
-    description: "If any data is PII, classified or is deemed by the organization the need to be encrypted at rest"
-    type: boolean
-    value: false
-    required: true
-
-  # SV-252149, SV-252157
-  - name: ldap_enabled
-    description: "LDAP is used for authentication and authorization"
-    type: boolean
-    value: false
-    required: true
-
-  # SV-252141, SV-252182
-  - name: mongo_version
-    description: "The edition of MongoDB in use"
-    type: string
-    value: "7.0.11"
-    required: true
-
-  # SV-252182
-  - name: mongo_edition
-    description: "The edition of MongoDB in use"
-    type: string
-    value: mongodb-enterprise-server
-    required: true
-
+inspec_version: null