SlideShare a Scribd company logo

Automate Compliance with InSpec and Chef Automate

Infralovers
Infralovers

Compliance Automation with InSpec and Chef Automate

Technology
1 of 21
Download to read offline
Compliance Automation with InSpec and Chef Automate Infracoders/ DevOps / CloudNativeMeetup GRAZ - 11th September, 2018
Agenda 19:00-20:00 Talk • Do you know all your IT-vulnerabilities? • Edmund Haselwanter,CEO @ Infralovers 20:00-21:00 Networking • At the bar in the front www.infralovers.com
A little bit of History • Client: Can we automate our Compliance Profiles? > YES, we can! • Prototype with Serverspec for Compliance Check Automation and Chef and Puppet for Infrastructure Automation • Opensourced at https://dev-sec.io www.infralovers.com
A little bit of History II • Birth of InSpec (https://inspec.io) ✓ Inspired by Serverspec ✓ Compliance Primitives (Profiles, Weight, Description, ..) ✓ Better Transport Options (SSH/WinRM/Docker) ✓ A lot more Resources • InSpec 2.0 Supports Cloud Platforms like AWS, Azure, … www.infralovers.com
PART OF A PROCESS OF CONTINUOUS COMPLIANCE Scan for Compliance Build & Test Locally Build & Test CI/CD Remediate Verify A SIMPLE EXAMPLE OF AN INSPEC CIS RULE InSpec ▪ Translate compliance into Code ▪ Clearly express statements of policy ▪ Move risk to build/test from runtime ▪ Find issues early ▪ Write code quickly ▪ Run code anywhere ▪ Inspect machines, data and APIs Turn security and compliance into code control ‘cis-1.4.1’ do title ‘1.4.1 Enable SELinux in /etc/grub.conf’ desc ‘ Do not disable SELinux and enforcing in your GRUB configuration. These are important security features that prevent attackers from escalating their access to your systems. For reference see … ‘ impact 1.0 expect(grub_conf.param ‘selinux’).to_not eq ‘0’ expect(grub_conf.param ‘enforcing’).to_not eq ‘0’ end
Continuous Workflow Detect Correct
Compliance as Code ROLE OF THE COMPLIANCE OFFICERACCELERATED CYCLE INFRASTRUCTURE AS CODE POLICY AS CODE PRACTICE AS CODE Separate certificatio n & testing Common language for describing & applying policy Compliance at velocity Compliance at VelocityManual Compliance Reactive engagement Proactive engagement Checking implementations by hand Expressing policy as testable code Short term compliance Long term process improvement One language, One workflow
Linux Demo https://kitchen.ci + InSpec for Infracode Testing
Windows Demo Detect: InSpec Correct: Ansible
AWS Demo Provision: Terraform Detect: InSpec www.infralovers.com
Chef Automate • Commercial Offeringfrom Chef Inc • Comes with readymade Compliance Profiles • Supports Notifications(e.g. Slack/ServiceNow/Custom) • Shiny Web UI to gain Visibility into current State www.infralovers.com
The Chef Automate Platform Continuous Automation for High Velocity IT Workflow • Local development • Integration • Tooling (APIs & SDKs) COLLABORATE ▪ Package ▪ Test ▪ Approve BUILD ▪ Provision ▪ Configure ▪ Execute ▪ Update DEPLOY ▪ Secure ▪ Comply ▪ Audit ▪ Measure ▪ Log MANAGE Infrastructure Automation Compliance AutomationApplication Automation OSS AUTOMATION ENGINES Increase Speed ▪ Package infrastructure and app configuration as code ▪ Continuously automate infrastructure and app updates Improve Efficiency ▪ Define and execute standard workflows and automation ▪ Audit and measure effectiveness of automation Decrease Risk ▪ Define compliance rules as code ▪ Deliver continuous compliance as part of standard workflow
Jumpstart your compliance test coverage Compliance in production Amazon Linux 2014.09 / 2015.03 CentOS 6 / 7 HP UX 11i IBM AIX 5.3 / 6.1 / 7.1 RHEL 6 / 7 SLES 11 / 12 Ubuntu Server 12.04 / 14.04 Windows 7 / 8 / 10 / 2012 / 2012R2 Chef Automate ships with profiles for:
Visibility into the real-time compliance of your entire fleet Compliance in production
Automate Demo AWS www.infralovers.com
Automate Demo Windows Example www.infralovers.com SLACK Alert
Questions? Mail: ehaselwanter@infralovers.com Twitter: @ehaselwanter

Recommended

Chef Automate - Infracoders Canberra August 8, 2017
Chef Automate - Infracoders Canberra August 8, 2017Chef Automate - Infracoders Canberra August 8, 2017
Chef Automate - Infracoders Canberra August 8, 2017Matt Ray
 
Chef Automate - Wellington DevOps August 2, 2017
Chef Automate - Wellington DevOps August 2, 2017Chef Automate - Wellington DevOps August 2, 2017
Chef Automate - Wellington DevOps August 2, 2017Matt Ray
 
MuleSoft Atlassian mtv meetup
MuleSoft Atlassian mtv meetupMuleSoft Atlassian mtv meetup
MuleSoft Atlassian mtv meetupAnshu Mishra
 
Aditya aws devops
Aditya aws devopsAditya aws devops
Aditya aws devopsAditya Kumar
 
CI: Meow or Never
CI: Meow or NeverCI: Meow or Never
CI: Meow or NeverDevGAMM Conference
 
X-celerate 2019: Iterating fast with the MERN Stack
X-celerate 2019: Iterating fast with the MERN StackX-celerate 2019: Iterating fast with the MERN Stack
X-celerate 2019: Iterating fast with the MERN StackHaufe-Lexware GmbH & Co KG
 
Kubernetes Community Growth and Use Case
Kubernetes Community Growth and Use CaseKubernetes Community Growth and Use Case
Kubernetes Community Growth and Use CaseChris Gaun
 
AWS and GKE Migration and Multicloud
AWS and GKE Migration and MulticloudAWS and GKE Migration and Multicloud
AWS and GKE Migration and MulticloudChris Gaun
 

Recommended

Chef Automate - Infracoders Canberra August 8, 2017
Chef Automate - Infracoders Canberra August 8, 2017Chef Automate - Infracoders Canberra August 8, 2017
Chef Automate - Infracoders Canberra August 8, 2017Matt Ray
 
Chef Automate - Wellington DevOps August 2, 2017
Chef Automate - Wellington DevOps August 2, 2017Chef Automate - Wellington DevOps August 2, 2017
Chef Automate - Wellington DevOps August 2, 2017Matt Ray
 
MuleSoft Atlassian mtv meetup
MuleSoft Atlassian mtv meetupMuleSoft Atlassian mtv meetup
MuleSoft Atlassian mtv meetupAnshu Mishra
 
Aditya aws devops
Aditya aws devopsAditya aws devops
Aditya aws devopsAditya Kumar
 
CI: Meow or Never
CI: Meow or NeverCI: Meow or Never
CI: Meow or NeverDevGAMM Conference
 
X-celerate 2019: Iterating fast with the MERN Stack
X-celerate 2019: Iterating fast with the MERN StackX-celerate 2019: Iterating fast with the MERN Stack
X-celerate 2019: Iterating fast with the MERN StackHaufe-Lexware GmbH & Co KG
 
Kubernetes Community Growth and Use Case
Kubernetes Community Growth and Use CaseKubernetes Community Growth and Use Case
Kubernetes Community Growth and Use CaseChris Gaun
 
AWS and GKE Migration and Multicloud
AWS and GKE Migration and MulticloudAWS and GKE Migration and Multicloud
AWS and GKE Migration and MulticloudChris Gaun
 
Building a Scalable Email Processor With AWS
Building a Scalable Email Processor With AWSBuilding a Scalable Email Processor With AWS
Building a Scalable Email Processor With AWSStephan February
 
Alfresco Process Services REST API - Alfresco DevCon 2018
Alfresco Process Services REST API - Alfresco DevCon 2018 Alfresco Process Services REST API - Alfresco DevCon 2018
Alfresco Process Services REST API - Alfresco DevCon 2018Dennis Koch
 
java in cloud - adopt cloud dev's DHARMA
java in cloud - adopt cloud dev's DHARMAjava in cloud - adopt cloud dev's DHARMA
java in cloud - adopt cloud dev's DHARMAHochi Chuang
 
Aws certified dev ops administrator
Aws certified dev ops administrator Aws certified dev ops administrator
Aws certified dev ops administrator sasikalaD3
 
Infrastructure Automation with Chef
Infrastructure Automation with Chef Infrastructure Automation with Chef
Infrastructure Automation with Chef REAN Cloud
 
DEVNET-1122 Integrating Cisco Collaboration into Web Apps
DEVNET-1122 Integrating Cisco Collaboration into Web AppsDEVNET-1122 Integrating Cisco Collaboration into Web Apps
DEVNET-1122 Integrating Cisco Collaboration into Web AppsCisco DevNet
 
(DVO314) USA Today Uses Chef & AWS for Infrastructure Standardization
(DVO314) USA Today Uses Chef & AWS for Infrastructure Standardization(DVO314) USA Today Uses Chef & AWS for Infrastructure Standardization
(DVO314) USA Today Uses Chef & AWS for Infrastructure StandardizationAmazon Web Services
 
DevCon 2018 - 5 ways to use AWS with Alfresco
DevCon 2018 - 5 ways to use AWS with AlfrescoDevCon 2018 - 5 ways to use AWS with Alfresco
DevCon 2018 - 5 ways to use AWS with AlfrescoGavin Cornwell
 
Code Camp Auckland 2015 - DEV1 Microsoft API Approaches 101
Code Camp Auckland 2015 - DEV1 Microsoft API Approaches 101Code Camp Auckland 2015 - DEV1 Microsoft API Approaches 101
Code Camp Auckland 2015 - DEV1 Microsoft API Approaches 101Nikolai Blackie
 
Service Bot
Service BotService Bot
Service BotMahesh Beri
 
Accelerating DevOps Pipelines with AWS
Accelerating DevOps Pipelines with AWSAccelerating DevOps Pipelines with AWS
Accelerating DevOps Pipelines with AWSSuresh Paulraj
 
.NET microservices with Azure Service Fabric
.NET microservices with Azure Service Fabric.NET microservices with Azure Service Fabric
.NET microservices with Azure Service FabricDavide Benvegnù
 
Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as CodeMatt Cowger
 
Upgrading to Alfresco 6
Upgrading to Alfresco 6Upgrading to Alfresco 6
Upgrading to Alfresco 6Angel Borroy López
 
Serverless Media Workflow
Serverless Media WorkflowServerless Media Workflow
Serverless Media WorkflowMooYeol Lee
 
Infrastructure as code
Infrastructure as codeInfrastructure as code
Infrastructure as codeAakash Singhal
 
Serverless @ oracle meetup
Serverless @ oracle meetupServerless @ oracle meetup
Serverless @ oracle meetupJonggyou Kim
 
Serverless Computing 친해지기,Hands on실습 (한국오라클 김종규 컨설턴트)
Serverless Computing 친해지기,Hands on실습 (한국오라클 김종규 컨설턴트)Serverless Computing 친해지기,Hands on실습 (한국오라클 김종규 컨설턴트)
Serverless Computing 친해지기,Hands on실습 (한국오라클 김종규 컨설턴트)Oracle Korea
 
Building Content-Rich Java Apps in the Cloud with the Alfresco API
Building Content-Rich Java Apps in the Cloud with the Alfresco APIBuilding Content-Rich Java Apps in the Cloud with the Alfresco API
Building Content-Rich Java Apps in the Cloud with the Alfresco APIJeff Potts
 
Service Bot
Service BotService Bot
Service BotMahesh Beri
 
State of Infrastructure as Code - AutomaCon 2016
State of Infrastructure as Code - AutomaCon 2016State of Infrastructure as Code - AutomaCon 2016
State of Infrastructure as Code - AutomaCon 2016Amazon Web Services
 
Cooking Up Windows with Chef Automate
Cooking Up Windows with Chef AutomateCooking Up Windows with Chef Automate
Cooking Up Windows with Chef AutomateMatt Ray
 

More Related Content

What's hot

Building a Scalable Email Processor With AWS
Building a Scalable Email Processor With AWSBuilding a Scalable Email Processor With AWS
Building a Scalable Email Processor With AWSStephan February
 
Alfresco Process Services REST API - Alfresco DevCon 2018
Alfresco Process Services REST API - Alfresco DevCon 2018 Alfresco Process Services REST API - Alfresco DevCon 2018
Alfresco Process Services REST API - Alfresco DevCon 2018Dennis Koch
 
java in cloud - adopt cloud dev's DHARMA
java in cloud - adopt cloud dev's DHARMAjava in cloud - adopt cloud dev's DHARMA
java in cloud - adopt cloud dev's DHARMAHochi Chuang
 
Aws certified dev ops administrator
Aws certified dev ops administrator Aws certified dev ops administrator
Aws certified dev ops administrator sasikalaD3
 
Infrastructure Automation with Chef
Infrastructure Automation with Chef Infrastructure Automation with Chef
Infrastructure Automation with Chef REAN Cloud
 
DEVNET-1122 Integrating Cisco Collaboration into Web Apps
DEVNET-1122 Integrating Cisco Collaboration into Web AppsDEVNET-1122 Integrating Cisco Collaboration into Web Apps
DEVNET-1122 Integrating Cisco Collaboration into Web AppsCisco DevNet
 
(DVO314) USA Today Uses Chef & AWS for Infrastructure Standardization
(DVO314) USA Today Uses Chef & AWS for Infrastructure Standardization(DVO314) USA Today Uses Chef & AWS for Infrastructure Standardization
(DVO314) USA Today Uses Chef & AWS for Infrastructure StandardizationAmazon Web Services
 
DevCon 2018 - 5 ways to use AWS with Alfresco
DevCon 2018 - 5 ways to use AWS with AlfrescoDevCon 2018 - 5 ways to use AWS with Alfresco
DevCon 2018 - 5 ways to use AWS with AlfrescoGavin Cornwell
 
Code Camp Auckland 2015 - DEV1 Microsoft API Approaches 101
Code Camp Auckland 2015 - DEV1 Microsoft API Approaches 101Code Camp Auckland 2015 - DEV1 Microsoft API Approaches 101
Code Camp Auckland 2015 - DEV1 Microsoft API Approaches 101Nikolai Blackie
 
Accelerating DevOps Pipelines with AWS
Accelerating DevOps Pipelines with AWSAccelerating DevOps Pipelines with AWS
Accelerating DevOps Pipelines with AWSSuresh Paulraj
 
.NET microservices with Azure Service Fabric
.NET microservices with Azure Service Fabric.NET microservices with Azure Service Fabric
.NET microservices with Azure Service FabricDavide Benvegnù
 
Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as CodeMatt Cowger
 
Serverless Media Workflow
Serverless Media WorkflowServerless Media Workflow
Serverless Media WorkflowMooYeol Lee
 
Infrastructure as code
Infrastructure as codeInfrastructure as code
Infrastructure as codeAakash Singhal
 
Serverless @ oracle meetup
Serverless @ oracle meetupServerless @ oracle meetup
Serverless @ oracle meetupJonggyou Kim
 
Serverless Computing 친해지기,Hands on실습 (한국오라클 김종규 컨설턴트)
Serverless Computing 친해지기,Hands on실습 (한국오라클 김종규 컨설턴트)Serverless Computing 친해지기,Hands on실습 (한국오라클 김종규 컨설턴트)
Serverless Computing 친해지기,Hands on실습 (한국오라클 김종규 컨설턴트)Oracle Korea
 
Building Content-Rich Java Apps in the Cloud with the Alfresco API
Building Content-Rich Java Apps in the Cloud with the Alfresco APIBuilding Content-Rich Java Apps in the Cloud with the Alfresco API
Building Content-Rich Java Apps in the Cloud with the Alfresco APIJeff Potts
 

What's hot (20)

Building a Scalable Email Processor With AWS
Building a Scalable Email Processor With AWSBuilding a Scalable Email Processor With AWS
Building a Scalable Email Processor With AWS
 
Alfresco Process Services REST API - Alfresco DevCon 2018
Alfresco Process Services REST API - Alfresco DevCon 2018 Alfresco Process Services REST API - Alfresco DevCon 2018
Alfresco Process Services REST API - Alfresco DevCon 2018
 
java in cloud - adopt cloud dev's DHARMA
java in cloud - adopt cloud dev's DHARMAjava in cloud - adopt cloud dev's DHARMA
java in cloud - adopt cloud dev's DHARMA
 
Aws certified dev ops administrator
Aws certified dev ops administrator Aws certified dev ops administrator
Aws certified dev ops administrator
 
Infrastructure Automation with Chef
Infrastructure Automation with Chef Infrastructure Automation with Chef
Infrastructure Automation with Chef
 
DEVNET-1122 Integrating Cisco Collaboration into Web Apps
DEVNET-1122 Integrating Cisco Collaboration into Web AppsDEVNET-1122 Integrating Cisco Collaboration into Web Apps
DEVNET-1122 Integrating Cisco Collaboration into Web Apps
 
(DVO314) USA Today Uses Chef & AWS for Infrastructure Standardization
(DVO314) USA Today Uses Chef & AWS for Infrastructure Standardization(DVO314) USA Today Uses Chef & AWS for Infrastructure Standardization
(DVO314) USA Today Uses Chef & AWS for Infrastructure Standardization
 
DevCon 2018 - 5 ways to use AWS with Alfresco
DevCon 2018 - 5 ways to use AWS with AlfrescoDevCon 2018 - 5 ways to use AWS with Alfresco
DevCon 2018 - 5 ways to use AWS with Alfresco
 
Code Camp Auckland 2015 - DEV1 Microsoft API Approaches 101
Code Camp Auckland 2015 - DEV1 Microsoft API Approaches 101Code Camp Auckland 2015 - DEV1 Microsoft API Approaches 101
Code Camp Auckland 2015 - DEV1 Microsoft API Approaches 101
 
Service Bot
Service BotService Bot
Service Bot
 
Accelerating DevOps Pipelines with AWS
Accelerating DevOps Pipelines with AWSAccelerating DevOps Pipelines with AWS
Accelerating DevOps Pipelines with AWS
 
.NET microservices with Azure Service Fabric
.NET microservices with Azure Service Fabric.NET microservices with Azure Service Fabric
.NET microservices with Azure Service Fabric
 
Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as Code
 
Upgrading to Alfresco 6
Upgrading to Alfresco 6Upgrading to Alfresco 6
Upgrading to Alfresco 6
 
Serverless Media Workflow
Serverless Media WorkflowServerless Media Workflow
Serverless Media Workflow
 
Infrastructure as code
Infrastructure as codeInfrastructure as code
Infrastructure as code
 
Serverless @ oracle meetup
Serverless @ oracle meetupServerless @ oracle meetup
Serverless @ oracle meetup
 
Serverless Computing 친해지기,Hands on실습 (한국오라클 김종규 컨설턴트)
Serverless Computing 친해지기,Hands on실습 (한국오라클 김종규 컨설턴트)Serverless Computing 친해지기,Hands on실습 (한국오라클 김종규 컨설턴트)
Serverless Computing 친해지기,Hands on실습 (한국오라클 김종규 컨설턴트)
 
Building Content-Rich Java Apps in the Cloud with the Alfresco API
Building Content-Rich Java Apps in the Cloud with the Alfresco APIBuilding Content-Rich Java Apps in the Cloud with the Alfresco API
Building Content-Rich Java Apps in the Cloud with the Alfresco API
 
Service Bot
Service BotService Bot
Service Bot
 

Similar to Automate Compliance with InSpec and Chef Automate

State of Infrastructure as Code - AutomaCon 2016
State of Infrastructure as Code - AutomaCon 2016State of Infrastructure as Code - AutomaCon 2016
State of Infrastructure as Code - AutomaCon 2016Amazon Web Services
 
Cooking Up Windows with Chef Automate
Cooking Up Windows with Chef AutomateCooking Up Windows with Chef Automate
Cooking Up Windows with Chef AutomateMatt Ray
 
DevOps and BigData Analytics
DevOps and BigData Analytics DevOps and BigData Analytics
DevOps and BigData Analytics sbbabu
 
Application Delivery Patterns for Developers - Technical 401
Application Delivery Patterns for Developers - Technical 401Application Delivery Patterns for Developers - Technical 401
Application Delivery Patterns for Developers - Technical 401Amazon Web Services
 
.NET Cloud-Native Bootcamp
.NET Cloud-Native Bootcamp.NET Cloud-Native Bootcamp
.NET Cloud-Native BootcampVMware Tanzu
 
Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as CodeRobert Greiner
 
AWS Summit Auckland - Application Delivery Patterns for Developers
AWS Summit Auckland - Application Delivery Patterns for DevelopersAWS Summit Auckland - Application Delivery Patterns for Developers
AWS Summit Auckland - Application Delivery Patterns for DevelopersAmazon Web Services
 
OpsWorks for Chef Automate - Auckland AWS
OpsWorks for Chef Automate - Auckland AWS OpsWorks for Chef Automate - Auckland AWS
OpsWorks for Chef Automate - Auckland AWS Matt Ray
 
Platform as a Runtime - PaaR QCON 2024 - Final
Platform as a Runtime - PaaR QCON 2024 - FinalPlatform as a Runtime - PaaR QCON 2024 - Final
Platform as a Runtime - PaaR QCON 2024 - FinalAviran Mordo
 
London DevOps Meetup - PaaS as a platform for devops
London DevOps Meetup - PaaS as a platform for devopsLondon DevOps Meetup - PaaS as a platform for devops
London DevOps Meetup - PaaS as a platform for devopsJeremy Brown
 
DevOps on AWS - Accelerating Software Delivery
DevOps on AWS - Accelerating Software DeliveryDevOps on AWS - Accelerating Software Delivery
DevOps on AWS - Accelerating Software DeliveryAmazon Web Services
 
Azure enterprise integration platform
Azure enterprise integration platformAzure enterprise integration platform
Azure enterprise integration platformMichael Stephenson
 
HashiTalks 2020 - Chef Tools & Terraform: Better Together
HashiTalks 2020 - Chef Tools & Terraform: Better TogetherHashiTalks 2020 - Chef Tools & Terraform: Better Together
HashiTalks 2020 - Chef Tools & Terraform: Better TogetherMatt Ray
 
Dev Ops on AWS - Accelerating Software Delivery - AWS-Summit SG 2017
Dev Ops on AWS - Accelerating Software Delivery - AWS-Summit SG 2017Dev Ops on AWS - Accelerating Software Delivery - AWS-Summit SG 2017
Dev Ops on AWS - Accelerating Software Delivery - AWS-Summit SG 2017Amazon Web Services
 
.NET Cloud-Native Bootcamp- Los Angeles
.NET Cloud-Native Bootcamp- Los Angeles.NET Cloud-Native Bootcamp- Los Angeles
.NET Cloud-Native Bootcamp- Los AngelesVMware Tanzu
 
Achieving DevOps Success with Chef Automate
Achieving DevOps Success with Chef AutomateAchieving DevOps Success with Chef Automate
Achieving DevOps Success with Chef AutomateChef
 
2015-12-02 - WebCamp - Microsoft Azure Logic Apps
2015-12-02 - WebCamp - Microsoft Azure Logic Apps2015-12-02 - WebCamp - Microsoft Azure Logic Apps
2015-12-02 - WebCamp - Microsoft Azure Logic AppsSandro Pereira
 

Similar to Automate Compliance with InSpec and Chef Automate (20)

State of Infrastructure as Code - AutomaCon 2016
State of Infrastructure as Code - AutomaCon 2016State of Infrastructure as Code - AutomaCon 2016
State of Infrastructure as Code - AutomaCon 2016
 
Cooking Up Windows with Chef Automate
Cooking Up Windows with Chef AutomateCooking Up Windows with Chef Automate
Cooking Up Windows with Chef Automate
 
DevOps and BigData Analytics
DevOps and BigData Analytics DevOps and BigData Analytics
DevOps and BigData Analytics
 
56k.cloud training
56k.cloud training56k.cloud training
56k.cloud training
 
Application Delivery Patterns for Developers - Technical 401
Application Delivery Patterns for Developers - Technical 401Application Delivery Patterns for Developers - Technical 401
Application Delivery Patterns for Developers - Technical 401
 
.NET Cloud-Native Bootcamp
.NET Cloud-Native Bootcamp.NET Cloud-Native Bootcamp
.NET Cloud-Native Bootcamp
 
Managing Your Cloud Assets
Managing Your Cloud AssetsManaging Your Cloud Assets
Managing Your Cloud Assets
 
Application Delivery Patterns
Application Delivery PatternsApplication Delivery Patterns
Application Delivery Patterns
 
Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as Code
 
AWS Summit Auckland - Application Delivery Patterns for Developers
AWS Summit Auckland - Application Delivery Patterns for DevelopersAWS Summit Auckland - Application Delivery Patterns for Developers
AWS Summit Auckland - Application Delivery Patterns for Developers
 
OpsWorks for Chef Automate - Auckland AWS
OpsWorks for Chef Automate - Auckland AWS OpsWorks for Chef Automate - Auckland AWS
OpsWorks for Chef Automate - Auckland AWS
 
Platform as a Runtime - PaaR QCON 2024 - Final
Platform as a Runtime - PaaR QCON 2024 - FinalPlatform as a Runtime - PaaR QCON 2024 - Final
Platform as a Runtime - PaaR QCON 2024 - Final
 
London DevOps Meetup - PaaS as a platform for devops
London DevOps Meetup - PaaS as a platform for devopsLondon DevOps Meetup - PaaS as a platform for devops
London DevOps Meetup - PaaS as a platform for devops
 
DevOps on AWS - Accelerating Software Delivery
DevOps on AWS - Accelerating Software DeliveryDevOps on AWS - Accelerating Software Delivery
DevOps on AWS - Accelerating Software Delivery
 
Azure enterprise integration platform
Azure enterprise integration platformAzure enterprise integration platform
Azure enterprise integration platform
 
HashiTalks 2020 - Chef Tools & Terraform: Better Together
HashiTalks 2020 - Chef Tools & Terraform: Better TogetherHashiTalks 2020 - Chef Tools & Terraform: Better Together
HashiTalks 2020 - Chef Tools & Terraform: Better Together
 
Dev Ops on AWS - Accelerating Software Delivery - AWS-Summit SG 2017
Dev Ops on AWS - Accelerating Software Delivery - AWS-Summit SG 2017Dev Ops on AWS - Accelerating Software Delivery - AWS-Summit SG 2017
Dev Ops on AWS - Accelerating Software Delivery - AWS-Summit SG 2017
 
.NET Cloud-Native Bootcamp- Los Angeles
.NET Cloud-Native Bootcamp- Los Angeles.NET Cloud-Native Bootcamp- Los Angeles
.NET Cloud-Native Bootcamp- Los Angeles
 
Achieving DevOps Success with Chef Automate
Achieving DevOps Success with Chef AutomateAchieving DevOps Success with Chef Automate
Achieving DevOps Success with Chef Automate
 
2015-12-02 - WebCamp - Microsoft Azure Logic Apps
2015-12-02 - WebCamp - Microsoft Azure Logic Apps2015-12-02 - WebCamp - Microsoft Azure Logic Apps
2015-12-02 - WebCamp - Microsoft Azure Logic Apps
 

More from Infralovers

How not to Cloud
How not to CloudHow not to Cloud
How not to CloudInfralovers
 
Docker Cheatsheet_02
Docker Cheatsheet_02Docker Cheatsheet_02
Docker Cheatsheet_02Infralovers
 
Docker Cheatsheet_01
Docker Cheatsheet_01Docker Cheatsheet_01
Docker Cheatsheet_01Infralovers
 
AuroraWP - Infracoders Meetup Graz
AuroraWP - Infracoders Meetup GrazAuroraWP - Infracoders Meetup Graz
AuroraWP - Infracoders Meetup GrazInfralovers
 
What is cloud native and why should you care - Infracoders / DevOps / CloudNa...
What is cloud native and why should you care - Infracoders / DevOps / CloudNa...What is cloud native and why should you care - Infracoders / DevOps / CloudNa...
What is cloud native and why should you care - Infracoders / DevOps / CloudNa...Infralovers
 
Git Essentials Cheatsheet Deutsch
Git Essentials Cheatsheet DeutschGit Essentials Cheatsheet Deutsch
Git Essentials Cheatsheet DeutschInfralovers
 
Bots are taking my job - so I started rollin' my own - Infracoders Meetup Graz
Bots are taking my job - so I started rollin' my own - Infracoders Meetup GrazBots are taking my job - so I started rollin' my own - Infracoders Meetup Graz
Bots are taking my job - so I started rollin' my own - Infracoders Meetup GrazInfralovers
 
Habitat hack slides - Infracoders Meetup Graz
Habitat hack slides - Infracoders Meetup GrazHabitat hack slides - Infracoders Meetup Graz
Habitat hack slides - Infracoders Meetup GrazInfralovers
 
Containers, Habitat and Orchestration - Infracoders Meetup Graz
Containers, Habitat and Orchestration - Infracoders Meetup GrazContainers, Habitat and Orchestration - Infracoders Meetup Graz
Containers, Habitat and Orchestration - Infracoders Meetup GrazInfralovers
 

More from Infralovers (9)

How not to Cloud
How not to CloudHow not to Cloud
How not to Cloud
 
Docker Cheatsheet_02
Docker Cheatsheet_02Docker Cheatsheet_02
Docker Cheatsheet_02
 
Docker Cheatsheet_01
Docker Cheatsheet_01Docker Cheatsheet_01
Docker Cheatsheet_01
 
AuroraWP - Infracoders Meetup Graz
AuroraWP - Infracoders Meetup GrazAuroraWP - Infracoders Meetup Graz
AuroraWP - Infracoders Meetup Graz
 
What is cloud native and why should you care - Infracoders / DevOps / CloudNa...
What is cloud native and why should you care - Infracoders / DevOps / CloudNa...What is cloud native and why should you care - Infracoders / DevOps / CloudNa...
What is cloud native and why should you care - Infracoders / DevOps / CloudNa...
 
Git Essentials Cheatsheet Deutsch
Git Essentials Cheatsheet DeutschGit Essentials Cheatsheet Deutsch
Git Essentials Cheatsheet Deutsch
 
Bots are taking my job - so I started rollin' my own - Infracoders Meetup Graz
Bots are taking my job - so I started rollin' my own - Infracoders Meetup GrazBots are taking my job - so I started rollin' my own - Infracoders Meetup Graz
Bots are taking my job - so I started rollin' my own - Infracoders Meetup Graz
 
Habitat hack slides - Infracoders Meetup Graz
Habitat hack slides - Infracoders Meetup GrazHabitat hack slides - Infracoders Meetup Graz
Habitat hack slides - Infracoders Meetup Graz
 
Containers, Habitat and Orchestration - Infracoders Meetup Graz
Containers, Habitat and Orchestration - Infracoders Meetup GrazContainers, Habitat and Orchestration - Infracoders Meetup Graz
Containers, Habitat and Orchestration - Infracoders Meetup Graz
 

Recently uploaded

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Recently uploaded (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

Automate Compliance with InSpec and Chef Automate

  • 1. Compliance Automation with InSpec and Chef Automate Infracoders/ DevOps / CloudNativeMeetup GRAZ - 11th September, 2018
  • 2. Agenda 19:00-20:00 Talk • Do you know all your IT-vulnerabilities? • Edmund Haselwanter,CEO @ Infralovers 20:00-21:00 Networking • At the bar in the front www.infralovers.com
  • 3. A little bit of History • Client: Can we automate our Compliance Profiles? > YES, we can! • Prototype with Serverspec for Compliance Check Automation and Chef and Puppet for Infrastructure Automation • Opensourced at https://dev-sec.io www.infralovers.com
  • 4.
  • 5.
  • 6.
  • 7. A little bit of History II • Birth of InSpec (https://inspec.io) ✓ Inspired by Serverspec ✓ Compliance Primitives (Profiles, Weight, Description, ..) ✓ Better Transport Options (SSH/WinRM/Docker) ✓ A lot more Resources • InSpec 2.0 Supports Cloud Platforms like AWS, Azure, … www.infralovers.com
  • 8.
  • 9. PART OF A PROCESS OF CONTINUOUS COMPLIANCE Scan for Compliance Build & Test Locally Build & Test CI/CD Remediate Verify A SIMPLE EXAMPLE OF AN INSPEC CIS RULE InSpec ▪ Translate compliance into Code ▪ Clearly express statements of policy ▪ Move risk to build/test from runtime ▪ Find issues early ▪ Write code quickly ▪ Run code anywhere ▪ Inspect machines, data and APIs Turn security and compliance into code control ‘cis-1.4.1’ do title ‘1.4.1 Enable SELinux in /etc/grub.conf’ desc ‘ Do not disable SELinux and enforcing in your GRUB configuration. These are important security features that prevent attackers from escalating their access to your systems. For reference see … ‘ impact 1.0 expect(grub_conf.param ‘selinux’).to_not eq ‘0’ expect(grub_conf.param ‘enforcing’).to_not eq ‘0’ end
  • 11. Compliance as Code ROLE OF THE COMPLIANCE OFFICERACCELERATED CYCLE INFRASTRUCTURE AS CODE POLICY AS CODE PRACTICE AS CODE Separate certificatio n & testing Common language for describing & applying policy Compliance at velocity Compliance at VelocityManual Compliance Reactive engagement Proactive engagement Checking implementations by hand Expressing policy as testable code Short term compliance Long term process improvement One language, One workflow
  • 12. Linux Demo https://kitchen.ci + InSpec for Infracode Testing
  • 14. AWS Demo Provision: Terraform Detect: InSpec www.infralovers.com
  • 15. Chef Automate • Commercial Offeringfrom Chef Inc • Comes with readymade Compliance Profiles • Supports Notifications(e.g. Slack/ServiceNow/Custom) • Shiny Web UI to gain Visibility into current State www.infralovers.com
  • 16. The Chef Automate Platform Continuous Automation for High Velocity IT Workflow • Local development • Integration • Tooling (APIs & SDKs) COLLABORATE ▪ Package ▪ Test ▪ Approve BUILD ▪ Provision ▪ Configure ▪ Execute ▪ Update DEPLOY ▪ Secure ▪ Comply ▪ Audit ▪ Measure ▪ Log MANAGE Infrastructure Automation Compliance AutomationApplication Automation OSS AUTOMATION ENGINES Increase Speed ▪ Package infrastructure and app configuration as code ▪ Continuously automate infrastructure and app updates Improve Efficiency ▪ Define and execute standard workflows and automation ▪ Audit and measure effectiveness of automation Decrease Risk ▪ Define compliance rules as code ▪ Deliver continuous compliance as part of standard workflow
  • 17. Jumpstart your compliance test coverage Compliance in production Amazon Linux 2014.09 / 2015.03 CentOS 6 / 7 HP UX 11i IBM AIX 5.3 / 6.1 / 7.1 RHEL 6 / 7 SLES 11 / 12 Ubuntu Server 12.04 / 14.04 Windows 7 / 8 / 10 / 2012 / 2012R2 Chef Automate ships with profiles for:
  • 18. Visibility into the real-time compliance of your entire fleet Compliance in production
  • 20. Automate Demo Windows Example www.infralovers.com SLACK Alert