SlideShare a Scribd company logo

Introduction To Continuous Compliance & Remediation

N
Nicole Johnson

Success with DevOps can be measured with a number of different metrics. How frequently are systems audited for compliance to various policies? How long does it take to remediate a failing control or vulnerability? This workshop provide an introduction to practice of continuous compliance and remediation. The workshop uses InSpec and Chef for compliance and remediation, respectively. InSpec is an open-source testing framework for infrastructure with a human-readable language for specifying compliance, security and other policy requirements. Chef is an open-source framework for infrastructure automation. Easily integrate automated tests that check for adherence to policy into any stage of your deployment pipeline. During this session, participants will: Run InSpec locally on a machine Run InSpec on a remote machine Use InSpec in the Chef cookbook development process for integration testing By the end of this class participants will be able to: Execute an InSpec test on a local machine Execute an InSpec test on a remote machine Generate an InSpec profile Add InSpec-based integration test to a Chef cookbook Run InSpec-based integrations tests during Chef cookbook development Prerequisites Participants should bring a wifi-enabled laptop to the workshop. Participants will be given a remote workstation with all prerequisites installed. The only thing required to access these workstations will be an SSH client (PuTTY on Windows) and familiarity with a interactive text editor (Vi/Vim, Emacs, or Nano). It’s best that participants of this workshop have some familiarity and comfort with the following: Writing code (of just about any flavor) in a text editor Working on the command line Basic system administration – installing packages, configuring those packages, starting service

Technology
1 of 92
Download to read offline
Compliance Automation with InSpec Nicole Johnson Nathen Harvey
Learning Lab
Join Slack Team & Channel http://community-slack.chef.io
Find your IP Address
The authenticity of host '52.54.113.210 (52.54.113.210)' can't be established. ECDSA key fingerprint is SHA256:zAtoeO29XbhRNvwg542cuh4qsKCEaX8hNIlEOCbgd3I. Are you sure you want to continue connecting (yes/no)? Login to remote workstation ssh chef@IP_ADDRESS
The authenticity of host '52.54.113.210 (52.54.113.210)' can't be established. ECDSA key fingerprint is SHA256:zAtoeO29XbhRNvwg542cuh4qsKCEaX8hNIlEOCbgd3I. Are you sure you want to continue connecting (yes/no)? yes Login to remote workstation ssh chef@IP_ADDRESS
The authenticity of host '52.54.113.210 (52.54.113.210)' can't be established. ECDSA key fingerprint is SHA256:zAtoeO29XbhRNvwg542cuh4qsKCEaX8hNIlEOCbgd3I. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '52.54.113.210' (ECDSA) to the list of known hosts. chef@52.54.113.210's password: Login to remote workstation ssh chef@IP_ADDRESS
The authenticity of host '52.54.113.210 (52.54.113.210)' can't be established. ECDSA key fingerprint is SHA256:zAtoeO29XbhRNvwg542cuh4qsKCEaX8hNIlEOCbgd3I. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '52.54.113.210' (ECDSA) to the list of known hosts. chef@52.54.113.210's password: chef Login to remote workstation ssh chef@IP_ADDRESS
Touch a file with your name touch firstname-lastname
firstname-lastname cookbooks Berksfile profiles nodes Berksfile.lock config.json List your home directory ls -t
/opt/chefdk/bin/inspec Verify the installation which inspec
1.31.1 Verify the installation inspec version
Chef Development Kit Version: 2.0.28 chef-client version: 13.2.20 delivery version: master (17c1b0fed9be4c70f69091a6d21a4cbf0df60a23) berks version: 6.2.0 kitchen version: 1.16.0 inspec version: 1.31.1 Verify the installation chef --version
The Chef Automate Platform Continuous Automation for High Velocity IT COLLABORATE BUILD DEPLOY MANAGE Infrastructure Automation Compliance AutomationApplication Automation OSS AUTOMATION ENGINES Increase Speed ▪ Package infrastructure and app configuration as code ▪ Continuously automate infrastructure and app updates Improve Efficiency ▪ Define and execute standard workflows and automation ▪ Audit and measure effectiveness of automation Decrease Risk ▪ Define compliance rules as code ▪ Deliver continuous compliance as part of standard workflow
Chef DK - The Chef Development Kit ▪ Validate your Chef code against Chef best practices ▪ Extend with rules to enforce organizational Chef development best practices ▪ Enforce compliance & security practices Foodcritic Test Your “Chef Style” ▪ Validate your Chef code against Ruby best practices ▪ Identify potential Ruby errors Unclosed strings, etc. ▪ Identify style/convention that helps write better code Single quotes vs. double quotes CookStyle Validate your Ruby ▪ Validate your Chef code will run ▪ Testing for more Chef advanced use cases ▪ Useful for regression testing ChefSpec Simulate Chef ▪ Executes your Chef code on an instance or container ▪ Integrates with Cloud and Virtualization providers ▪ Validate your Chef code locally before sharing ▪ Speed development of Chef Cookbooks Test Kitchen Let’s do this (almost) for real ▪ Assert the intention of your Chef code ▪ Verify on live systems that your Chef code produced the correct result ▪ Confirm your Chef code didn’t not produce compliance drift InSpec Verify automation results & ensure compliance FAST INEXPENSIVE TESTING DEEP INTEGRATION TESTING •Definitive tooling for local development of Chef code & Infrastructure as Code development https://downloads.chef.io/chefdk/
Continuous Compliance Chef Automate and InSpec Profiles
Chef Topology Chef Server Workstation Manage NodeManage NodeManage NodeManage NodeManage NodeManage Node Chef Automate
Browse to your node
Browse to your node
View details of your node
View details of your node
View details of your node
View details of your node
The node uses chef solo
Chef Automate – Node View § View aggregate status of your infrastructure • Overall & trend views of converge status • Overall & trend views of compliance status • Filter & search options § View details of any node • Status of converged resources • Run List applied to the node • Attributes of the node
Chef Solo Executes chef-client without relying on a Chef Server to provide configuration policies (cookbooks, environments, etc.) https://docs.chef.io/chef_solo.html
Chef Solo § With chef-solo… • Use a local directory for configuration policy ▪ Or a URL from which a .tar.gz file can be downloaded • Node objects are stored as a local JSON file • Attribute data is stored in a JSON file ▪ Local or remote • Does not pull from a Chef Server • Can be configured to send data to a Chef Server
Chef Client – Local Mode Local mode is a way to run the chef-client against the chef-repo on a local machine as if it were running against the Chef server. https://docs.chef.io/ctl_chef_client.html#run-in-local-mode
Go home cd ~
[2017-03-10T14:05:49+00:00] INFO: Forking chef instance to converge... Starting Chef Client, version 12.18.31 ... Converging 0 resources [2017-03-10T14:05:51+00:00] INFO: Chef Run complete in 0.19413018 seconds Running handlers: [2017-03-10T14:05:51+00:00] INFO: Running report handlers Running handlers complete [2017-03-10T14:05:51+00:00] INFO: Report handlers complete Chef Client finished, 0/0 resources updated in 01 seconds Run chef-client in local mode sudo run_chef
Check the converge status in Automate
Starting Chef Client, version 13.2.20 resolving cookbooks for run list: ["audit::default"] Synchronizing Cookbooks: - compat_resource (12.19.0) - audit (4.1.1) Installing Cookbook Gems: Compiling Cookbooks... Recipe: audit::inspec * inspec_gem[inspec] action install (up to date) Converging 1 resources * inspec_gem[inspec] action nothing (skipped due to action :nothing) Running handlers: ... - Chef::Handler::AuditReport Running handlers complete ... Chef Client finished, 0/2 resources updated in 03 seconds Run with additional parameters sudo run_chef "recipe[audit::default]"
Check the converge status in Automate
Check the converge status in Automate
Check the converge status in Automate
Check the compliance status in Automate
Check the compliance status in Automate
Check the compliance status in Automate
Check the compliance status in Automate
Check the compliance status in Automate
Review the set-up tying it all together
Go home cd ~
Berksfile Berksfile.lock config.json cookbooks/ firstname-lastname nodes/ profiles/ List contents ls
audit/ compat_resource/ List cookbooks ls cookbooks
Audit Cookbook 1. Install InSpec 2. Run InSpec profiles 3. Report results to Chef Automate
Compat Resource Cookbook • Adds functionality introduced in the latest chef-client releases to any chef- client from 12.1 onwards. • Includes • Custom Resource functionality • notification improvements • new resources added to core chef • Allows for these new resources in cookbooks without requiring the very latest Chef client release.
{ "audit": { "reporter": "chef-automate", "inspec_version": "1.31.1", "profiles": [ { "name": "ssh", "path": "/home/chef/profiles/ssh" } ] } } config.json cat config.json
profiles/ └── ssh ├── controls │ └── ssh.rb └── inspec.yml 2 directories, 2 files Local Profiles tree profiles
Profile: SSH Configuration (ssh) Version: 0.1.0 Target: local:// × sshd-1.0: SSH Version 2 ( expected: 2 got: (compared using `cmp` matcher) ) × SSH Configuration Protocol should cmp == 2 expected: 2 got: (compared using `cmp` matcher) Profile Summary: 0 successful, 1 failures, 0 skipped Test Summary: 0 successful, 1 failures, 0 skipped Run Locally with InSpec inspec exec profiles/ssh
Next Steps 1. Remediate the failing control 2. Run the audit cookbook to verify the remediation 3. View the compliant node in Automate
Remediate Failing SSH Control
Simple SSH Cookbook • A server recipe to manage the sshd_config file • Local test environment configured
Move to the cookbooks directory cd ~/cookbooks
Generating cookbook ssh - Ensuring correct cookbook file content - Committing cookbook files to git - Ensuring delivery configuration - Ensuring correct delivery build cookbook content - Adding delivery configuration to feature branch - Adding build cookbook to feature branch - Merging delivery content feature branch to master Your cookbook is ready. Type `cd ssh` to enter it. There are several commands you can run to get started locally developing and testing your cookbook. Type `delivery local --help` to see a full list. Why not start by writing a test? Tests for the default recipe are stored at: test/smoke/default/default_test.rb If you'd prefer to dive right in, the default recipe can be found at: recipes/default.rb Generate an ssh cookbook chef generate cookbook ssh
Recipe: code_generator::recipe * directory[./ssh/spec/unit/recipes] action create (up to date) * cookbook_file[./ssh/spec/spec_helper.rb] action create_if_missing (up to date) * template[./ssh/spec/unit/recipes/server_spec.rb] action create_if_missing - create new file ./ssh/spec/unit/recipes/server_spec.rb - update content in file ./ssh/spec/unit/recipes/server_spec.rb from none to d14960 (diff output suppressed by config) * directory[./ssh/test/smoke/default] action create (up to date) * template[./ssh/test/smoke/default/server.rb] action create_if_missing - create new file ./ssh/test/smoke/default/server.rb - update content in file ./ssh/test/smoke/default/server.rb from none to aa8bba (diff output suppressed by config) * template[./ssh/recipes/server.rb] action create - create new file ./ssh/recipes/server.rb - update content in file ./ssh/recipes/server.rb from none to 18f24e (diff output suppressed by config) Add a server recipe to the ssh cookbook chef generate recipe ssh server
Recipe: code_generator::template * directory[./ssh/templates/default] action create - create new directory ./ssh/templates/default * file[./ssh/templates/sshd_config.erb] action create - create new file ./ssh/templates/sshd_config.erb - update content in file ./ssh/templates/sshd_config.erb from none to a16b11 (diff output suppressed by config) Add a template to the cookbook chef generate template ssh sshd_config -s /etc/ssh/sshd_config
Move to the ssh cookbook’s directory cd ~/cookbooks/ssh
~/cookbooks/ssh/recipes/server.rb template '/etc/ssh/sshd_config' do source 'sshd_config.erb' owner 'root' group 'root' mode '0600' end Code the server recipe
Remember… Infrastructure policies need testing • Linting • Static Analysis • Unit Testing • Integration Testing • Compliance Testing "Infrastructure as Code" should be tested like ANY other codebase.
Test-driven Development • Write a test, watch it fail • Write some code • Write and run more tests • Code review • Delivery pipeline to production • Lowered chance of production failure Add a test Run the tests Make a little change Run the tests pass [development continues]fail fail pass pass [development stops]
Testing the change
~/cookbooks/ssh/.kitchen.yml --- driver: name: vagrant name: docker ... Test Kitchen Configuration (1 of 3) - +
~/cookbooks/ssh/.kitchen.yml ... platforms: - name: ubuntu-16.04 - name: centos-7.3 ... Test Kitchen Configuration (2 of 3) -
+ ~/cookbooks/ssh/.kitchen.yml suites: - name: default - name: server run_list: - recipe[ssh::default] - recipe[ssh::server] verifier: inspec_tests: - test/smoke/default - /home/chef/profiles/ssh attributes: Test Kitchen Configuration (3 of 3) + - - + -
~/cookbooks/ssh/.kitchen.yml --- driver: name: docker provisioner: name: chef_zero always_update_cookbooks: true verifier: name: inspec platforms: - name: centos-7.3 suites: - name: server run_list: - recipe[ssh::server] verifier: inspec_tests: - /home/chef/profiles/ssh attributes: Test Kitchen Final Configuration
Move to the cookbook’s directory cd ~/cookbooks/ssh
Instance Driver Provisioner Verifier Transport Last Action Last Error server-centos-73 Docker ChefZero Inspec Ssh <Not Created> <None> List the kitchens kitchen list
-----> Starting Kitchen (v1.16.0) ... -----> Creating <server-centos-73>... Sending build context to Docker daemon 202.2 kB Sending build context to Docker daemon Step 0 : FROM centos:centos7 ... Running handlers: [2017-03-12T02:26:16+00:00] INFO: Running report handlers Running handlers complete [2017-03-12T02:26:16+00:00] INFO: Report handlers complete Chef Client finished, 1/1 resources updated in 01 seconds Finished converging <server-centos-73> (0m23.54s). -----> Kitchen is finished. (1m0.39s) Converge kitchen converge
Instance Driver Provisioner Verifier Transport Last Action Last Error server-centos-73 Docker ChefZero Inspec Ssh Converged <None> List the kitchens kitchen list
Test-driven Development Add a test Run the tests Make a little change Run the tests pass [development continues]fail fail pass pass [development stops]
-----> Verifying <server-centos-73>... Loaded Target: ssh://kitchen@localhost:32771 × sshd-1.0: SSH Version 2 ( expected: 2 got: (compared using `cmp` matcher) ) × SSH Configuration Protocol should cmp == 2 expected: 2 got: (compared using `cmp` matcher) Profile Summary: 0 successful, 1 failures, 0 skipped Test Summary: 0 successful, 1 failures, 0 skipped >>>>>> ------Exception------- >>>>>> Class: Kitchen::ActionFailed >>>>>> Message: 1 actions failed. >>>>>> Verify failed on instance <server-centos-73>. Please see .kitchen/logs/server-centos-73.log for more details >>>>>> ---------------------- >>>>>> Please see .kitchen/logs/kitchen.log for more details >>>>>> Also try running `kitchen diagnose --all` for configuration Verify the Kitchen kitchen verify
Test-driven Development Add a test Run the tests Make a little change fail pass
~/cookbooks/ssh/templates/sshd_config.erb #ListenAddress 0.0.0.0 #ListenAddress :: # The default requires explicit activation of protocol 1 #Protocol 2 Protocol 2 # HostKey for protocol version 1 Edit the SSH Configuration Template + -
Test-driven Development Add a test Run the tests Make a little change Run the tests pass [development continues]fail fail pass pass [development stops]
-----> Starting Kitchen (v1.15.0) ... -----> Converging <server-centos-73>... ... # The default requires explicit activation of protocol 1 -#Protocol 2 +Protocol 2 # HostKey for protocol version 1 ... Running handlers: [2017-03-12T02:32:32+00:00] INFO: Running report handlers Running handlers complete [2017-03-12T02:32:32+00:00] INFO: Report handlers complete Chef Client finished, 1/1 resources updated in 01 seconds Finished converging <server-centos-73> (0m16.32s). -----> Kitchen is finished. (0m17.34s) Converge kitchen converge
-----> Starting Kitchen (v1.15.0) ... -----> Verifying <server-centos-73>... Loaded Target: ssh://kitchen@localhost:32771 ✔ sshd-1.0: SSH Version 2 ✔ SSH Configuration Protocol should cmp == 2 Profile Summary: 1 successful, 0 failures, 0 skipped Test Summary: 1 successful, 0 failures, 0 skipped Finished verifying <server-centos-73> (0m0.22s). -----> Kitchen is finished. (0m1.27s) Verify the remediation kitchen verify
Test-driven Development Add a test Run the tests Make a little change Run the tests pass [development continues]fail fail pass pass [development stops]
-----> Starting Kitchen (v1.15.0) ... -----> Cleaning up any prior instances of <server-centos-73> -----> Destroying <server-centos-73>... ... -----> Testing <server-centos-73> -----> Creating <server-centos-73>... ... -----> Creating <server-centos-73>... ... Finished creating <server-centos-73> (0m0.60s). -----> Converging <server-centos-73>... ... Test the Kitchen (1of 2) kitchen test
-----> Installing Chef Omnibus (install only if missing) ... -----> Setting up <server-centos-73>... Finished setting up <server-centos-73> (0m0.00s). -----> Verifying <server-centos-73>... ... Profile Summary: 1 successful, 0 failures, 0 skipped Test Summary: 1 successful, 0 failures, 0 skipped Finished verifying <server-centos-73> (0m0.51s). -----> Destroying <server-centos-73>... ... -----> Kitchen is finished. (0m25.18s) Test the Kitchen (2 of 2) kitchen test 25 seconds!
What’s next? • Test-driven development cycle is complete! • Deploy the change
Starting Chef Client, version 13.2.20 resolving cookbooks for run list: ["ssh::server", "audit::default"] Synchronizing Cookbooks: - ssh (0.1.0) - compat_resource (12.19.0) - audit (4.1.1) ... Recipe: ssh::server * template[/etc/ssh/sshd_config] action create - update content in file /etc/ssh/sshd_config from a16b11 to 95bf0b --- /etc/ssh/sshd_config 2017-07-21 14:11:35.633365540 +0000 +++ /etc/ssh/.chef-sshd_config20170721-14752-1nhnr9q 2017-07-21 16:07:19.169879754 +0000 @@ -20,7 +20,7 @@ #ListenAddress :: # The default requires explicit activation of protocol 1 -#Protocol 2 +Protocol 2 ... Running handlers complete ... Chef Client finished, 1/3 resources updated in 09 seconds Remediate with Chef sudo run_chef "recipe[ssh::server],recipe[audit::default]"
Verify Converge Status in Automate
Verify Compliance Status in Automate
More hands-on Exercises Still have time to play around?
Server SSH Key • Write a control that: • Tests for the existence of /etc/ssh/ssh_host_rsa_key, • Tests that /etc/ssh/ssh_host_rsa_key contains “BEGIN RSA PRIVATE KEY”. • Check out the InSpec Resource documentation at http://inspec.io/docs/reference/resources/ for what you can use
Ensure SSH root login is disabled • The PermitRootLogin parameter specifies if the root user can log in using ssh(1). The default is no. • Disallowing root logins over SSH requires system admins to authenticate using their own individual account, then escalating to root via sudo or su. This in turn limits opportunity for non-repudiation and provides a clear audit trail in the event of a security incident • Add a control to ~/profiles/ssh/controls/ssh.rb
Supermarket Profiles • List profiles available on the Supermarket • View information about the dev-sec/ssh-baseline profile • Execute the dev-sec/ssh-baseline profile from the Supermarket • Write a cookbook to remediate failing controls from dev-sec/ssh-baseline • Or look at the ssh-hardening cookbook
Build additional CIS controls https://github.com/chef-training/workshops/tree/master/InSpec
Static Analysis • Ensure cookbooks pass chefstyle • Ensure cookbooks pass foodcritic
Unit Testing • Add unit testing to the cookbooks
Further Resources Where to go for additional help
Community Resources • InSpec Website, includes tutorials and docs - http://inspec.io/ • #inspec channel of the Chef Community Slack - http://community-slack.chef.io/ • InSpec category of the Chef Mailing List - https://discourse.chef.io/c/inspec • Compliance Profiles on the Supermarket - https://supermarket.chef.io/tools?type=compliance_profile • Open Source Project - https://github.com/chef/inspec

Recommended

Automating Infrastructure with Chef
Automating Infrastructure with ChefAutomating Infrastructure with Chef
Automating Infrastructure with ChefJennifer Davis
 
How to Write Chef Cookbook
How to Write Chef CookbookHow to Write Chef Cookbook
How to Write Chef Cookbookdevopsjourney
 
Testable Infrastructure with Chef, Test Kitchen, and Docker
Testable Infrastructure with Chef, Test Kitchen, and DockerTestable Infrastructure with Chef, Test Kitchen, and Docker
Testable Infrastructure with Chef, Test Kitchen, and DockerMandi Walls
 
Test Driven Development with Chef
Test Driven Development with ChefTest Driven Development with Chef
Test Driven Development with ChefSimone Soldateschi
 
Node setup, resource, and recipes - Fundamentals Webinar Series Part 2
Node setup, resource, and recipes - Fundamentals Webinar Series Part 2Node setup, resource, and recipes - Fundamentals Webinar Series Part 2
Node setup, resource, and recipes - Fundamentals Webinar Series Part 2Chef
 
Azure handsonlab
Azure handsonlabAzure handsonlab
Azure handsonlabChef
 
Introduction to Chef: Automate Your Infrastructure by Modeling It In Code
Introduction to Chef: Automate Your Infrastructure by Modeling It In CodeIntroduction to Chef: Automate Your Infrastructure by Modeling It In Code
Introduction to Chef: Automate Your Infrastructure by Modeling It In CodeJosh Padnick
 
Introduction to Chef - April 22 2015
Introduction to Chef - April 22 2015Introduction to Chef - April 22 2015
Introduction to Chef - April 22 2015Jennifer Davis
 

Recommended

Automating Infrastructure with Chef
Automating Infrastructure with ChefAutomating Infrastructure with Chef
Automating Infrastructure with ChefJennifer Davis
 
How to Write Chef Cookbook
How to Write Chef CookbookHow to Write Chef Cookbook
How to Write Chef Cookbookdevopsjourney
 
Testable Infrastructure with Chef, Test Kitchen, and Docker
Testable Infrastructure with Chef, Test Kitchen, and DockerTestable Infrastructure with Chef, Test Kitchen, and Docker
Testable Infrastructure with Chef, Test Kitchen, and DockerMandi Walls
 
Test Driven Development with Chef
Test Driven Development with ChefTest Driven Development with Chef
Test Driven Development with ChefSimone Soldateschi
 
Node setup, resource, and recipes - Fundamentals Webinar Series Part 2
Node setup, resource, and recipes - Fundamentals Webinar Series Part 2Node setup, resource, and recipes - Fundamentals Webinar Series Part 2
Node setup, resource, and recipes - Fundamentals Webinar Series Part 2Chef
 
Azure handsonlab
Azure handsonlabAzure handsonlab
Azure handsonlabChef
 
Introduction to Chef: Automate Your Infrastructure by Modeling It In Code
Introduction to Chef: Automate Your Infrastructure by Modeling It In CodeIntroduction to Chef: Automate Your Infrastructure by Modeling It In Code
Introduction to Chef: Automate Your Infrastructure by Modeling It In CodeJosh Padnick
 
Introduction to Chef - April 22 2015
Introduction to Chef - April 22 2015Introduction to Chef - April 22 2015
Introduction to Chef - April 22 2015Jennifer Davis
 
Introduction to Chef - Techsuperwomen Summit
Introduction to Chef - Techsuperwomen SummitIntroduction to Chef - Techsuperwomen Summit
Introduction to Chef - Techsuperwomen SummitJennifer Davis
 
Chef-Zero & Local Mode
Chef-Zero & Local ModeChef-Zero & Local Mode
Chef-Zero & Local ModeMichael Goetz
 
Node object and roles - Fundamentals Webinar Series Part 3
Node object and roles - Fundamentals Webinar Series Part 3Node object and roles - Fundamentals Webinar Series Part 3
Node object and roles - Fundamentals Webinar Series Part 3Chef
 
Community Cookbooks & further resources - Fundamentals Webinar Series Part 6
Community Cookbooks & further resources - Fundamentals Webinar Series Part 6Community Cookbooks & further resources - Fundamentals Webinar Series Part 6
Community Cookbooks & further resources - Fundamentals Webinar Series Part 6Chef
 
Chef introduction
Chef introductionChef introduction
Chef introductionFENG Zhichao
 
Compliance Automation Workshop
Compliance Automation WorkshopCompliance Automation Workshop
Compliance Automation WorkshopChef
 
Test-Driven Infrastructure with Chef
Test-Driven Infrastructure with ChefTest-Driven Infrastructure with Chef
Test-Driven Infrastructure with ChefMichael Lihs
 
Common configuration with Data Bags - Fundamentals Webinar Series Part 4
Common configuration with Data Bags - Fundamentals Webinar Series Part 4Common configuration with Data Bags - Fundamentals Webinar Series Part 4
Common configuration with Data Bags - Fundamentals Webinar Series Part 4Chef
 
Environments - Fundamentals Webinar Series Week 5
Environments - Fundamentals Webinar Series Week 5Environments - Fundamentals Webinar Series Week 5
Environments - Fundamentals Webinar Series Week 5Chef
 
Chef, Devops, and You
Chef, Devops, and YouChef, Devops, and You
Chef, Devops, and YouBryan Berry
 
Understand Chef
Understand ChefUnderstand Chef
Understand Chefdevopsjourney
 
Chef Fundamentals Training Series Module 3: Setting up Nodes and Cookbook Aut...
Chef Fundamentals Training Series Module 3: Setting up Nodes and Cookbook Aut...Chef Fundamentals Training Series Module 3: Setting up Nodes and Cookbook Aut...
Chef Fundamentals Training Series Module 3: Setting up Nodes and Cookbook Aut...Chef Software, Inc.
 
Server Installation and Configuration with Chef
Server Installation and Configuration with ChefServer Installation and Configuration with Chef
Server Installation and Configuration with ChefRaimonds Simanovskis
 
Introduction to Chef
Introduction to ChefIntroduction to Chef
Introduction to Chefkevsmith
 
CLUG 2014-10 - Cookbook CI with Jenkins
CLUG 2014-10 - Cookbook CI with JenkinsCLUG 2014-10 - Cookbook CI with Jenkins
CLUG 2014-10 - Cookbook CI with JenkinsZachary Stevens
 
Chef Fundamentals Training Series Module 2: Workstation Setup
Chef Fundamentals Training Series Module 2: Workstation SetupChef Fundamentals Training Series Module 2: Workstation Setup
Chef Fundamentals Training Series Module 2: Workstation SetupChef Software, Inc.
 
Chef Cookbook Workflow
Chef Cookbook WorkflowChef Cookbook Workflow
Chef Cookbook WorkflowAmazon Web Services
 
Infrastructure Automation with Chef
Infrastructure Automation with ChefInfrastructure Automation with Chef
Infrastructure Automation with ChefJonathan Weiss
 
Testing for infra code using test-kitchen,docker,chef
Testing for infra code using test-kitchen,docker,chefTesting for infra code using test-kitchen,docker,chef
Testing for infra code using test-kitchen,docker,chefkamalikamj
 
Compliance Automation with Inspec Part 4
Compliance Automation with Inspec Part 4Compliance Automation with Inspec Part 4
Compliance Automation with Inspec Part 4Chef
 
Compliance Automation with InSpec
Compliance Automation with InSpec Compliance Automation with InSpec
Compliance Automation with InSpec Nathen Harvey
 
Cook Infrastructure with chef -- Justeat.IN
Cook Infrastructure with chef -- Justeat.INCook Infrastructure with chef -- Justeat.IN
Cook Infrastructure with chef -- Justeat.INRajesh Hegde
 

More Related Content

What's hot

Introduction to Chef - Techsuperwomen Summit
Introduction to Chef - Techsuperwomen SummitIntroduction to Chef - Techsuperwomen Summit
Introduction to Chef - Techsuperwomen SummitJennifer Davis
 
Chef-Zero & Local Mode
Chef-Zero & Local ModeChef-Zero & Local Mode
Chef-Zero & Local ModeMichael Goetz
 
Node object and roles - Fundamentals Webinar Series Part 3
Node object and roles - Fundamentals Webinar Series Part 3Node object and roles - Fundamentals Webinar Series Part 3
Node object and roles - Fundamentals Webinar Series Part 3Chef
 
Community Cookbooks & further resources - Fundamentals Webinar Series Part 6
Community Cookbooks & further resources - Fundamentals Webinar Series Part 6Community Cookbooks & further resources - Fundamentals Webinar Series Part 6
Community Cookbooks & further resources - Fundamentals Webinar Series Part 6Chef
 
Compliance Automation Workshop
Compliance Automation WorkshopCompliance Automation Workshop
Compliance Automation WorkshopChef
 
Test-Driven Infrastructure with Chef
Test-Driven Infrastructure with ChefTest-Driven Infrastructure with Chef
Test-Driven Infrastructure with ChefMichael Lihs
 
Common configuration with Data Bags - Fundamentals Webinar Series Part 4
Common configuration with Data Bags - Fundamentals Webinar Series Part 4Common configuration with Data Bags - Fundamentals Webinar Series Part 4
Common configuration with Data Bags - Fundamentals Webinar Series Part 4Chef
 
Environments - Fundamentals Webinar Series Week 5
Environments - Fundamentals Webinar Series Week 5Environments - Fundamentals Webinar Series Week 5
Environments - Fundamentals Webinar Series Week 5Chef
 
Chef, Devops, and You
Chef, Devops, and YouChef, Devops, and You
Chef, Devops, and YouBryan Berry
 
Chef Fundamentals Training Series Module 3: Setting up Nodes and Cookbook Aut...
Chef Fundamentals Training Series Module 3: Setting up Nodes and Cookbook Aut...Chef Fundamentals Training Series Module 3: Setting up Nodes and Cookbook Aut...
Chef Fundamentals Training Series Module 3: Setting up Nodes and Cookbook Aut...Chef Software, Inc.
 
Server Installation and Configuration with Chef
Server Installation and Configuration with ChefServer Installation and Configuration with Chef
Server Installation and Configuration with ChefRaimonds Simanovskis
 
Introduction to Chef
Introduction to ChefIntroduction to Chef
Introduction to Chefkevsmith
 
CLUG 2014-10 - Cookbook CI with Jenkins
CLUG 2014-10 - Cookbook CI with JenkinsCLUG 2014-10 - Cookbook CI with Jenkins
CLUG 2014-10 - Cookbook CI with JenkinsZachary Stevens
 
Chef Fundamentals Training Series Module 2: Workstation Setup
Chef Fundamentals Training Series Module 2: Workstation SetupChef Fundamentals Training Series Module 2: Workstation Setup
Chef Fundamentals Training Series Module 2: Workstation SetupChef Software, Inc.
 
Infrastructure Automation with Chef
Infrastructure Automation with ChefInfrastructure Automation with Chef
Infrastructure Automation with ChefJonathan Weiss
 
Testing for infra code using test-kitchen,docker,chef
Testing for infra code using test-kitchen,docker,chefTesting for infra code using test-kitchen,docker,chef
Testing for infra code using test-kitchen,docker,chefkamalikamj
 
Compliance Automation with Inspec Part 4
Compliance Automation with Inspec Part 4Compliance Automation with Inspec Part 4
Compliance Automation with Inspec Part 4Chef
 

What's hot (20)

Introduction to Chef - Techsuperwomen Summit
Introduction to Chef - Techsuperwomen SummitIntroduction to Chef - Techsuperwomen Summit
Introduction to Chef - Techsuperwomen Summit
 
Chef-Zero & Local Mode
Chef-Zero & Local ModeChef-Zero & Local Mode
Chef-Zero & Local Mode
 
Node object and roles - Fundamentals Webinar Series Part 3
Node object and roles - Fundamentals Webinar Series Part 3Node object and roles - Fundamentals Webinar Series Part 3
Node object and roles - Fundamentals Webinar Series Part 3
 
Community Cookbooks & further resources - Fundamentals Webinar Series Part 6
Community Cookbooks & further resources - Fundamentals Webinar Series Part 6Community Cookbooks & further resources - Fundamentals Webinar Series Part 6
Community Cookbooks & further resources - Fundamentals Webinar Series Part 6
 
Chef introduction
Chef introductionChef introduction
Chef introduction
 
Compliance Automation Workshop
Compliance Automation WorkshopCompliance Automation Workshop
Compliance Automation Workshop
 
Test-Driven Infrastructure with Chef
Test-Driven Infrastructure with ChefTest-Driven Infrastructure with Chef
Test-Driven Infrastructure with Chef
 
Common configuration with Data Bags - Fundamentals Webinar Series Part 4
Common configuration with Data Bags - Fundamentals Webinar Series Part 4Common configuration with Data Bags - Fundamentals Webinar Series Part 4
Common configuration with Data Bags - Fundamentals Webinar Series Part 4
 
Environments - Fundamentals Webinar Series Week 5
Environments - Fundamentals Webinar Series Week 5Environments - Fundamentals Webinar Series Week 5
Environments - Fundamentals Webinar Series Week 5
 
Chef, Devops, and You
Chef, Devops, and YouChef, Devops, and You
Chef, Devops, and You
 
Understand Chef
Understand ChefUnderstand Chef
Understand Chef
 
Chef Fundamentals Training Series Module 3: Setting up Nodes and Cookbook Aut...
Chef Fundamentals Training Series Module 3: Setting up Nodes and Cookbook Aut...Chef Fundamentals Training Series Module 3: Setting up Nodes and Cookbook Aut...
Chef Fundamentals Training Series Module 3: Setting up Nodes and Cookbook Aut...
 
Server Installation and Configuration with Chef
Server Installation and Configuration with ChefServer Installation and Configuration with Chef
Server Installation and Configuration with Chef
 
Introduction to Chef
Introduction to ChefIntroduction to Chef
Introduction to Chef
 
CLUG 2014-10 - Cookbook CI with Jenkins
CLUG 2014-10 - Cookbook CI with JenkinsCLUG 2014-10 - Cookbook CI with Jenkins
CLUG 2014-10 - Cookbook CI with Jenkins
 
Chef Fundamentals Training Series Module 2: Workstation Setup
Chef Fundamentals Training Series Module 2: Workstation SetupChef Fundamentals Training Series Module 2: Workstation Setup
Chef Fundamentals Training Series Module 2: Workstation Setup
 
Chef Cookbook Workflow
Chef Cookbook WorkflowChef Cookbook Workflow
Chef Cookbook Workflow
 
Infrastructure Automation with Chef
Infrastructure Automation with ChefInfrastructure Automation with Chef
Infrastructure Automation with Chef
 
Testing for infra code using test-kitchen,docker,chef
Testing for infra code using test-kitchen,docker,chefTesting for infra code using test-kitchen,docker,chef
Testing for infra code using test-kitchen,docker,chef
 
Compliance Automation with Inspec Part 4
Compliance Automation with Inspec Part 4Compliance Automation with Inspec Part 4
Compliance Automation with Inspec Part 4
 

Similar to Introduction To Continuous Compliance & Remediation

Compliance Automation with InSpec
Compliance Automation with InSpec Compliance Automation with InSpec
Compliance Automation with InSpec Nathen Harvey
 
Cook Infrastructure with chef -- Justeat.IN
Cook Infrastructure with chef -- Justeat.INCook Infrastructure with chef -- Justeat.IN
Cook Infrastructure with chef -- Justeat.INRajesh Hegde
 
Introduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to ChefIntroduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to ChefAll Things Open
 
AWS re:Invent 2016: Configuration Management in the Cloud (DEV305)
AWS re:Invent 2016: Configuration Management in the Cloud (DEV305)AWS re:Invent 2016: Configuration Management in the Cloud (DEV305)
AWS re:Invent 2016: Configuration Management in the Cloud (DEV305)Amazon Web Services
 
Compliance Automation with InSpec - Chef NYC Meetup - April 2017
Compliance Automation with InSpec - Chef NYC Meetup - April 2017Compliance Automation with InSpec - Chef NYC Meetup - April 2017
Compliance Automation with InSpec - Chef NYC Meetup - April 2017adamleff
 
Testing Your Automation Code (Vagrant Version)
Testing Your Automation Code (Vagrant Version)Testing Your Automation Code (Vagrant Version)
Testing Your Automation Code (Vagrant Version)Mischa Taylor
 
Introduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to ChefIntroduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to ChefNathen Harvey
 
Automating your infrastructure with Chef
Automating your infrastructure with ChefAutomating your infrastructure with Chef
Automating your infrastructure with ChefJohn Ewart
 
Managing Servers with Chef
Managing Servers with ChefManaging Servers with Chef
Managing Servers with ChefJoe Kepley
 
Using Test Kitchen for testing Chef cookbooks
Using Test Kitchen for testing Chef cookbooksUsing Test Kitchen for testing Chef cookbooks
Using Test Kitchen for testing Chef cookbooksTimur Batyrshin
 
Configuration Management with AWS OpsWorks for Chef Automate
Configuration Management with AWS OpsWorks for Chef AutomateConfiguration Management with AWS OpsWorks for Chef Automate
Configuration Management with AWS OpsWorks for Chef AutomateAmazon Web Services
 
Atmosphere 2014: Really large scale systems configuration - Phil Dibowitz
Atmosphere 2014: Really large scale systems configuration - Phil DibowitzAtmosphere 2014: Really large scale systems configuration - Phil Dibowitz
Atmosphere 2014: Really large scale systems configuration - Phil DibowitzPROIDEA
 
Overview of Chef - Fundamentals Webinar Series Part 1
Overview of Chef - Fundamentals Webinar Series Part 1Overview of Chef - Fundamentals Webinar Series Part 1
Overview of Chef - Fundamentals Webinar Series Part 1Chef
 
Chef for Openstack
Chef for OpenstackChef for Openstack
Chef for OpenstackMohit Sethi
 
Introduction to Cooking with Chef
Introduction to Cooking with ChefIntroduction to Cooking with Chef
Introduction to Cooking with ChefJohn Osborne
 
Testing your-automation-code (vagrant version) v0.2
Testing your-automation-code (vagrant version) v0.2Testing your-automation-code (vagrant version) v0.2
Testing your-automation-code (vagrant version) v0.2Sylvain Tissot
 

Similar to Introduction To Continuous Compliance & Remediation (20)

Compliance Automation with InSpec
Compliance Automation with InSpec Compliance Automation with InSpec
Compliance Automation with InSpec
 
Cook Infrastructure with chef -- Justeat.IN
Cook Infrastructure with chef -- Justeat.INCook Infrastructure with chef -- Justeat.IN
Cook Infrastructure with chef -- Justeat.IN
 
Introduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to ChefIntroduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to Chef
 
Learning chef
Learning chefLearning chef
Learning chef
 
AWS re:Invent 2016: Configuration Management in the Cloud (DEV305)
AWS re:Invent 2016: Configuration Management in the Cloud (DEV305)AWS re:Invent 2016: Configuration Management in the Cloud (DEV305)
AWS re:Invent 2016: Configuration Management in the Cloud (DEV305)
 
Compliance Automation with InSpec - Chef NYC Meetup - April 2017
Compliance Automation with InSpec - Chef NYC Meetup - April 2017Compliance Automation with InSpec - Chef NYC Meetup - April 2017
Compliance Automation with InSpec - Chef NYC Meetup - April 2017
 
Testing Your Automation Code (Vagrant Version)
Testing Your Automation Code (Vagrant Version)Testing Your Automation Code (Vagrant Version)
Testing Your Automation Code (Vagrant Version)
 
Introduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to ChefIntroduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to Chef
 
Automating your infrastructure with Chef
Automating your infrastructure with ChefAutomating your infrastructure with Chef
Automating your infrastructure with Chef
 
Managing Servers with Chef
Managing Servers with ChefManaging Servers with Chef
Managing Servers with Chef
 
AWS OpsWorks for Chef Automate
AWS OpsWorks for Chef AutomateAWS OpsWorks for Chef Automate
AWS OpsWorks for Chef Automate
 
Chef: Smart infrastructure automation
Chef: Smart infrastructure automationChef: Smart infrastructure automation
Chef: Smart infrastructure automation
 
Using Test Kitchen for testing Chef cookbooks
Using Test Kitchen for testing Chef cookbooksUsing Test Kitchen for testing Chef cookbooks
Using Test Kitchen for testing Chef cookbooks
 
Configuration Management with AWS OpsWorks for Chef Automate
Configuration Management with AWS OpsWorks for Chef AutomateConfiguration Management with AWS OpsWorks for Chef Automate
Configuration Management with AWS OpsWorks for Chef Automate
 
Chef for openstack
Chef for openstackChef for openstack
Chef for openstack
 
Atmosphere 2014: Really large scale systems configuration - Phil Dibowitz
Atmosphere 2014: Really large scale systems configuration - Phil DibowitzAtmosphere 2014: Really large scale systems configuration - Phil Dibowitz
Atmosphere 2014: Really large scale systems configuration - Phil Dibowitz
 
Overview of Chef - Fundamentals Webinar Series Part 1
Overview of Chef - Fundamentals Webinar Series Part 1Overview of Chef - Fundamentals Webinar Series Part 1
Overview of Chef - Fundamentals Webinar Series Part 1
 
Chef for Openstack
Chef for OpenstackChef for Openstack
Chef for Openstack
 
Introduction to Cooking with Chef
Introduction to Cooking with ChefIntroduction to Cooking with Chef
Introduction to Cooking with Chef
 
Testing your-automation-code (vagrant version) v0.2
Testing your-automation-code (vagrant version) v0.2Testing your-automation-code (vagrant version) v0.2
Testing your-automation-code (vagrant version) v0.2
 

Recently uploaded

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 

Recently uploaded (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 

Introduction To Continuous Compliance & Remediation

  • 3. Join Slack Team & Channel http://community-slack.chef.io
  • 4. Find your IP Address
  • 5. The authenticity of host '52.54.113.210 (52.54.113.210)' can't be established. ECDSA key fingerprint is SHA256:zAtoeO29XbhRNvwg542cuh4qsKCEaX8hNIlEOCbgd3I. Are you sure you want to continue connecting (yes/no)? Login to remote workstation ssh chef@IP_ADDRESS
  • 6. The authenticity of host '52.54.113.210 (52.54.113.210)' can't be established. ECDSA key fingerprint is SHA256:zAtoeO29XbhRNvwg542cuh4qsKCEaX8hNIlEOCbgd3I. Are you sure you want to continue connecting (yes/no)? yes Login to remote workstation ssh chef@IP_ADDRESS
  • 7. The authenticity of host '52.54.113.210 (52.54.113.210)' can't be established. ECDSA key fingerprint is SHA256:zAtoeO29XbhRNvwg542cuh4qsKCEaX8hNIlEOCbgd3I. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '52.54.113.210' (ECDSA) to the list of known hosts. chef@52.54.113.210's password: Login to remote workstation ssh chef@IP_ADDRESS
  • 8. The authenticity of host '52.54.113.210 (52.54.113.210)' can't be established. ECDSA key fingerprint is SHA256:zAtoeO29XbhRNvwg542cuh4qsKCEaX8hNIlEOCbgd3I. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '52.54.113.210' (ECDSA) to the list of known hosts. chef@52.54.113.210's password: chef Login to remote workstation ssh chef@IP_ADDRESS
  • 9. Touch a file with your name touch firstname-lastname
  • 10. firstname-lastname cookbooks Berksfile profiles nodes Berksfile.lock config.json List your home directory ls -t
  • 13. Chef Development Kit Version: 2.0.28 chef-client version: 13.2.20 delivery version: master (17c1b0fed9be4c70f69091a6d21a4cbf0df60a23) berks version: 6.2.0 kitchen version: 1.16.0 inspec version: 1.31.1 Verify the installation chef --version
  • 14. The Chef Automate Platform Continuous Automation for High Velocity IT COLLABORATE BUILD DEPLOY MANAGE Infrastructure Automation Compliance AutomationApplication Automation OSS AUTOMATION ENGINES Increase Speed ▪ Package infrastructure and app configuration as code ▪ Continuously automate infrastructure and app updates Improve Efficiency ▪ Define and execute standard workflows and automation ▪ Audit and measure effectiveness of automation Decrease Risk ▪ Define compliance rules as code ▪ Deliver continuous compliance as part of standard workflow
  • 15. Chef DK - The Chef Development Kit ▪ Validate your Chef code against Chef best practices ▪ Extend with rules to enforce organizational Chef development best practices ▪ Enforce compliance & security practices Foodcritic Test Your “Chef Style” ▪ Validate your Chef code against Ruby best practices ▪ Identify potential Ruby errors Unclosed strings, etc. ▪ Identify style/convention that helps write better code Single quotes vs. double quotes CookStyle Validate your Ruby ▪ Validate your Chef code will run ▪ Testing for more Chef advanced use cases ▪ Useful for regression testing ChefSpec Simulate Chef ▪ Executes your Chef code on an instance or container ▪ Integrates with Cloud and Virtualization providers ▪ Validate your Chef code locally before sharing ▪ Speed development of Chef Cookbooks Test Kitchen Let’s do this (almost) for real ▪ Assert the intention of your Chef code ▪ Verify on live systems that your Chef code produced the correct result ▪ Confirm your Chef code didn’t not produce compliance drift InSpec Verify automation results & ensure compliance FAST INEXPENSIVE TESTING DEEP INTEGRATION TESTING •Definitive tooling for local development of Chef code & Infrastructure as Code development https://downloads.chef.io/chefdk/
  • 16. Continuous Compliance Chef Automate and InSpec Profiles
  • 17. Chef Topology Chef Server Workstation Manage NodeManage NodeManage NodeManage NodeManage NodeManage Node Chef Automate
  • 20. View details of your node
  • 21. View details of your node
  • 22. View details of your node
  • 23. View details of your node
  • 24. The node uses chef solo
  • 25. Chef Automate – Node View § View aggregate status of your infrastructure • Overall & trend views of converge status • Overall & trend views of compliance status • Filter & search options § View details of any node • Status of converged resources • Run List applied to the node • Attributes of the node
  • 26. Chef Solo Executes chef-client without relying on a Chef Server to provide configuration policies (cookbooks, environments, etc.) https://docs.chef.io/chef_solo.html
  • 27. Chef Solo § With chef-solo… • Use a local directory for configuration policy ▪ Or a URL from which a .tar.gz file can be downloaded • Node objects are stored as a local JSON file • Attribute data is stored in a JSON file ▪ Local or remote • Does not pull from a Chef Server • Can be configured to send data to a Chef Server
  • 28. Chef Client – Local Mode Local mode is a way to run the chef-client against the chef-repo on a local machine as if it were running against the Chef server. https://docs.chef.io/ctl_chef_client.html#run-in-local-mode
  • 30. [2017-03-10T14:05:49+00:00] INFO: Forking chef instance to converge... Starting Chef Client, version 12.18.31 ... Converging 0 resources [2017-03-10T14:05:51+00:00] INFO: Chef Run complete in 0.19413018 seconds Running handlers: [2017-03-10T14:05:51+00:00] INFO: Running report handlers Running handlers complete [2017-03-10T14:05:51+00:00] INFO: Report handlers complete Chef Client finished, 0/0 resources updated in 01 seconds Run chef-client in local mode sudo run_chef
  • 31. Check the converge status in Automate
  • 32. Starting Chef Client, version 13.2.20 resolving cookbooks for run list: ["audit::default"] Synchronizing Cookbooks: - compat_resource (12.19.0) - audit (4.1.1) Installing Cookbook Gems: Compiling Cookbooks... Recipe: audit::inspec * inspec_gem[inspec] action install (up to date) Converging 1 resources * inspec_gem[inspec] action nothing (skipped due to action :nothing) Running handlers: ... - Chef::Handler::AuditReport Running handlers complete ... Chef Client finished, 0/2 resources updated in 03 seconds Run with additional parameters sudo run_chef "recipe[audit::default]"
  • 33. Check the converge status in Automate
  • 34. Check the converge status in Automate
  • 35. Check the converge status in Automate
  • 36. Check the compliance status in Automate
  • 37. Check the compliance status in Automate
  • 38. Check the compliance status in Automate
  • 39. Check the compliance status in Automate
  • 40. Check the compliance status in Automate
  • 41. Review the set-up tying it all together
  • 43. Berksfile Berksfile.lock config.json cookbooks/ firstname-lastname nodes/ profiles/ List contents ls
  • 45. Audit Cookbook 1. Install InSpec 2. Run InSpec profiles 3. Report results to Chef Automate
  • 46. Compat Resource Cookbook • Adds functionality introduced in the latest chef-client releases to any chef- client from 12.1 onwards. • Includes • Custom Resource functionality • notification improvements • new resources added to core chef • Allows for these new resources in cookbooks without requiring the very latest Chef client release.
  • 47. { "audit": { "reporter": "chef-automate", "inspec_version": "1.31.1", "profiles": [ { "name": "ssh", "path": "/home/chef/profiles/ssh" } ] } } config.json cat config.json
  • 48. profiles/ └── ssh ├── controls │ └── ssh.rb └── inspec.yml 2 directories, 2 files Local Profiles tree profiles
  • 49. Profile: SSH Configuration (ssh) Version: 0.1.0 Target: local:// × sshd-1.0: SSH Version 2 ( expected: 2 got: (compared using `cmp` matcher) ) × SSH Configuration Protocol should cmp == 2 expected: 2 got: (compared using `cmp` matcher) Profile Summary: 0 successful, 1 failures, 0 skipped Test Summary: 0 successful, 1 failures, 0 skipped Run Locally with InSpec inspec exec profiles/ssh
  • 50. Next Steps 1. Remediate the failing control 2. Run the audit cookbook to verify the remediation 3. View the compliant node in Automate
  • 52. Simple SSH Cookbook • A server recipe to manage the sshd_config file • Local test environment configured
  • 53. Move to the cookbooks directory cd ~/cookbooks
  • 54. Generating cookbook ssh - Ensuring correct cookbook file content - Committing cookbook files to git - Ensuring delivery configuration - Ensuring correct delivery build cookbook content - Adding delivery configuration to feature branch - Adding build cookbook to feature branch - Merging delivery content feature branch to master Your cookbook is ready. Type `cd ssh` to enter it. There are several commands you can run to get started locally developing and testing your cookbook. Type `delivery local --help` to see a full list. Why not start by writing a test? Tests for the default recipe are stored at: test/smoke/default/default_test.rb If you'd prefer to dive right in, the default recipe can be found at: recipes/default.rb Generate an ssh cookbook chef generate cookbook ssh
  • 55. Recipe: code_generator::recipe * directory[./ssh/spec/unit/recipes] action create (up to date) * cookbook_file[./ssh/spec/spec_helper.rb] action create_if_missing (up to date) * template[./ssh/spec/unit/recipes/server_spec.rb] action create_if_missing - create new file ./ssh/spec/unit/recipes/server_spec.rb - update content in file ./ssh/spec/unit/recipes/server_spec.rb from none to d14960 (diff output suppressed by config) * directory[./ssh/test/smoke/default] action create (up to date) * template[./ssh/test/smoke/default/server.rb] action create_if_missing - create new file ./ssh/test/smoke/default/server.rb - update content in file ./ssh/test/smoke/default/server.rb from none to aa8bba (diff output suppressed by config) * template[./ssh/recipes/server.rb] action create - create new file ./ssh/recipes/server.rb - update content in file ./ssh/recipes/server.rb from none to 18f24e (diff output suppressed by config) Add a server recipe to the ssh cookbook chef generate recipe ssh server
  • 56. Recipe: code_generator::template * directory[./ssh/templates/default] action create - create new directory ./ssh/templates/default * file[./ssh/templates/sshd_config.erb] action create - create new file ./ssh/templates/sshd_config.erb - update content in file ./ssh/templates/sshd_config.erb from none to a16b11 (diff output suppressed by config) Add a template to the cookbook chef generate template ssh sshd_config -s /etc/ssh/sshd_config
  • 57. Move to the ssh cookbook’s directory cd ~/cookbooks/ssh
  • 58. ~/cookbooks/ssh/recipes/server.rb template '/etc/ssh/sshd_config' do source 'sshd_config.erb' owner 'root' group 'root' mode '0600' end Code the server recipe
  • 59. Remember… Infrastructure policies need testing • Linting • Static Analysis • Unit Testing • Integration Testing • Compliance Testing "Infrastructure as Code" should be tested like ANY other codebase.
  • 60. Test-driven Development • Write a test, watch it fail • Write some code • Write and run more tests • Code review • Delivery pipeline to production • Lowered chance of production failure Add a test Run the tests Make a little change Run the tests pass [development continues]fail fail pass pass [development stops]
  • 63. ~/cookbooks/ssh/.kitchen.yml ... platforms: - name: ubuntu-16.04 - name: centos-7.3 ... Test Kitchen Configuration (2 of 3) -
  • 64. + ~/cookbooks/ssh/.kitchen.yml suites: - name: default - name: server run_list: - recipe[ssh::default] - recipe[ssh::server] verifier: inspec_tests: - test/smoke/default - /home/chef/profiles/ssh attributes: Test Kitchen Configuration (3 of 3) + - - + -
  • 65. ~/cookbooks/ssh/.kitchen.yml --- driver: name: docker provisioner: name: chef_zero always_update_cookbooks: true verifier: name: inspec platforms: - name: centos-7.3 suites: - name: server run_list: - recipe[ssh::server] verifier: inspec_tests: - /home/chef/profiles/ssh attributes: Test Kitchen Final Configuration
  • 66. Move to the cookbook’s directory cd ~/cookbooks/ssh
  • 67. Instance Driver Provisioner Verifier Transport Last Action Last Error server-centos-73 Docker ChefZero Inspec Ssh <Not Created> <None> List the kitchens kitchen list
  • 68. -----> Starting Kitchen (v1.16.0) ... -----> Creating <server-centos-73>... Sending build context to Docker daemon 202.2 kB Sending build context to Docker daemon Step 0 : FROM centos:centos7 ... Running handlers: [2017-03-12T02:26:16+00:00] INFO: Running report handlers Running handlers complete [2017-03-12T02:26:16+00:00] INFO: Report handlers complete Chef Client finished, 1/1 resources updated in 01 seconds Finished converging <server-centos-73> (0m23.54s). -----> Kitchen is finished. (1m0.39s) Converge kitchen converge
  • 69. Instance Driver Provisioner Verifier Transport Last Action Last Error server-centos-73 Docker ChefZero Inspec Ssh Converged <None> List the kitchens kitchen list
  • 70. Test-driven Development Add a test Run the tests Make a little change Run the tests pass [development continues]fail fail pass pass [development stops]
  • 71. -----> Verifying <server-centos-73>... Loaded Target: ssh://kitchen@localhost:32771 × sshd-1.0: SSH Version 2 ( expected: 2 got: (compared using `cmp` matcher) ) × SSH Configuration Protocol should cmp == 2 expected: 2 got: (compared using `cmp` matcher) Profile Summary: 0 successful, 1 failures, 0 skipped Test Summary: 0 successful, 1 failures, 0 skipped >>>>>> ------Exception------- >>>>>> Class: Kitchen::ActionFailed >>>>>> Message: 1 actions failed. >>>>>> Verify failed on instance <server-centos-73>. Please see .kitchen/logs/server-centos-73.log for more details >>>>>> ---------------------- >>>>>> Please see .kitchen/logs/kitchen.log for more details >>>>>> Also try running `kitchen diagnose --all` for configuration Verify the Kitchen kitchen verify
  • 72. Test-driven Development Add a test Run the tests Make a little change fail pass
  • 73. ~/cookbooks/ssh/templates/sshd_config.erb #ListenAddress 0.0.0.0 #ListenAddress :: # The default requires explicit activation of protocol 1 #Protocol 2 Protocol 2 # HostKey for protocol version 1 Edit the SSH Configuration Template + -
  • 74. Test-driven Development Add a test Run the tests Make a little change Run the tests pass [development continues]fail fail pass pass [development stops]
  • 75. -----> Starting Kitchen (v1.15.0) ... -----> Converging <server-centos-73>... ... # The default requires explicit activation of protocol 1 -#Protocol 2 +Protocol 2 # HostKey for protocol version 1 ... Running handlers: [2017-03-12T02:32:32+00:00] INFO: Running report handlers Running handlers complete [2017-03-12T02:32:32+00:00] INFO: Report handlers complete Chef Client finished, 1/1 resources updated in 01 seconds Finished converging <server-centos-73> (0m16.32s). -----> Kitchen is finished. (0m17.34s) Converge kitchen converge
  • 76. -----> Starting Kitchen (v1.15.0) ... -----> Verifying <server-centos-73>... Loaded Target: ssh://kitchen@localhost:32771 ✔ sshd-1.0: SSH Version 2 ✔ SSH Configuration Protocol should cmp == 2 Profile Summary: 1 successful, 0 failures, 0 skipped Test Summary: 1 successful, 0 failures, 0 skipped Finished verifying <server-centos-73> (0m0.22s). -----> Kitchen is finished. (0m1.27s) Verify the remediation kitchen verify
  • 77. Test-driven Development Add a test Run the tests Make a little change Run the tests pass [development continues]fail fail pass pass [development stops]
  • 78. -----> Starting Kitchen (v1.15.0) ... -----> Cleaning up any prior instances of <server-centos-73> -----> Destroying <server-centos-73>... ... -----> Testing <server-centos-73> -----> Creating <server-centos-73>... ... -----> Creating <server-centos-73>... ... Finished creating <server-centos-73> (0m0.60s). -----> Converging <server-centos-73>... ... Test the Kitchen (1of 2) kitchen test
  • 79. -----> Installing Chef Omnibus (install only if missing) ... -----> Setting up <server-centos-73>... Finished setting up <server-centos-73> (0m0.00s). -----> Verifying <server-centos-73>... ... Profile Summary: 1 successful, 0 failures, 0 skipped Test Summary: 1 successful, 0 failures, 0 skipped Finished verifying <server-centos-73> (0m0.51s). -----> Destroying <server-centos-73>... ... -----> Kitchen is finished. (0m25.18s) Test the Kitchen (2 of 2) kitchen test 25 seconds!
  • 80. What’s next? • Test-driven development cycle is complete! • Deploy the change
  • 81. Starting Chef Client, version 13.2.20 resolving cookbooks for run list: ["ssh::server", "audit::default"] Synchronizing Cookbooks: - ssh (0.1.0) - compat_resource (12.19.0) - audit (4.1.1) ... Recipe: ssh::server * template[/etc/ssh/sshd_config] action create - update content in file /etc/ssh/sshd_config from a16b11 to 95bf0b --- /etc/ssh/sshd_config 2017-07-21 14:11:35.633365540 +0000 +++ /etc/ssh/.chef-sshd_config20170721-14752-1nhnr9q 2017-07-21 16:07:19.169879754 +0000 @@ -20,7 +20,7 @@ #ListenAddress :: # The default requires explicit activation of protocol 1 -#Protocol 2 +Protocol 2 ... Running handlers complete ... Chef Client finished, 1/3 resources updated in 09 seconds Remediate with Chef sudo run_chef "recipe[ssh::server],recipe[audit::default]"
  • 82. Verify Converge Status in Automate
  • 84. More hands-on Exercises Still have time to play around?
  • 85. Server SSH Key • Write a control that: • Tests for the existence of /etc/ssh/ssh_host_rsa_key, • Tests that /etc/ssh/ssh_host_rsa_key contains “BEGIN RSA PRIVATE KEY”. • Check out the InSpec Resource documentation at http://inspec.io/docs/reference/resources/ for what you can use
  • 86. Ensure SSH root login is disabled • The PermitRootLogin parameter specifies if the root user can log in using ssh(1). The default is no. • Disallowing root logins over SSH requires system admins to authenticate using their own individual account, then escalating to root via sudo or su. This in turn limits opportunity for non-repudiation and provides a clear audit trail in the event of a security incident • Add a control to ~/profiles/ssh/controls/ssh.rb
  • 87. Supermarket Profiles • List profiles available on the Supermarket • View information about the dev-sec/ssh-baseline profile • Execute the dev-sec/ssh-baseline profile from the Supermarket • Write a cookbook to remediate failing controls from dev-sec/ssh-baseline • Or look at the ssh-hardening cookbook
  • 88. Build additional CIS controls https://github.com/chef-training/workshops/tree/master/InSpec
  • 89. Static Analysis • Ensure cookbooks pass chefstyle • Ensure cookbooks pass foodcritic
  • 90. Unit Testing • Add unit testing to the cookbooks
  • 91. Further Resources Where to go for additional help
  • 92. Community Resources • InSpec Website, includes tutorials and docs - http://inspec.io/ • #inspec channel of the Chef Community Slack - http://community-slack.chef.io/ • InSpec category of the Chef Mailing List - https://discourse.chef.io/c/inspec • Compliance Profiles on the Supermarket - https://supermarket.chef.io/tools?type=compliance_profile • Open Source Project - https://github.com/chef/inspec