# Chef InSpec ## Compliance by design ## Chef InSpec can be used for [Compliance](https://gitlab.com/johnmkane/tech-recipe-book/-/blob/main/Book/Compliance/Tools/Chef%20InSpec/javascript:void\(0\);/README.md) [Infrastructure](https://gitlab.com/johnmkane/tech-recipe-book/-/blob/main/Book/Compliance/Tools/Chef%20InSpec/javascript:void\(0\);/README.md) [Provisioning](https://gitlab.com/johnmkane/tech-recipe-book/-/blob/main/Book/Compliance/Tools/Chef%20InSpec/javascript:void\(0\);/README.md) ### Codify agreements Combine profiles and customize them with overlays. Pick controls and define exceptions as code. ### Add context to your tests Utilize many fields like descriptions, tags, and impact. ### Apply to all systems Analyze everything using the same codified profiles and controls. ``` control 'sshd-21' do title 'Set SSH Protocol to 2' desc 'A detailed description' impact 1.0 # This is critical ref 'compliance guide, section 2.1' describe sshd_config do its('Protocol') { should cmp 2 } end end ``` ## Get started in 3 simple steps ### Write the test Create simple Ruby-based tests to verify your expected state against the current state of your systems. ``` control 'example-1.0' do impact 0.9 title 'Ensure login disabled' desc 'An optional description...' describe sshd_config do its('PermitRootLogin') { should_not cmp 'yes' } end end ``` ### Run the test Execute your test against your target system locally or remotely with one simple command. ``` $ inspec exec linux-baseline ``` ### See the results See which tests failed, passed and skipped and the expected state against the current state of your target system, in one simple output. ``` Profile: Chef InSpec Profile (example_profile) Version: 0.1.0 Target: local:// ✔ example-1.0: Ensure root login is disabled via SSH ✔ SSHD Configuration PermitRootLogin should not cmp == "yes" Profile Summary: 1 successful control, 0 control failures, 0 controls skipped Test Summary: 1 successful, 0 failures, 0 skipped ``` ## Self-learning tutorials ### [Test Expectations with Chef InSpec](https://learn.chef.io/courses/course-v1:chef+Inspec101+Perpetual/about) [Learn how easy it is to automate the testing of your systems with the Chef InSpec Language](https://learn.chef.io/courses/course-v1:chef+Inspec101+Perpetual/about) ### [Chef Compliance: First Steps with Auditing and Remediation](https://learn.chef.io/courses/course-v1:chef+SECCOM101+Perpetual/about) [Get started with Chef Compliance, a premium offering that simplifies the auditing and remediation process into a unified workflow.](https://learn.chef.io/courses/course-v1:chef+SECCOM101+Perpetual/about) ## Community tutorials ### [Getting started with Chef InSpec -- The Chef InSpec basics series](http://www.anniehedgie.com/inspec-basics-1) [By Annie Hedgepeth](http://www.anniehedgie.com/inspec-basics-1) ### [Windows infrastructure testing using Chef InSpec - Two part series](http://datatomix.com/?p=236) [By Christian Johannsen](http://datatomix.com/?p=236) ### [Operating Chef InSpec in an air-gapped environment](https://gitlab.com/johnmkane/tech-recipe-book/-/blob/main/Book/Compliance/Tools/Chef%20InSpec/README/README.md) [By Jeremy Miller](https://gitlab.com/johnmkane/tech-recipe-book/-/blob/main/Book/Compliance/Tools/Chef%20InSpec/README/README.md) ### [Testing Ansible with Chef InSpec](http://scienceofficersblog.blogspot.com/2016/02/testing-ansible-with-inspec.html) [By blindscientist](http://scienceofficersblog.blogspot.com/2016/02/testing-ansible-with-inspec.html) ## InSpec highlights from our Blog ### Testing Windows DNS SIGRed Vulnerability with Chef InSpec [Read more](https://blog.chef.io/testing-windows-dns-sigred-vulnerability-with-chef-inspec) ![](/files/fzVxRPFJwD3YEVrPnQWb) ### Cyber Security for Australian Government, National Critical Infrastructure providers and Enterprise using Chef Compliance [Read more](https://blog.chef.io/cyber-security-for-australian-government-national-critical-infrastructure-providers-and-enterprise-using-chef-compliance) ![](/files/JmXC3FUY5CjBJuVJxheu) ### Automating MAS Technology Risk Management (TRM) Guidelines using Chef InSpec [Read more](https://blog.chef.io/automating-mas-technology-risk-management-trm-guidelines-using-chef-inspec) [View all posts](https://blog.chef.io/category/inspec) ## Wondering how Chef InSpec might work for your team? [Learn more](https://www.chef.io/products/chef-inspec) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://book.konstantinsecurity.com/readme/compliance/tools/chef-inspec.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.