Submit Search
Upload
Compliance Automation Workshop
•
1 like
•
1,804 views
Chef
Follow
Presented by Nathen Harvey, VP Community, Chef Pleasanton, CA November 30, 2017
Read less
Read more
Technology
Report
Share
Report
Share
1 of 106
Download now
Download to read offline
Recommended
Chef Fundamentals Training Series Module 3: Setting up Nodes and Cookbook Aut...
Chef Fundamentals Training Series Module 3: Setting up Nodes and Cookbook Aut...
Chef Software, Inc.
Automating Infrastructure with Chef
Automating Infrastructure with Chef
Jennifer Davis
Community Cookbooks & further resources - Fundamentals Webinar Series Part 6
Community Cookbooks & further resources - Fundamentals Webinar Series Part 6
Chef
Intermediate/Compliance training Guide
Intermediate/Compliance training Guide
Chef
Introduction to Chef
Introduction to Chef
Knoldus Inc.
Introduction to Chef: Automate Your Infrastructure by Modeling It In Code
Introduction to Chef: Automate Your Infrastructure by Modeling It In Code
Josh Padnick
Azure handsonlab
Azure handsonlab
Chef
Node object and roles - Fundamentals Webinar Series Part 3
Node object and roles - Fundamentals Webinar Series Part 3
Chef
Recommended
Chef Fundamentals Training Series Module 3: Setting up Nodes and Cookbook Aut...
Chef Fundamentals Training Series Module 3: Setting up Nodes and Cookbook Aut...
Chef Software, Inc.
Automating Infrastructure with Chef
Automating Infrastructure with Chef
Jennifer Davis
Community Cookbooks & further resources - Fundamentals Webinar Series Part 6
Community Cookbooks & further resources - Fundamentals Webinar Series Part 6
Chef
Intermediate/Compliance training Guide
Intermediate/Compliance training Guide
Chef
Introduction to Chef
Introduction to Chef
Knoldus Inc.
Introduction to Chef: Automate Your Infrastructure by Modeling It In Code
Introduction to Chef: Automate Your Infrastructure by Modeling It In Code
Josh Padnick
Azure handsonlab
Azure handsonlab
Chef
Node object and roles - Fundamentals Webinar Series Part 3
Node object and roles - Fundamentals Webinar Series Part 3
Chef
Node setup, resource, and recipes - Fundamentals Webinar Series Part 2
Node setup, resource, and recipes - Fundamentals Webinar Series Part 2
Chef
Chef Tutorial | Chef Tutorial For Beginners | DevOps Chef Tutorial | DevOps T...
Chef Tutorial | Chef Tutorial For Beginners | DevOps Chef Tutorial | DevOps T...
Simplilearn
Opscode Webinar: Managing Your VMware Infrastructure with Chef
Opscode Webinar: Managing Your VMware Infrastructure with Chef
Chef Software, Inc.
Chef Fundamentals Training Series Module 2: Workstation Setup
Chef Fundamentals Training Series Module 2: Workstation Setup
Chef Software, Inc.
Chef Cookbook Workflow
Chef Cookbook Workflow
Amazon Web Services
London Community Summit 2016 - Fresh New Chef Stuff
London Community Summit 2016 - Fresh New Chef Stuff
Chef
Introduction to chef
Introduction to chef
Damith Kothalawala
Infrastructure Automation with Chef
Infrastructure Automation with Chef
Jonathan Weiss
Introduction to Chef - April 22 2015
Introduction to Chef - April 22 2015
Jennifer Davis
Introduction to Chef - Techsuperwomen Summit
Introduction to Chef - Techsuperwomen Summit
Jennifer Davis
Chef Fundamentals Training Series Module 6: Roles, Environments, Community Co...
Chef Fundamentals Training Series Module 6: Roles, Environments, Community Co...
Chef Software, Inc.
Environments - Fundamentals Webinar Series Week 5
Environments - Fundamentals Webinar Series Week 5
Chef
Learning chef
Learning chef
Jonathan Carrillo
How to Write Chef Cookbook
How to Write Chef Cookbook
devopsjourney
Chef Fundamentals Training Series Module 4: The Chef Client Run and Expanding...
Chef Fundamentals Training Series Module 4: The Chef Client Run and Expanding...
Chef Software, Inc.
Compliance Automation with Inspec Part 2
Compliance Automation with Inspec Part 2
Chef
Chef introduction
Chef introduction
FENG Zhichao
Chef for beginners module 1
Chef for beginners module 1
Chef
Chef Fundamentals Training Series Module 1: Overview of Chef
Chef Fundamentals Training Series Module 1: Overview of Chef
Chef Software, Inc.
Overview of Chef - Fundamentals Webinar Series Part 1
Overview of Chef - Fundamentals Webinar Series Part 1
Chef
Chef vs Puppet vs Ansible vs SaltStack | Configuration Management Tools Compa...
Chef vs Puppet vs Ansible vs SaltStack | Configuration Management Tools Compa...
Edureka!
Survey: Frozen Yogurt Market in India (2013)
Survey: Frozen Yogurt Market in India (2013)
Chef at Large
More Related Content
What's hot
Node setup, resource, and recipes - Fundamentals Webinar Series Part 2
Node setup, resource, and recipes - Fundamentals Webinar Series Part 2
Chef
Chef Tutorial | Chef Tutorial For Beginners | DevOps Chef Tutorial | DevOps T...
Chef Tutorial | Chef Tutorial For Beginners | DevOps Chef Tutorial | DevOps T...
Simplilearn
Opscode Webinar: Managing Your VMware Infrastructure with Chef
Opscode Webinar: Managing Your VMware Infrastructure with Chef
Chef Software, Inc.
Chef Fundamentals Training Series Module 2: Workstation Setup
Chef Fundamentals Training Series Module 2: Workstation Setup
Chef Software, Inc.
Chef Cookbook Workflow
Chef Cookbook Workflow
Amazon Web Services
London Community Summit 2016 - Fresh New Chef Stuff
London Community Summit 2016 - Fresh New Chef Stuff
Chef
Introduction to chef
Introduction to chef
Damith Kothalawala
Infrastructure Automation with Chef
Infrastructure Automation with Chef
Jonathan Weiss
Introduction to Chef - April 22 2015
Introduction to Chef - April 22 2015
Jennifer Davis
Introduction to Chef - Techsuperwomen Summit
Introduction to Chef - Techsuperwomen Summit
Jennifer Davis
Chef Fundamentals Training Series Module 6: Roles, Environments, Community Co...
Chef Fundamentals Training Series Module 6: Roles, Environments, Community Co...
Chef Software, Inc.
Environments - Fundamentals Webinar Series Week 5
Environments - Fundamentals Webinar Series Week 5
Chef
Learning chef
Learning chef
Jonathan Carrillo
How to Write Chef Cookbook
How to Write Chef Cookbook
devopsjourney
Chef Fundamentals Training Series Module 4: The Chef Client Run and Expanding...
Chef Fundamentals Training Series Module 4: The Chef Client Run and Expanding...
Chef Software, Inc.
Compliance Automation with Inspec Part 2
Compliance Automation with Inspec Part 2
Chef
Chef introduction
Chef introduction
FENG Zhichao
Chef for beginners module 1
Chef for beginners module 1
Chef
Chef Fundamentals Training Series Module 1: Overview of Chef
Chef Fundamentals Training Series Module 1: Overview of Chef
Chef Software, Inc.
Overview of Chef - Fundamentals Webinar Series Part 1
Overview of Chef - Fundamentals Webinar Series Part 1
Chef
What's hot
(20)
Node setup, resource, and recipes - Fundamentals Webinar Series Part 2
Node setup, resource, and recipes - Fundamentals Webinar Series Part 2
Chef Tutorial | Chef Tutorial For Beginners | DevOps Chef Tutorial | DevOps T...
Chef Tutorial | Chef Tutorial For Beginners | DevOps Chef Tutorial | DevOps T...
Opscode Webinar: Managing Your VMware Infrastructure with Chef
Opscode Webinar: Managing Your VMware Infrastructure with Chef
Chef Fundamentals Training Series Module 2: Workstation Setup
Chef Fundamentals Training Series Module 2: Workstation Setup
Chef Cookbook Workflow
Chef Cookbook Workflow
London Community Summit 2016 - Fresh New Chef Stuff
London Community Summit 2016 - Fresh New Chef Stuff
Introduction to chef
Introduction to chef
Infrastructure Automation with Chef
Infrastructure Automation with Chef
Introduction to Chef - April 22 2015
Introduction to Chef - April 22 2015
Introduction to Chef - Techsuperwomen Summit
Introduction to Chef - Techsuperwomen Summit
Chef Fundamentals Training Series Module 6: Roles, Environments, Community Co...
Chef Fundamentals Training Series Module 6: Roles, Environments, Community Co...
Environments - Fundamentals Webinar Series Week 5
Environments - Fundamentals Webinar Series Week 5
Learning chef
Learning chef
How to Write Chef Cookbook
How to Write Chef Cookbook
Chef Fundamentals Training Series Module 4: The Chef Client Run and Expanding...
Chef Fundamentals Training Series Module 4: The Chef Client Run and Expanding...
Compliance Automation with Inspec Part 2
Compliance Automation with Inspec Part 2
Chef introduction
Chef introduction
Chef for beginners module 1
Chef for beginners module 1
Chef Fundamentals Training Series Module 1: Overview of Chef
Chef Fundamentals Training Series Module 1: Overview of Chef
Overview of Chef - Fundamentals Webinar Series Part 1
Overview of Chef - Fundamentals Webinar Series Part 1
Viewers also liked
Chef vs Puppet vs Ansible vs SaltStack | Configuration Management Tools Compa...
Chef vs Puppet vs Ansible vs SaltStack | Configuration Management Tools Compa...
Edureka!
Survey: Frozen Yogurt Market in India (2013)
Survey: Frozen Yogurt Market in India (2013)
Chef at Large
Chef Delivery
Chef Delivery
Chef
Puppets
Puppets
JEENA AEJY
STIG Compliance and Remediation with Ansible
STIG Compliance and Remediation with Ansible
Ansible
Puppet overview
Puppet overview
joshbeard
Infrastructure Automation with Chef
Infrastructure Automation with Chef
REAN Cloud
Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015
Alex S
Ansible
Ansible
Vishal Yadav
Introduction to puppet
Introduction to puppet
Habeeb Rahman
Ansible tips & tricks
Ansible tips & tricks
bcoca
3 Steps to Expand DevOps and Automation Throughout the Enterprise
3 Steps to Expand DevOps and Automation Throughout the Enterprise
Puppet
Ansible Introduction
Ansible Introduction
Robert Reiz
Ansible presentation
Ansible presentation
John Lynch
Viewers also liked
(14)
Chef vs Puppet vs Ansible vs SaltStack | Configuration Management Tools Compa...
Chef vs Puppet vs Ansible vs SaltStack | Configuration Management Tools Compa...
Survey: Frozen Yogurt Market in India (2013)
Survey: Frozen Yogurt Market in India (2013)
Chef Delivery
Chef Delivery
Puppets
Puppets
STIG Compliance and Remediation with Ansible
STIG Compliance and Remediation with Ansible
Puppet overview
Puppet overview
Infrastructure Automation with Chef
Infrastructure Automation with Chef
Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015
Ansible
Ansible
Introduction to puppet
Introduction to puppet
Ansible tips & tricks
Ansible tips & tricks
3 Steps to Expand DevOps and Automation Throughout the Enterprise
3 Steps to Expand DevOps and Automation Throughout the Enterprise
Ansible Introduction
Ansible Introduction
Ansible presentation
Ansible presentation
Similar to Compliance Automation Workshop
Nike popup compliance workshop
Nike popup compliance workshop
Chef
Chef compliance - Intermediate Training
Chef compliance - Intermediate Training
Sarah Hynes Cheney
Compliance Automation with Inspec Part 3
Compliance Automation with Inspec Part 3
Chef
Compliance Automation with Inspec Part 4
Compliance Automation with Inspec Part 4
Chef
Salt conf 2014 - Using SaltStack in high availability environments
Salt conf 2014 - Using SaltStack in high availability environments
Benjamin Cane
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024
ThousandEyes
Bay Area Chef Meetup February
Bay Area Chef Meetup February
Jessica DeVita
Introduction to the .NET Access Control Service
Introduction to the .NET Access Control Service
butest
Introduction to the .NET Access Control Service
Introduction to the .NET Access Control Service
butest
Continuous Integration Testing Techniques to Improve Chef Cookbook Quality
Continuous Integration Testing Techniques to Improve Chef Cookbook Quality
Josiah Renaudin
CodeShip
CodeShip
Bryan Reinbolt
Tips for Installing Cognos Analytics: Configuring and Installing the Server
Tips for Installing Cognos Analytics: Configuring and Installing the Server
Senturus
Prescriptive System Security with InSpec
Prescriptive System Security with InSpec
All Things Open
Prescriptive Security with InSpec - All Things Open 2019
Prescriptive Security with InSpec - All Things Open 2019
Mandi Walls
Software Testing - Online Guide
Software Testing - Online Guide
bigspire
New ThousandEyes Product Features and Release Highlights: February 2024
New ThousandEyes Product Features and Release Highlights: February 2024
ThousandEyes
DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017
Amazon Web Services
Cooking Up Windows with Chef Automate
Cooking Up Windows with Chef Automate
Matt Ray
Office Add-ins community call-March 2019
Office Add-ins community call-March 2019
Microsoft 365 Developer
All levels of performance testing and monitoring in web-apps
All levels of performance testing and monitoring in web-apps
Andrii Skrypnychenko
Similar to Compliance Automation Workshop
(20)
Nike popup compliance workshop
Nike popup compliance workshop
Chef compliance - Intermediate Training
Chef compliance - Intermediate Training
Compliance Automation with Inspec Part 3
Compliance Automation with Inspec Part 3
Compliance Automation with Inspec Part 4
Compliance Automation with Inspec Part 4
Salt conf 2014 - Using SaltStack in high availability environments
Salt conf 2014 - Using SaltStack in high availability environments
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024
Bay Area Chef Meetup February
Bay Area Chef Meetup February
Introduction to the .NET Access Control Service
Introduction to the .NET Access Control Service
Introduction to the .NET Access Control Service
Introduction to the .NET Access Control Service
Continuous Integration Testing Techniques to Improve Chef Cookbook Quality
Continuous Integration Testing Techniques to Improve Chef Cookbook Quality
CodeShip
CodeShip
Tips for Installing Cognos Analytics: Configuring and Installing the Server
Tips for Installing Cognos Analytics: Configuring and Installing the Server
Prescriptive System Security with InSpec
Prescriptive System Security with InSpec
Prescriptive Security with InSpec - All Things Open 2019
Prescriptive Security with InSpec - All Things Open 2019
Software Testing - Online Guide
Software Testing - Online Guide
New ThousandEyes Product Features and Release Highlights: February 2024
New ThousandEyes Product Features and Release Highlights: February 2024
DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017
Cooking Up Windows with Chef Automate
Cooking Up Windows with Chef Automate
Office Add-ins community call-March 2019
Office Add-ins community call-March 2019
All levels of performance testing and monitoring in web-apps
All levels of performance testing and monitoring in web-apps
More from Chef
Habitat Managed Chef
Habitat Managed Chef
Chef
Automation, Audits, and Apps Tour
Automation, Audits, and Apps Tour
Chef
Automation, Audits, and Apps Tour
Automation, Audits, and Apps Tour
Chef
London Community Summit 2016 - Adopting Chef Compliance
London Community Summit 2016 - Adopting Chef Compliance
Chef
Learning from Configuration Management
Learning from Configuration Management
Chef
London Community Summit - Chef at SkyBet
London Community Summit - Chef at SkyBet
Chef
London Community Summit - From Contribution to Authorship
London Community Summit - From Contribution to Authorship
Chef
London Community Summit 2016 - Chef Automate
London Community Summit 2016 - Chef Automate
Chef
London Community Summit 2016 - Community Update
London Community Summit 2016 - Community Update
Chef
London Community Summit 2016 - Habitat
London Community Summit 2016 - Habitat
Chef
Compliance Automation with Inspec Part 1
Compliance Automation with Inspec Part 1
Chef
Application Automation with Habitat
Application Automation with Habitat
Chef
Achieving DevOps Success with Chef Automate
Achieving DevOps Success with Chef Automate
Chef
Nike pop up habitat
Nike pop up habitat
Chef
Chef Automate Workflow Demo
Chef Automate Workflow Demo
Chef
The caseforawesome
The caseforawesome
Chef
Netflix's Could Migration
Netflix's Could Migration
Chef
Alaska Airlines DevOps Journey
Alaska Airlines DevOps Journey
Chef
And The Slow Suffer What They Must
And The Slow Suffer What They Must
Chef
Visualizing your journey with chef
Visualizing your journey with chef
Chef
More from Chef
(20)
Habitat Managed Chef
Habitat Managed Chef
Automation, Audits, and Apps Tour
Automation, Audits, and Apps Tour
Automation, Audits, and Apps Tour
Automation, Audits, and Apps Tour
London Community Summit 2016 - Adopting Chef Compliance
London Community Summit 2016 - Adopting Chef Compliance
Learning from Configuration Management
Learning from Configuration Management
London Community Summit - Chef at SkyBet
London Community Summit - Chef at SkyBet
London Community Summit - From Contribution to Authorship
London Community Summit - From Contribution to Authorship
London Community Summit 2016 - Chef Automate
London Community Summit 2016 - Chef Automate
London Community Summit 2016 - Community Update
London Community Summit 2016 - Community Update
London Community Summit 2016 - Habitat
London Community Summit 2016 - Habitat
Compliance Automation with Inspec Part 1
Compliance Automation with Inspec Part 1
Application Automation with Habitat
Application Automation with Habitat
Achieving DevOps Success with Chef Automate
Achieving DevOps Success with Chef Automate
Nike pop up habitat
Nike pop up habitat
Chef Automate Workflow Demo
Chef Automate Workflow Demo
The caseforawesome
The caseforawesome
Netflix's Could Migration
Netflix's Could Migration
Alaska Airlines DevOps Journey
Alaska Airlines DevOps Journey
And The Slow Suffer What They Must
And The Slow Suffer What They Must
Visualizing your journey with chef
Visualizing your journey with chef
Recently uploaded
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
Knoldus Inc.
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
MounikaPolabathina
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
AliaaTarek5
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
Farhan Tariq
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Alkin Tezuysal
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
LoriGlavin3
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
LoriGlavin3
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
Nicole Novielli
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Sergiu Bodiu
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Curtis Poe
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
ThousandEyes
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
panagenda
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
LoriGlavin3
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
LoriGlavin3
2024 April Patch Tuesday
2024 April Patch Tuesday
Ivanti
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
ThousandEyes
How to write a Business Continuity Plan
How to write a Business Continuity Plan
Databarracks
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
Wes McKinney
Recently uploaded
(20)
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
2024 April Patch Tuesday
2024 April Patch Tuesday
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to write a Business Continuity Plan
How to write a Business Continuity Plan
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
Compliance Automation Workshop
1.
©2016 Chef Software
Inc. 1-1 Chef Compliance Installation, Configuration, and Operation Introduction Course v1.1.3
2.
©2016 Chef Software
Inc. 1-3 Objectives After completing this course, you should be able to: Ø Describe the capabilities of Chef Compliance. Ø Perform scans with Chef Compliance. Ø Remediate compliance issues. Ø Use InSpec to create, modify, and test Chef Compliance profiles. Note: You should have attended at least Chef Essentials, Chef Fundamentals or have equivalent Chef experience prior to attending this course.
3.
©2016 Chef Software
Inc. 1-4 Chef Compliance Value Proposition You are probably aware of how Chef automates the configuration and management of your infrastructure. But what about risks and compliance? Regulatory compliance is a fact of life for every enterprise. With Chef Compliance you can scan for risks and compliance issues with easy-to-understand, customizable reports and visualization.
4.
©2016 Chef Software
Inc. 1-5 Chef Compliance Chef Compliance Server Your Infrastructure LAN/WAN
5.
©2016 Chef Software
Inc. 1-6 Chef Compliance Chef Compliance can run without any other Chef software installed. The nodes you scan don't even need Chef software on them if you are scanning them for compliance. However, you would need Chef software to create and implement remediation recipes.
6.
©2016 Chef Software
Inc. 1-7 Chef Compliance Reports: Chef Compliance can produce reports that indicate risks and issues classified by severity and impact levels. Compliance Profiles: You can get started quickly with pre-built Compliance profiles for scanning Linux and Windows nodes.
7.
©2016 Chef Software
Inc. 1-8 Chef Compliance leverages InSpec. InSpec is an open-source run-time framework and rule language used to specify compliance, security, and policy requirements for testing any node in your infrastructure. Chef Compliance and InSpec control 'cis-3.1' do impact 0.7 title 'Set Daemon umask' desc ' Set the default umask for all processes started at boot time. ' describe file('/etc/sysconfig/init') do its('content') {should match 'umask 027'} end end
8.
©2016 Chef Software
Inc. 1-9 InSpec includes a collection of resources to help you write auditing rules quickly and easily using the Compliance DSL Use InSpec to examine any node in your infrastructure; run the tests locally or remotely. Any detected security, compliance, or policy issues are flagged in a log and in Chef Compliance, displayed in a GUI. InSpec DSL describe port(80) do it { should_not be_listening } end describe port(443) do it { should be_listening } its('protocols') {should include 'tcp'} end
9.
©2016 Chef Software
Inc. 1-10 The InSpec audit resource framework is fully compatible with Chef Compliance. The Compliance DSL is a Ruby DSL for writing audit rules, which includes audit resources that you can invoke. InSpec DSL describe port(80) do it { should_not be_listening } end describe port(443) do it { should be_listening } its('protocols') {should include 'tcp'} end
10.
©2016 Chef Software
Inc. 1-11 Compliance profiles exist for many scenarios, such as those created by the Center for Internet Security (CIS) Chef Compliance maintains profiles as a collection of individual controls that comprise a complete audit. You can also create your own custom Compliance profiles. Compliance Profiles
11.
©2016 Chef Software
Inc. 1-12 Compliance Web UI The Chef Compliance web UI provides views into compliance scan results as well as views of Chef Compliance profiles. You execute scans via the Compliance web UI as well.
12.
©2016 Chef Software
Inc. 1-13 Your Lab Environment for Scanning Your Laptop Server on which to install Chef Compliance Node to run Compliance tests against We will provide one machine for you to use while performing lab exercises in this course: • One Linux node to perform Chef Compliance scans against. We are also providing • One shared Linux server running Chef Compliance. Compliance Scans
13.
©2016 Chef Software
Inc. 1-14 Your Lab Environment for Remediation Your Laptop Compliance Server Node to run Compliance tests against AND use as workstations for writing remediation You will also log in to your Linux node in order to write remediation and run chef-client in local mode. This is so you can use this node as a virtual workstation while writing remediation. ssh Linux
14.
©2016 Chef Software
Inc. 1-15 w o r k s t a t i o n Logging in to the Compliance Server and Linux Node $ ssh ADDRESS -l chef
15.
©2016 Chef Software
Inc. 1-16 Hands-on Legend Ø GL or Group Lab: All participants and the instructor do this task together with the instructor often leading the way and explaining things as we proceed. Ø Lab: You perform this task on your own.
16.
©2016 Chef Software
Inc. 1-17 Configure Chef Compliance
17.
©2016 Chef Software
Inc. 1-18 Objectives After completing this module, you should be able to: Ø Login to the Compliance Web UI.
18.
©2016 Chef Software
Inc. 1-19 Compliance Installation Options You can install the Chef Compliance server as a an Amazon Machine Images (AMI) instance or as a Standalone installation. The standalone installation of Chef Compliance server creates a working installation on a single server. In this course we will use the most common method--the Standalone method.
19.
©2016 Chef Software
Inc. 1-20 GL: Configure the Compliance Server • From your laptop, open a web browser and point it to the FQDN for your Compliance Server node • https://54.90.226.58 • chef / compliance • Instance-id: i-0d25ac61dc4435ee7 • Click Advanced from the warning page if present.
20.
©2016 Chef Software
Inc. 1-21 GL: Configure the Compliance Server • Click the Proceed to ... link if present. Note: We have not set up SSL so the https strikethrough and warning is fine for now.
21.
©2016 Chef Software
Inc. 1-22 GL: Configure the Compliance Server • User Name: chef • Password: compliance
22.
©2016 Chef Software
Inc. 1-23 GL: Configure the Compliance Server You should now see an empty Compliance Dashboard.
23.
©2016 Chef Software
Inc. 3-24 Running Scans, Remediation, and Testing on Linux Nodes Configuring the Chef Compliance Server to Run Scans and Writing Remediation Recipes
24.
©2016 Chef Software
Inc. 3-25 Objectives After completing this module, you should be able to: Ø Add a node to test for compliance. Ø Run a Compliance scan. Ø Test for compliance with InSpec Ø Remediate a compliance issue. Ø Use Test Kitchen to test your remediation. Ø Rescan the node and ensure compliance.
25.
©2016 Chef Software
Inc. 3-26 Adding a Node to Scan To add a node you'll need: • The IP address or FQDN of the nodes to be tested. • Access configuration (ssh or WinRM). • The node's username and password OR • The node's username plus security key pair.
26.
©2016 Chef Software
Inc. 3-27 Objective: Group Lab: Adding a Node to Scan q Add a Linux Node to Scan q Test connectivity Note: In the next module you will perform the same exercises as in this module but using a Windows node as your target node.
27.
©2016 Chef Software
Inc. 3-28 GL: Adding a Node to Scan 1. From your Chef Compliance Dashboard, click Add Node.
28.
©2016 Chef Software
Inc. 3-29 GL: Adding a Node 2. From the resulting page, enter the node's FQDN or IP address. 3. Leave environment blank. A ‘default’ environment will be used 4. Accept the default SSH Access configuration 5. Type chef in the username field. 6. Click the password link as shown in this illustration.
29.
©2016 Chef Software
Inc. 3-30 GL: Adding a Node to Scan 7. Type the password (chef) in the password field. 8. Click the Add 1 node button as shown in this illustration.
30.
©2016 Chef Software
Inc. 3-31 GL: Adding a Node to Scan At this point your Compliance Dashboard should list the node you just added.
31.
©2016 Chef Software
Inc. 3-32 GL: Testing Connectivity to Your Node 1. Click the check box next to your node and then click the Connectivity button.
32.
©2016 Chef Software
Inc. 3-33 GL: Testing Connectivity to Your Node The Status column of you node should now indicate Connection established.
33.
©2016 Chef Software
Inc. 3-37 Running Compliance Scans You can run Compliance scans on demand or schedule them to run at a later time. Chef Compliance maintains profiles as a collection of individual controls that comprise a complete audit. As mentioned previously, Chef Compliance comes with a few reference profiles of various compliance policies that you can leverage or use as examples to create your own.
34.
©2016 Chef Software
Inc. 3-38 Compliance Profiles Used in Scans This image shows the default Compliance Profiles as accessed from the Scan Nodes page. You should be thoughtful with which profiles choose. Notice how you can also choose to run a scan on demand or schedule a scan.
35.
©2016 Chef Software
Inc. 3-39 Objective: Group Lab: Running a Scan q Run a Compliance scan. q View the output of a scan.
36.
©2016 Chef Software
Inc. 3-40 GL: Running a Scan 1. Click the check box next to your node and then click the Scan button.
37.
©2016 Chef Software
Inc. 3-41 GL: Running a Scan 2. From the resulting page, check the base/ ssh profile and uncheck any other check boxes. 3. Click the Scan now button.
38.
©2016 Chef Software
Inc. 3-42 Scan Results A Compliance Report should now display and your scan results should be similar to that shown here. Notice how in the upper Summary section in this example, 10 tests were compliant and 6 tests show critical issues with ssh.
39.
©2016 Chef Software
Inc. 3-43 Scan Results The bottom half of the Compliance Report shown here has a table of details of test results. These are sorted by severity. If you click an issue as shown here, a bit more information about the issue displays.
40.
©2016 Chef Software
Inc. 3-44 GL: Profile To view the InSpec code that comprises this profile, do the following: 1. Click the Compliance button. 2. Click the relevant profile (Basic SSH). 3. Scroll down and click the `Set SSH protocol version to 2` profile.
41.
©2016 Chef Software
Inc. 3-45 Discussion: InSpec Profile Code Let's discuss what this profile is doing. The `impact` of 1.0 indicates this is a Critical issue. The `title` is what populates the Compliance Report issue title.
42.
©2016 Chef Software
Inc. 3-46 Discussion: InSpec Profile Code The desc is typically human- readable description sourced from the CIS or source doc. The `describe` section is the actual test that is executed.
43.
©2016 Chef Software
Inc. 3-47 Compliance Profile Severity Mapping The table below shows the current mapping of Compliance Profile impact numbering to severity. Impact Numbering Severity Designation 0.7 - 1.0 Critical Issues 0.4 - <0.7 Major Issues 0 - <0.4 Minor Issues https://nvd.nist.gov/cvss.cfm
44.
©2016 Chef Software
Inc. 3-48 # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # Port 22 # Protocol 2,1 # Cipher 3des $ more /etc/ssh/ssh_config Example: Node's ssh config
45.
©2016 Chef Software
Inc. 3-49 Let's Remediate the Issue Now that we've identified the ssh version issue, let's write a recipe on the target node to remediate the issue. Then we'll run the compliance scan again to see if we successfully remediated the issue. Note: In this course we will write a recipe directly on the node that we're running scans on. Of course in a production environment you will likely write such recipes locally and upload them to Chef Server. Then the nodes would converge the recipes on their next chef-client run.
46.
©2016 Chef Software
Inc. 3-50 Objective: GL: Remediating the Issue q Start writing a remediation recipe on that node. q Test the recipe with Test Kitchen. q Test for compliance with InSpec q Converge the recipe. q Rescan the node and ensure compliance.
47.
©2016 Chef Software
Inc. 3-51 GL: Remediating the Issue Log in to your target node (not your compliance server node) using ssh and ensure you are in the home directory. Note: emacs, nano, and vim/vi are installed on your Linux nodes. Some tips for using them can be found below in your participant guide.
48.
©2016 Chef Software
Inc. 3-52 $ mkdir -p cookbooks $ cd cookbooks GL: Create and Change to a ‘cookbooks’ Directory From the home directory, create a `cookbooks` directory and navigate into it.
49.
©2016 Chef Software
Inc. 3-53 Generating cookbook ssh - Ensuring correct cookbook file content - Committing cookbook files to git - Ensuring delivery configuration - Ensuring correct delivery build cookbook content - Adding delivery configuration to feature branch - Adding build cookbook to feature branch - Merging delivery content feature branch to master Your cookbook is ready. Type `cd ssh` to enter it. $ chef generate cookbook ssh GL: Create an SSH Cookbook
50.
©2016 Chef Software
Inc. 3-54 Recipe: code_generator::recipe * directory[./ssh/spec/unit/recipes] action create (up to date) * cookbook_file[./ssh/spec/spec_helper.rb] action create_if_missing (up to date) * template[./ssh/spec/unit/recipes/client_spec.rb] action create_if_missing - create new file ./ssh/spec/unit/recipes/client_spec.rb - update content in file ./ssh/spec/unit/recipes/ client_spec.rb from none to de29dd (diff output suppressed by config) $ chef generate recipe ssh client GL: Create an SSH Client Recipe
51.
©2016 Chef Software
Inc. 3-55 Recipe: code_generator::recipe * directory[./ssh/spec/unit/recipes] action create (up to date) * cookbook_file[./ssh/spec/spec_helper.rb] action create_if_missing (up to date) * template[./ssh/spec/unit/recipes/client_spec.rb] action create_if_missing - create new file ./ssh/spec/unit/recipes/client_spec.rb - update content in file ./ssh/spec/unit/recipes/ client_spec.rb from none to de29dd (diff output suppressed by config) $ chef generate template ssh ssh_config.erb -s /etc/ssh/ssh_config GL: Create an SSH Config Template
52.
©2016 Chef Software
Inc. 3-56 GL: Write the Client Recipe # # Cookbook Name:: ssh # Recipe:: client # # Copyright (c) 2016 The Authors, All Rights Reserved. template '/etc/ssh/ssh_config' do source 'ssh_config.erb' owner 'root' group 'root' mode '0644' end $ ~/cookbooks/ssh/recipes/client.rb
53.
©2016 Chef Software
Inc. 3-57 Objective: GL: Testing the Recipe ü Write a remediation recipe on that node. q Test the recipe with Test Kitchen. q Test for compliance with InSpec q Converge the recipe. q Rescan the node and ensure compliance.
54.
©2016 Chef Software
Inc. 3-58 $ cd ~/cookbooks/ssh/ GL: Navigate to your SSH Cookbook
55.
©2016 Chef Software
Inc. 3-59 GL: Edit your .kitchen.yml -- Part 1 --- driver: name: docker use_sudo: false ~/cookbooks/ssh/.kitchen.yml
56.
©2016 Chef Software
Inc. 3-60 GL: Edit your .kitchen.yml -- Part 2 provisioner: name: chef_zero # You may wish to disable always updating cookbooks in CI or other testing environments. # For example: # always_update_cookbooks: <%= !ENV['CI'] %> # always_update_cookbooks: true ~/cookbooks/ssh/.kitchen.yml
57.
©2016 Chef Software
Inc. 3-61 GL: Edit your .kitchen.yml -- Part 3 verifier: name: inspec platforms: # - name: ubuntu-16.04 - name: centos-7.2 ~/cookbooks/ssh/.kitchen.yml
58.
©2016 Chef Software
Inc. 3-62 GL: Edit your .kitchen.yml – Part 4 suites: - name: client run_list: - recipe[ssh::client] verifier: inspec_tests: - test/recipes attributes: ~/cookbooks/ssh/.kitchen.yml
59.
©2016 Chef Software
Inc. 3-63 Instance Driver Provisioner Verifier Transport Last Action client-centos-72 Docker ChefZero Inspec Ssh <Not Created> $ kitchen list GL: Run `kitchen list` from ~/cookbooks/ssh/
60.
©2016 Chef Software
Inc. 3-64 -----> Starting Kitchen (v1.13.2) -----> Creating <client-centos-72>... Sending build context to Docker daemon 201.7 kB Step 1 : FROM centos:centos7 centos7: Pulling from library/centos 08d48e6f1cff: Pulling fs layer ... Running handlers: Running handlers complete Chef Client finished, 0/1 resources updated in 01 seconds Finished converging <client-centos-72> (0m10.79s). -----> Kitchen is finished. (0m55.82s) $ kitchen converge GL: Run `kitchen converge`
61.
©2016 Chef Software
Inc. 3-65 What We've Done So Far In the preceding exercises, we began writing a remediation recipe on our target node. We also tested the recipe with Test Kitchen. But have we even addressed the "Set the SSH protocol version to 2" issue?
62.
©2016 Chef Software
Inc. 3-66 Objective: GL: Using InSpec for Verification ü Write a remediation recipe on that node. ü Test the recipe with Test Kitchen. q Test for compliance with InSpec q Converge the recipe . q Rescan the node and ensure compliance.
63.
©2016 Chef Software
Inc. 3-67 GL: Create the `client_spec.rb' file control 'ssh-4' do impact 1.0 title 'Client: Set SSH protocol version to 2' desc " Set the SSH protocol version to 2. Don't use legacy insecure SSHv3 connections anymore. " describe ssh_config do its('Protocol') { should eq('2') } end end ~/cookbooks/ssh/test/recipes/client.rb
64.
©2016 Chef Software
Inc. 3-68 Example of Creating the `client.rb' file One handy way to populate the preceding `client_spec.rb' is to use the Compliance Web UI and copy the InSpec code found in the relevant Compliance profile: Compliance > Base SSH > Set the SSH protocol version to 2
65.
©2016 Chef Software
Inc. 3-69 -----> Starting Kitchen (v1.13.2) -----> Setting up <client-centos-72>... Finished setting up <client-centos-72> (0m0.00s). -----> Verifying <client-centos-72>... Use `/home/chef/cookbooks/ssh/test/recipes/client` for testing Target: ssh://kitchen@localhost:32771 ✖ ssh-4: Client: Set SSH protocol version to 2 ( expected: "2" got: nil (compared using ==) ) ✖ SSH Configuration Protocol should eq "2" expected: "2" got: nil (compared using ==) $ kitchen verify GL: Run `kitchen verify`
66.
©2016 Chef Software
Inc. 3-70 GL: Update the Template # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # Port 22 # Protocol 2,1 ~/cookbooks/ssh/templates/ssh_config.erb
67.
©2016 Chef Software
Inc. 3-71 GL: Update the Template # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # Port 22 Protocol 2 ~/cookbooks/ssh/templates/ssh_config.erb
68.
©2016 Chef Software
Inc. 3-72 $ cd ~/cookbooks/ssh GL: Ensure you are in ~/cookbooks/ssh
69.
©2016 Chef Software
Inc. 3-73 --- /etc/ssh/ssh_config 2016-03-21 22:18:45.000000000 +0000 +++ /etc/ssh/.chef-ssh_config20161109-580-js4kxc 2016-11-09 02:59:02.059889084 +0000 @@ -37,7 +37,7 @@ # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # Port 22 -# Protocol 2,1 +Protocol 2 # Cipher 3des $ kitchen converge GL: Run `kitchen converge`
70.
©2016 Chef Software
Inc. 3-74 -----> Starting Kitchen (v1.13.2) -----> Setting up <client-centos-72>... Finished setting up <client-centos-72> (0m0.00s). -----> Verifying <client-centos-72>... Use `/home/chef/cookbooks/ssh/test/recipes/client` for testing Target: ssh://kitchen@localhost:32771 ✔ ssh-4: Client: Set SSH protocol version to 2 ✔ SSH Configuration Protocol should eq "2" ... Profile Summary: 1 successful, 0 failures, 0 skipped Test Summary: 3 successful, 0 failures, 2 skipped Finished verifying <client-centos-72> (0m0.26s). -----> Kitchen is finished. (0m1.15s) $ kitchen verify GL: Run `kitchen verify`
71.
©2016 Chef Software
Inc. 3-75 $ cd ~/cookbooks GL: Apply the New SSH Recipe
72.
©2016 Chef Software
Inc. 3-76 --- /etc/ssh/ssh_config 2016-09-06 12:30:16.000000000 -0400 +++ /etc/ssh/.chef-ssh_config20161108-20580-2ruki7 2016-11-08 22:02:15.019466755 -0500 @@ -37,7 +37,7 @@ # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # Port 22 -# Protocol 2,1 +Protocol 2 # Cipher 3des # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc # MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 Running handlers: Running handlers complete Chef Client finished, 1/1 resources updated in 01 seconds $ sudo chef-client --local-mode -r 'recipe[ssh::client]' GL: Apply the New SSH Recipe
73.
©2016 Chef Software
Inc. 3-77 GL: Re-run the Compliance Scan Return to the Compliance Web UI and re-run the scan on your target node. Be sure to run only the base/ ssh scan as shown on the next slide.
74.
©2016 Chef Software
Inc. 3-78 GL: Re-run the Compliance Scan Run only the base/ssh scan.
75.
©2016 Chef Software
Inc. 3-79 GL: Results of this Exercise Your scan should show that the ssh protocol issue is now complaint.
76.
©2016 Chef Software
Inc. 3-80 Conclusion ü Log in to your target node. ü Write a remediation recipe on that node. ü Test the recipe with Test Kitchen. ü Test for compliance with InSpec ü Converge the recipe. ü Rescan the node and ensure compliance.
77.
©2016 Chef Software
Inc. 3-81 Review Questions 1. When adding a node to the Compliance server's dashboard, should you use the node's FQDN or just its IP address? 2. What can `kitchen verify` be used for? 3. How are compliance severities defined? 4. Using the image on the right, what section is the actual test?
78.
©2016 Chef Software
Inc. 3-82 Review Questions 5. If a compliance scan tells you that a node is unreachable, what might you use to troubleshoot the connection? 6. What language is used to define controls?
79.
©2016 Chef Software
Inc. 5-83 Creating Custom Profiles Defining and Uploading Compliance Profiles to the Compliance Server
80.
©2016 Chef Software
Inc. 5-84 Objectives After completing this module, you should be able to: Ø Write a custom compliance profile. Ø Use InSpec to test your code and your custom profile. Ø Upload a custom compliance profile to your Chef Compliance server. Ø Test your custom profile.
81.
©2016 Chef Software
Inc. 5-85 Creating a Custom Profile In this section we will create a custom compliance profile. Custom profiles are created using InSpec, just like the existing profiles were created. After you have created a custom profile, you'll learn how to upload it to a Compliance Server and then use it to check for compliance issues.
82.
©2016 Chef Software
Inc. 5-86 InSpec Command Line Interface In this section we will use the InSpec command line interface (CLI) to help us create Compliance profiles and run audit tests against targets. The InSpec CLI commands can run audit tests against targets using SSH, WinRM, locally, or on Docker containers. We'll be using `inspec init, `inspec check` and `inspec exec`. Ø 'inspec init' streamlines the creation of new Compliance profiles.
83.
©2016 Chef Software
Inc. 5-87 InSpec Command Line Interface We'll be using `inspec init, `inspec check` and `inspec exec`. Ø `inspec check` just verifies the compliance profile code that you write --it doesn't actually test a system. Ø `inspec exec' will run the tests against a system.
84.
©2016 Chef Software
Inc. 5-88 Objective: Group Lab: Creating a Custom Profile Creating custom profiles to fit your business needs. q Create a custom profile. q Test your profile with InSpec
85.
©2016 Chef Software
Inc. 5-89 Commands: inspec archive PATH # archive a profile to tar.gz (defaul... inspec check PATH # verify all tests at the specified PATH inspec compliance SUBCOMMAND ... # Chef Compliance commands inspec detect # detect the target OS inspec env # Output shell-appropriate completion... inspec exec PATHS # run all test files at the specified... inspec help [COMMAND] # Describe available commands or one ... inspec init TEMPLATE ... # Scaffolds a new project inspec json PATH # read all tests in PATH and generate... inspec shell # open an interactive debugging shell inspec supermarket SUBCOMMAND ... # Supermarket commands inspec vendor # Download all dependencies and gener... inspec version # prints the version of this tool $ inspec help GL: Using `inspec help`
86.
©2016 Chef Software
Inc. 5-90 Commands: inspec init help [COMMAND] # Describe subcommands or one specific subco... inspec init profile NAME # Create a new profile $ inspec init help GL: Using `inspec init` help`
87.
©2016 Chef Software
Inc. 5-91 /home/chef $ cd $ pwd GL: Ensure You Are in Your home Directory
88.
©2016 Chef Software
Inc. 5-92 Create new profile at /home/chef/secureprofile_01 * Create file README.md * Create directory controls * Create file controls/example.rb * Create file inspec.yml * Create directory libraries $ inspec init profile secureprofile_01 GL: Create the Compliance Profile Directories and Files
89.
©2016 Chef Software
Inc. 5-93 secureprofile_01/ ├── controls │ └── example.rb ├── inspec.yml ├── libraries └── README.md 2 directories, 3 files $ tree secureprofile_01 GL: View the Compliance Profile Directories and Files
90.
©2016 Chef Software
Inc. 5-94 name: secureprofile_01 title: InSpec Profile maintainer: The Authors copyright: The Authors copyright_email: you@example.com license: All Rights Reserved summary: An InSpec Compliance Profile version: 0.1.0 $ cat ~/secureprofile_01/inspec.yml GL: View the inspec.yml File
91.
©2016 Chef Software
Inc. 5-95 GL: Writing a Compliance Profile Control Compliance profiles must be written within the `controls` directory. secureprofile_01/ ├── controls │ └── example.rb ├── inspec.yml ├── libraries └── README.md
92.
©2016 Chef Software
Inc. 5-96 $ cp ~/secureprofile_01/controls/example.rb ~/secureprofile_01/ controls/tmp.rb GL: Create the `tmp.rb` Control using the `cp` Command
93.
©2016 Chef Software
Inc. 5-97 ├── controls │ ├── example.rb │ └── tmp.rb ├── inspec.yml ├── libraries └── README.md $ tree secureprofile_01 GL: Confirm Creation of tmp.rb using `tree`
94.
©2016 Chef Software
Inc. 5-98 GL: Edit the tmp.rb File - 1 of 2 # encoding: utf-8 # copyright: 2015, The Authors # license: All rights reserved title '/tmp profile' control "tmp-1.0" do impact 0.3 title "Create /tmp directory" desc "A /tmp directory must exist" describe file('/tmp') do it { should be_directory } end end ~/secureprofile_01/controls/tmp.rb
95.
©2016 Chef Software
Inc. 5-99 GL: Edit the tmp.rb File - 2 of 2 control "tmp-1.1" do impact 0.3 title "/tmp directory is owned by the root user" desc "The /tmp directory must be owned by the root user" describe file('/tmp') do it { should be_owned_by 'root' } end end ~/compliance_profiles/profile_01/test/tmp.rb
96.
©2016 Chef Software
Inc. 5-100 Location: secureprofile_01 Profile: secureprofile_01 Controls: 3 Timestamp: 2016-11-08T22:13:52-05:00 Valid: true No errors or warnings $ inspec check secureprofile_01/ GL: Use `inspec check` to Verify Your Profile
97.
©2016 Chef Software
Inc. 5-101 Profile: InSpec Profile (secureprofile_01) Version: 0.1.0 Target: local:// ✔ tmp-1.0: Create /tmp directory ✔ File /tmp should be directory ✔ tmp-1.1: /tmp directory is owned by the root user ✔ File /tmp should be owned by "root" File /tmp ✔ should be directory Profile Summary: 2 successful, 0 failures, 0 skipped Test Summary: 3 successful, 0 failures, 0 skipped $ inspec exec secureprofile_01/ GL: Use `inspec exec` to Verify Your Profile
98.
©2016 Chef Software
Inc. 5-102 Creating a Custom Profile In the preceding group lab you created a custom Compliance profile and tested your profile with InSpec. Your code passed the `inspec check` test and your system passed the `inspec exec` test. But what would an `inspec exec` failure look like?
99.
©2016 Chef Software
Inc. 5-103 Example of an `inspec exec` Failure Let's say you modified your ~ secureprofile_01/controls/tmp.rb and changed `should be_owned_by root` to `should be_owned_by other` and then ran `inspec exec` against that file... ... control "tmp-1.1" do impact 0.3 title "/tmp directory is owned by the root user" desc "The /tmp directory must be owned by the root user" describe file('/tmp') do it { should be_owned_by 'other' } end end
100.
©2016 Chef Software
Inc. 5-104 ✔ tmp-1.0: Create /tmp directory ✔ File /tmp should be directory ✖ tmp-1.1: /tmp directory is owned by the root user (expected `File / tmp.owned_by?("other")` to return true, got false) ✖ File /tmp should be owned by "other" expected `File /tmp.owned_by?("other")` to return true, got false $ inspec exec secureprofile_01/ Example: `inspec exec` Failure
101.
©2016 Chef Software
Inc. 9-123 Further Resources Other Places to Talk About, Practice, and Learn Chef Compliance
102.
©2016 Chef Software
Inc. 9-124 Going Forward There are many Chef resources available to you outside this class. During this module we will talk about just a few of those resources. But…remember what we said at the beginning of this class: The best way to learn Chef is to use Chef
103.
©2016 Chef Software
Inc. 1-125 InSpec.io
104.
©2016 Chef Software
Inc. 9-126 docs.chef.io Docs are available to you, 24 hours a day, 7 days a week. Any question you have, you probably will find the answer for on our Docs site.
105.
106.
©2016 Chef Software
Inc.
Download now