From 7237f8b8cf4623ea6e22f15bde590f0a5849f64a Mon Sep 17 00:00:00 2001 From: misterpantz Date: Mon, 25 Nov 2024 15:04:31 -0800 Subject: [PATCH 1/2] Fix Ansible inventory scan command --- docs/platform/infra/opsys/automation/ansible.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/platform/infra/opsys/automation/ansible.md b/docs/platform/infra/opsys/automation/ansible.md index 9d0429d9..2655b889 100644 --- a/docs/platform/infra/opsys/automation/ansible.md +++ b/docs/platform/infra/opsys/automation/ansible.md @@ -237,8 +237,7 @@ Generate a `hosts.json` file from the `ansible-inventory` command and then pass ```bash title="Generate hosts.json and scan with cnspec scan command" ansible-inventory -i hosts.ini --list > hosts.json -cnspec scan --inventory-file hosts.json --inventory-format-ansible - +cnspec scan --inventory-file hosts.json --inventory-file - --inventory-format-ansible ``` Both cnspec and the Mondoo Console show results from each policy that runs against your assets. From a072e34dc78b5f8e9b8a0fcedf067c10d90c4790 Mon Sep 17 00:00:00 2001 From: misterpantz Date: Mon, 25 Nov 2024 17:03:02 -0800 Subject: [PATCH 2/2] Put it in the right place good heavens --- .../infra/opsys/automation/_ansible-hide.md | 4 ++-- .../infra/opsys/automation/ansible.md | 21 ++++++++++++++++++- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/docs/platform/infra/opsys/automation/_ansible-hide.md b/docs/platform/infra/opsys/automation/_ansible-hide.md index 74e896f9..b6c5b033 100644 --- a/docs/platform/infra/opsys/automation/_ansible-hide.md +++ b/docs/platform/infra/opsys/automation/_ansible-hide.md @@ -10,10 +10,10 @@ The method for scanning an Ansible inventory depends on whether your shell suppo ##### Option A: Pipe the Ansible inventory to cnspec scan -The first option if you are using a shell such as `bash` or `zsh` that supports `|` redirects is to pipe the output of the `ansible-inventory -i hosts.ini --list` command to `cnspec scan --inventory-format-ansible`. For `FILENAME`, substitute the name of the inventory file. +The first option if you are using a shell such as `bash` or `zsh` that supports `|` redirects is to pipe the output of the `ansible-inventory -i hosts.ini --list` command to `cnspec scan --inventory-format-ansible`. ```bash title="Pipe the contents of an Ansible inventory to the cnspec scan command" -ansible-inventory -i hosts.ini --list | cnspec scan --inventory-format-ansible +ansible-inventory -i hosts.ini --list | cnspec scan --inventory-file - --inventory-format-ansible ``` ##### Option B: Scan Ansible inventory hosts.json diff --git a/docs/platform/infra/opsys/automation/ansible.md b/docs/platform/infra/opsys/automation/ansible.md index 2655b889..2e237b7c 100644 --- a/docs/platform/infra/opsys/automation/ansible.md +++ b/docs/platform/infra/opsys/automation/ansible.md @@ -232,12 +232,31 @@ instance1 | SUCCESS => { #### Step 2: Scan the Ansible inventory +The method for scanning an Ansible inventory depends on whether your shell supports `|`. + +##### Option A: Pipe the Ansible inventory to cnspec scan + +The first option if you are using a shell such as `bash` or `zsh` that supports `|` redirects is to pipe the output of the `ansible-inventory -i hosts.ini --list` command to `cnspec scan --inventory-format-ansible`. If the inventory file is + +```bash title="Pipe the contents of an Ansible inventory to the cnspec scan command" +ansible-inventory -i hosts.ini --list | cnspec scan --inventory-file - --inventory-format-ansible +``` + +##### Option B: Scan Ansible inventory hosts.json + +If your shell does not support pipes, you can generate a `hosts.json` from the `ansible-inventory` command and then pass that file to `cnspec scan` using the `--inventory-file` flag. + +```bash title="Generate hosts.json and scan with cnspec scan command" +ansible-inventory -i hosts.ini --list > hosts.json +cnspec scan --inventory-file hosts.json --inventory-format-ansible +``` + Generate a `hosts.json` file from the `ansible-inventory` command and then pass that file to `cnspec scan` using the `--inventory-file` flag. ```bash title="Generate hosts.json and scan with cnspec scan command" ansible-inventory -i hosts.ini --list > hosts.json -cnspec scan --inventory-file hosts.json --inventory-file - --inventory-format-ansible +cnspec scan --inventory-file hosts.json --inventory-format-ansible ``` Both cnspec and the Mondoo Console show results from each policy that runs against your assets.