Chef InSpec

https://community.chef.io/tools/chef-inspec

Compliance by design

Chef InSpec can be used for

Compliance Infrastructure Provisioning

Codify agreements

Combine profiles and customize them with overlays. Pick controls and define exceptions as code.

Add context to your tests

Utilize many fields like descriptions, tags, and impact.

Apply to all systems

Analyze everything using the same codified profiles and controls.

control 'sshd-21' do
  title 'Set SSH Protocol to 2'
  desc 'A detailed description'
  impact 1.0 # This is critical ref 'compliance guide, section 2.1'
  describe sshd_config do
  its('Protocol') { should cmp 2 }
  end
end

Get started in 3 simple steps

Write the test

Create simple Ruby-based tests to verify your expected state against the current state of your systems.

control 'example-1.0' do
  impact 0.9
  title 'Ensure login disabled'
  desc 'An optional description...'
  describe sshd_config do
    its('PermitRootLogin') {
      should_not cmp 'yes'
    }
  end
end

Run the test

Execute your test against your target system locally or remotely with one simple command.

$ inspec exec linux-baseline

See the results

See which tests failed, passed and skipped and the expected state against the current state of your target system, in one simple output.

Profile: Chef InSpec Profile (example_profile)
Version: 0.1.0
Target:  local://

  ✔  example-1.0: Ensure root login is disabled via SSH
  ✔  SSHD Configuration PermitRootLogin should not cmp == "yes"

Profile Summary: 1 successful control, 0 control failures, 0 controls skipped
Test Summary: 1 successful, 0 failures, 0 skipped