able to: » Describe the capabilities of Chef Compliance » Configure Chef Compliance to scan nodes in your environment » Write custom Compliance policies using InSpec » Upload custom Compliance policies to your Chef Compliance server » Use InSpec-based compliance checks in your cookbook
$ ssh [email protected][email protected]'s password: Welcome to Ubuntu 14.04.2 LTS (GNU/Linux 3.13.0-48-generic x86_64) * Documentation: https://help.ubuntu.com/ System information as of Wed Dec 2 04:14:55 UTC 2015 System load: 0.02 Processes: 110 Usage of /: 41.2% of 7.74GB Users logged in: 1 Memory usage: 4% IP address for eth0: 172.31.1.118 Swap usage: 0% IP address for docker0: 172.17.42.1
~/cookbooks/ssh/.kitchen.yml provisioner: name: chef_zero # Uncomment the following verifier to leverage Inspec instead of Busser (the # default verifier) # verifier: # name: inspec
impact 1.0 title 'Client: Set SSH protocol version to 2' desc " Set the SSH protocol version to 2. Don't use legacy insecure SSHv1 connections anymore. "
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 511b3fcb2777 af3815cee160:latest "/usr/sbin/sshd -D - 10 seconds ago Up 10 seconds 0.0.0.0:32773->22/tcp silly_davinci
check USERNAME/tmp_profile_for_USERNAME I, [2015-12-02T08:02:19.171190 #15458] INFO -- : Checking profile in USERNAME/tmp_profile_for_USERNAME E, [2015-12-02T08:02:19.171445 #15458] ERROR -- : No profile name defined W, [2015-12-02T08:02:19.171558 #15458] WARN -- : No version defined W, [2015-12-02T08:02:19.171676 #15458] WARN -- : No title defined W, [2015-12-02T08:02:19.171770 #15458] WARN -- : No maintainer defined /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/inspec-0.9.2/lib/inspec/profile.rb:104:in `check': undefined method `empty?' for nil:NilClass (NoMethodError)
"tmp-1.0" do # A unique ID for this control impact 0.3 # The criticality, if this control fails. title "Create /tmp directory" # A human-readable title desc "A /tmp directory must exist" describe file('/tmp') do # The actual test it { should be_directory } end end control "tmp-1.1" do impact 0.3 title "/tmp directory is owned by the root user" desc "The /tmp directory must be owned by the root user" describe file('/tmp') do it { should be_owned_by 'root' } end end
Checking profile in USERNAME/tmp_profile_for_USERNAME I, [2015-12-02T08:42:30.432937 #16567] INFO -- : Metadata OK. D, [2015-12-02T08:42:30.433053 #16567] DEBUG -- : Found 20 rules. D, [2015-12-02T08:42:30.433154 #16567] DEBUG -- : Verify all rules in USERNAME/tmp_profile_for_USERNAME/test/tmp.rb I, [2015-12-02T08:42:30.433256 #16567] INFO -- : Rule definitions OK.
able to: » Describe the capabilities of Chef Compliance » Configure Chef Compliance to scan nodes in your environment » Write custom Compliance policies using InSpec » Upload custom Compliance policies to your Chef Compliance server » Use InSpec-based compliance checks in your cookbook