Chef InSpec is a run-time framework and rule language used to specify compliance, security, and policy requirements. It includes a collection of resources that help you write auditing controls quickly and easily. The syntax used by both open source and Chef compliance auditing is the same.
What is an InSpec profile?
InSpec is an open-source testing framework that allows you to create human-readable profiles to store in GitHub or Amazon Simple Storage Service (Amazon S3). Then you can use Systems Manager to run compliance scans and view compliant and noncompliant nodes.
Is InSpec open-source?
InSpec is an open source project that lets you define your compliance requirements in a human- and machine-readable language. Once you've codified your requirements, you can run them as automated tests that audit your systems. InSpec provides a local agent, as well as full remote testing support.
How do I create a chef InSpec profile?
The steps to create, upload, and run a custom InSpec profile via Chef Automate(Optional) Have the ChefDK installed, or InSpec installed.Create a skeleton profile: inspec init profile
What is chef automate?
Chef® Automate™ is an enterprise platform that allows developers, operations and security engineers to collaborate effortlessly on delivering application & infrastructure changes at the speed of business.
What is a Inspec?
Inspec is a major indexing database of scientific and technical literature, published by the Institution of Engineering and Technology (IET), and formerly by the Institution of Electrical Engineers (IEE), one of the IET's forerunners.
What is the full form of Inspec?
Inspec abbreviation is "Information, Service for Physics Engineering And ComputingINSPEC is produced by the Institution of Electrical Engineers.
What is chef compliance?
Chef Compliance is a standalone solution that allows you to assess your infrastructure's adherence to compliance requirements and to monitor that infrastructure on an ongoing basis. It includes: The Chef Compliance server. Prebuilt compliance profiles to help you get started quickly.
What is a chef policy?
Chef Policies provide both run lists and attributes that can replace roles in most users' workflows. The policy_name most closely resembles a role name for most use cases. Attributes can be specified in policyfiles, which will be applied at the “role” level.
Where do you define custom InSpec resources?
For the advanced user, the InSpec custom resource DSL allows you to create your own custom resources, which can be easily utilised in a profile. These resources need to be defined in the libraries folder of your Profile.
What is chef software used for?
Chef can manage a variety of node types, including servers, cloud virtual machines, network devices and containers. It manages Linux, Windows, mainframe and several other systems. The tool is intended to enable developers and IT operations professionals to work together to deploy applications on IT infrastructure.
Is chef a DevOps tool?
Chef DevOps is a tool for accelerating application delivery and DevOps Collaboration. Chef helps solve the problem by treating infrastructure as code.
What is difference between Ansible and chef?
What are the differences between Ansible and Chef? Ansible is an open-source IT automation tool, whereas Chef is a commercial automation tool. Ansible is used for configuration management and automation of application deployment. It is good for short commands like updating of RHEL / Linux operating systems.
Where are chef compliance profiles customized and turned into consumable packages?
Question: Where are Chef Compliance profiles customized and turned into consumable packages?The Chef Habitat Workspace.The Chef Habitat Studio.The Chef Habitat Builder.The Automate Compliance Dashboard.
How do you InSpec?
Right-click any part of the page and choose Inspect Element. Right-clicking a specific page element will open that element in the inspector view. Select Tools > Web Developer > Inspector from the top menu bar. Use the shortcut control-shift-C in Windows or command-option-C in macOS.
What is InSpec Linux?
Chef InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.
Chef InSpec in Practice
Chef InSpec provides a language for describing security and compliance rules that can be shared between software engineers, operations, and security engineers.
Secure Continuous Compliance
Secure compliant infrastructure across entire software delivery lifecycle. Define policies as code, detect issues before production, and discover non-compliance for fast remediation.
Standardize Security Auditing for Continuous Compliance
In traditional compliance and security auditing, different tools are used to define and validate systems resulting in manual processes, often delayed until the last moment. With Chef InSpec, compliance is evaluated at every stage of development, ensuring issues are captured early, and problems don’t resurface allowing for faster, safer releases.
Standardize Security Audits for Continuous Compliance
Test entire infrastructure for security with defined corporate and regulatory policies, prioritize issue areas based on a complete view, and remediate quickly
Get Started with Chef InSpec
Learn the Chef InSpec Language so you can automate the testing of your Infrastructure. Whether you want to ensure compliance to an industry standard, or be confident that your Infrastructure automation is building what you expect, InSpec makes the process easy .
Preparing for Audits with Chef InSpec
Audits are time-consuming and stressful. Most security tools scan systems in production, where identified issues are costly to remediate. Chef InSpec allows for easier and faster audits.
1. Keep your secrets apart from your profiles
Suppose your organization stores its data in a database. One of your Chef InSpec profiles queries your database to check an audit log for violations:
2. Use an Input to look for a specific software package on your Habitat installations
Suppose your organization runs most of its applications in Chef Habitat, the application automation solution. Like many security engineers, you need to be able to quickly answer whether a particular version of software is deployed at your site. Each new day brings a new vulnerability – sometimes many in one day.
3. Test Your Profiles with Test Kitchen
You can use the test-kitchen tool, included with Chef Workstation, to create temporary environments that you can configure using a variety of tools and then audit with Chef InSpec. Any profile you may use in production may also be used in Test Kitchen. So, can you use Inputs to control those profiles? Of course!
4. Share Profiles and Validate Inputs
The configuration that the application team uses requires several layers of configuration – a base operating system configuration, then a layer of security hardening, some monitoring and control configuration, then the application itself.
5. You can now fetch values from HashiCorp Vault
One of Chef InSpec’s latest features is the ability to read input values from HashiCorp Vault, using the inspec-vault plugin.
Next Steps
How will you use Inputs? When writing profiles, stay aware of these “code smells” and consider them as an opportunity to use Inputs to reduce the amount of profile code you must write, while increasing the flexibility of your code.
InSpec controls
InSpec code is made up of “controls” that define a single expectation, or group of expectations, for your systems. Here is a simple example:
The InSpec executable
Now that we’ve covered the makeup of InSpec controls, how can we start using them? The Chef development kit includes the InSpec command line utility, which will allow us to evaluate our example control.
InSpec profiles
Thus a single file can be used to run controls. However, before committing that file to version control, or uploading it to a Chef Automate server, we’ll need to add it to an InSpec profile. InSpec profiles allow users to organize controls to support versioning and dependency management.
