Detailed Description

Update os_env documentation to state where variables should be set for controls using the os_env resource.

Context

Why is thi

As per this inline comment[1], there's a mismatch between the title/description and the actual test for systcl-17[2], martian logging.

The title says we're testing to ensure martian logging is disabled, but the actual test verifies that the logging is enabled. If I'm understanding correctly it's possible, even likely, that this is just a simple oversight in commit bb7c532f where the test

This is related to terraform-providers/terraform-provider-google#2895

In summary, if I try to set an object ACL for an object named foo/bar/baz in bucket testing-bucket, the POST API call is made to the URLhttps://www.googleapis.com/storage/v1/b/testing-bucket/o/foo/bar/baz/acl.

The object name is encoded wrongly in the URL as per the documentation [here](ht

Describe the bug
Protocol sftp is disabled by default. This enforces using scp. Described in README:

This role by default deactivates SFTP.

Expected behavior
Today I have read release notes of OpenSSH 8.0 when they say:

https://github.com/dev-sec/windows-baseline/blob/master/README.md

The second line below should be different...

* se_impersonate_privilege define which users are allowed to impersonate a client after authentication

* se_load_driver_privilege define which users are allowed to impersonate a client after authentication

Provide support for checking the database encryption configuration on a CloudSQL database instance.

Detailed Description

This change modifies the google_sql_database_instance_rb file to use Google::Apis::SqlV1beta4::SqlAdminService instead of Google::Apis::SqladminV1beta4::SqlAdminService

Context

I wish to validate the database_encryption_configuration on a CloudSQL Database Inst

When this is used as a resource pack but the controls are not used it populates the output data with extra data. I think we should split this into a proper resource pack and then an example repo that depends on the resource pack and put the control tests in the example.

🎛 Description

It seems that the ELB resource provides functionality for users to test ELB's and NLB's. It would be worthwhile to update the documentation to reflect this.
Also, it appears that a link to the ELB documentation has been left out of the README.md

The documentation should be updated for the AzurermAdUsers resource with an example of using the user's filter, added here: #227

Each bug report comes with a unique file that was used to generate the error. We should place these files in the test folder and include them in the CI pipeline as a form of regression testing.

At the same time it would be nice to look over the example files and ensure those in the file are truly 'exemplar'.

As highlighted in #16, the inspec test (https://github.com/dev-sec/postgres-baseline/blob/master/controls/postgres_spec.rb#L69-L73) for:

describe service(postgres.service) do
   it { should be_installed }
   it { should be_running }
   it { should be_enabled }
end

do not work well across all operating systems. We need to investigate if this is caused by docker or by inspec.

Without this, auditing is not guaranteed to be started at the earliest possible moment during the boot sequence.

The "Clear Filter" button on the evaluations /heimdall/evaluations/<uuid> gets hidden behind some of the other UI elements as you scroll down the page. See the below images:

<img width="471" alt="screen shot 2019-01-29 at 10 29 29"