--- driver: name: docker use_sudo: false privileged: true http_proxy: <%= ENV['http_proxy'] || nil %> https_proxy: <%= ENV['https_proxy'] || nil %> transport: max_ssh_sessions: 5 provisioner: name: ansible_playbook hosts: all require_ansible_repo: false require_chef_for_busser: false require_ruby_for_busser: false ansible_verbose: true ansible_diff: true hosts: all roles_path: ../ansible-nginx-hardening/ http_proxy: <%= ENV['http_proxy'] || nil %> https_proxy: <%= ENV['https_proxy'] || nil %> playbook: tests/test.yml requirements_path: requirements.yml galaxy_ignore_certs: true platforms: - name: centos6-ansible-latest driver: image: rndmh3ro/docker-centos6-ansible:latest platform: centos - name: centos7-ansible-latest driver: image: rndmh3ro/docker-centos7-ansible:latest platform: centos run_command: /sbin/init provision_command: - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config - systemctl enable sshd.service - name: oracle6-ansible-latest driver: image: rndmh3ro/docker-oracle6-ansible:latest platform: centos - name: oracle7-ansible-latest driver: image: rndmh3ro/docker-oracle7-ansible:latest run_command: /sbin/init platform: centos provision_command: - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config - systemctl enable sshd.service - name: ubuntu1404-ansible-latest driver: image: rndmh3ro/docker-ubuntu1404-ansible:latest platform: ubuntu - name: ubuntu1604-ansible-latest driver: image: rndmh3ro/docker-ubuntu1604-ansible:latest platform: ubuntu run_command: /sbin/init provision_command: - systemctl enable ssh.service - name: debian8-ansible-latest driver: image: rndmh3ro/docker-debian8-ansible:latest platform: debian - name: debian9-ansible-latest driver: image: rndmh3ro/docker-debian9-ansible:latest platform: debian run_command: /sbin/init provision_command: - apt install -y systemd-sysv - systemctl enable ssh.service - name: amazon-ansible-latest driver: image: rndmh3ro/docker-amazon-ansible:latest platform: centos run_command: /sbin/init provision_command: - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config - systemctl enable sshd.service verifier: name: inspec sudo: true inspec_tests: - ../nginx-baseline #- https://github.com/dev-sec/nginx-baseline controls: - nginx-01 - nginx-02 - nginx-03 - nginx-04 - nginx-05 - nginx-06 - nginx-07 - nginx-08 - nginx-09 - nginx-10 - nginx-12 - nginx-13 - nginx-14 - nginx-15 - nginx-17 suites: - name: nginx