Matt Ray, profile picture
Uploaded byMatt Ray
PDF, PPTX497 views

Compliance as Code with InSpec - DevOps Melbourne 2017

The document discusses various aspects of compliance as code within a DevOps framework, emphasizing the importance of secure configurations like using SSH version 2 and appropriate server token settings in Apache. It highlights trends showing inadequate testing of security systems despite an increase in individual compliance rules and suggests using tools like InSpec for continuous compliance automation across various operating systems. Additionally, it outlines the Chef Automate platform's role in streamlining automation for infrastructure and application management.

Embed presentation

Download as PDF, PPTX
Compliance as Code DevOps Melbourne March 28, 2017
Chef Workflow
SSH Control "SSH supports two different protocol versions.The original version, SSHv1, was subject to a number of security issues. Please use SSHv2 instead to avoid these."
How will I verify this?
Whip up a one-liner! grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //'
Apache Server Information Leakage • Description This Directive Controls wheather Server response field is sent back to clients includes a description of Generic OSType of the Server. This allows attackers to identify web servers details greatly and increases the efficiency of any attack,as security vulnerabilities are dependent upon specific software versions. • How toTest In order to test for ServerToken configuration, one should check the Apache configuration file. • Misconfiguration ServerTokens Full • Remediation Configure the ServerTokens directive in the Apache configuration to value of Prod or ProductOnly.This tells Apache to only return "Apache" in the Server header, returned on every page request. ServerTokens Prod or ServerTokens ProductOnly https://www.owasp.org/index.php/SCG_WS_Apache
More grep and sed! grep "^ServerTokens" /etc/httpd/conf/httpd.conf | sed 's/ServerTokens //'
C o m p l i a n c e
Two-thirds of organizations did not adequately test the security of all in-scope systems
Key Trends • While individual rule compliance is up, testing of security systems is down • Sustainability is low. Fewer than a third of companies were found to be still fully compliant less than a year after successful validation.
Shell Scripts grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //' grep "^ServerTokens" /etc/httpd/conf/httpd.conf | sed 's/ServerTokens //'
Infrastructure Code package 'httpd' do action :install end service 'httpd' do action [ :start, :enable ] end
We Have A Communications Problem
Security != Compliance
Secure Compliant
Compliance Language
One Language Linux
One Language Linux,Windows
Windows
One Language Linux,Windows, BSD, Solaris,AIX, ...
Examples of Available Resources apache_conf apt audit_policy auditd_conf auditd_rules bond bridge Command crontab directory etc_group file gem group host inetd_conf interface iptables kernel_module kernel_parameter limits_conf login_defs mount mysql_conf mysql_session npm ntp_conf oneget os os_env package parse_config parse_config_file passwd pip port postgres_conf postgres_session powershell processes registry_key security_policy service ssh_config sshd_config user windows_feature yum
What is it not? • IDS / IPS • Firewall • Antivirus • Pentesting tool
One Language Linux,Windows, BSD, Solaris,AIX, ... Bare-metal
One Language Linux,Windows, BSD, Solaris,AIX, ... Bare-metal,VMs
One Language Linux,Windows, BSD, Solaris,AIX, ... Bare-metal,VMs, Containers
One Language Linux,Windows, BSD, Solaris,AIX, ... Bare-metal,VMs, Containers Nodes
One Language Linux,Windows, BSD, Solaris,AIX, ... Bare-metal,VMs, Containers Nodes, GRUB, DBs
DB Testing
One Language Linux,Windows, BSD, Solaris,AIX, ... Bare-metal,VMs, Containers Nodes, GRUB, DBs, Endpoints,APIs, ...
Cloud Testing
InSpec > inspec exec test.rb Test a machine remotely via SSH > inspec exec test.rb -i identity.key -t ssh://root@172.17.0.1 Test your machine locally > inspec exec test.rb -t winrm://Admin@192.168.1.2 --password super Test Docker Container > inspec exec test.rb -t docker://5cc8837bb6a8 Test a machine remotely via WinRM AGENTLESS
Operating System & Application Coverage • Microsoft Windows • Microsoft Windows Server • Red Hat Enterprise Linux • Ubuntu Linux • SUSE Linux Enterprise Server • Oracle Enterprise Linux • AIX • HP-UX • Solaris • VMware ESXi • MySQL • Oracle • PostgreSQL • Tomcat • SQL Server • IIS • HTTP request
Scan for Compliance Build & Test Locally Build & Test CI/CD Remediate Verify New Workflow
Detect Correct Continuous Workflow
CONTINUOUS COMPLIANCE AUTOMATION InSpec - Part of your InfoSec toolchain FIREWALL ANTIVIRUS INTRUSION DETECTION/ PREVENTION PENETRATION TESTING
Open Source Community •InSpec •https://inspec.io •Chef Audit cookbook •https://github.com/chef-cookbooks/audit •Kitchen-InSpec •https://github.com/chef/kitchen-inspec •Supermarket.chef.io
The Chef Automate Platform Continuous Automation for HighVelocity IT Workflow • Local development • Integration • Tooling (APIs & SDKs) COLLABORATE ▪ Package ▪ Test ▪ Approve BUILD ▪ Provision ▪ Configure ▪ Execute ▪ Update DEPLOY ▪ Secure ▪ Comply ▪ Audit ▪ Measure ▪ Log MANAGE Infrastructure Automation Compliance AutomationApplication Automation OSS AUTOMATION ENGINES Increase Speed ▪ Package infrastructure and app configuration as code ▪ Continuously automate infrastructure and app updates Improve Efficiency ▪ Define and execute standard workflows and automation ▪ Audit and measure effectiveness of automation Decrease Risk ▪ Define compliance rules as code ▪ Deliver continuous compliance as part of standard workflow
Compliance as Code with InSpec - DevOps Melbourne 2017
Compliance as Code with InSpec - DevOps Melbourne 2017

More Related Content

PDF
Melbourne Infracoders: Compliance as Code with InSpec
byMatt Ray
 
PPTX
Introduction to InSpec and 1.0 release update
byAlex Pop
 
PPTX
Ingite Slides for InSpec
byMandi Walls
 
PPTX
BuildStuff.LT 2018 InSpec Workshop
byMandi Walls
 
PDF
Enhancing OpenShift Security for Business Critical Deployments
byDevOps.com
 
PPTX
DevOpsDays InSpec Workshop
byMandi Walls
 
PDF
ViFX Tech Connect: Containers & VMs
byViFX
 
PDF
Introduction to Ansible
byMichael Bahr
 
Melbourne Infracoders: Compliance as Code with InSpec
byMatt Ray
 
Introduction to InSpec and 1.0 release update
byAlex Pop
 
Ingite Slides for InSpec
byMandi Walls
 
BuildStuff.LT 2018 InSpec Workshop
byMandi Walls
 
Enhancing OpenShift Security for Business Critical Deployments
byDevOps.com
 
DevOpsDays InSpec Workshop
byMandi Walls
 
ViFX Tech Connect: Containers & VMs
byViFX
 
Introduction to Ansible
byMichael Bahr
 

What's hot

PPTX
Owning computers without shell access 2
byRoyce Davis
 
PPTX
Owning computers without shell access dark
byRoyce Davis
 
PDF
RunningFreeBSDonLinuxKVM
byTakeshi HASEGAWA
 
PPTX
Hot potato Privilege Escalation
bySunny Neo
 
PDF
Infinit filesystem, Reactor reloaded
byInfinit
 
PDF
Linux firmware for iRMC controller on Fujitsu Primergy servers
byVladimir Shakhov
 
PDF
LXC, Docker, and the future of software delivery | LinuxCon 2013
bydotCloud
 
PDF
QEMU Disk IO Which performs Better: Native or threads?
byPradeep Kumar
 
PDF
Testing applications with traffic control in containers / Alban Crequy (Kinvolk)
byOntico
 
PDF
Linux sever building
byEdmond Yu
 
PPT
visagie_freebsd
bywebuploader
 
PDF
Selenium grid workshop london 2016
byMarcus Merrell
 
KEY
Selenium Grid
bynirvdrum
 
PDF
Highly concurrent yet natural programming
byInfinit
 
PDF
Docker volume plugins and Infinit – Mini-conf Docker Paris #1
byInfinit
 
PDF
1000 to 0
bySunny Neo
 
ODP
"Containers do not contain"
byMaciej Lasyk
 
PPTX
Container Monitoring with Sysdig
bySreenivas Makam
 
PPTX
Distributed Compiler Icecc
bySZ Lin
 
PDF
Introduction to selenium_grid_workshop
byseleniumconf
 
Owning computers without shell access 2
byRoyce Davis
 
Owning computers without shell access dark
byRoyce Davis
 
RunningFreeBSDonLinuxKVM
byTakeshi HASEGAWA
 
Hot potato Privilege Escalation
bySunny Neo
 
Infinit filesystem, Reactor reloaded
byInfinit
 
Linux firmware for iRMC controller on Fujitsu Primergy servers
byVladimir Shakhov
 
LXC, Docker, and the future of software delivery | LinuxCon 2013
bydotCloud
 
QEMU Disk IO Which performs Better: Native or threads?
byPradeep Kumar
 
Testing applications with traffic control in containers / Alban Crequy (Kinvolk)
byOntico
 
Linux sever building
byEdmond Yu
 
visagie_freebsd
bywebuploader
 
Selenium grid workshop london 2016
byMarcus Merrell
 
Selenium Grid
bynirvdrum
 
Highly concurrent yet natural programming
byInfinit
 
Docker volume plugins and Infinit – Mini-conf Docker Paris #1
byInfinit
 
1000 to 0
bySunny Neo
 
"Containers do not contain"
byMaciej Lasyk
 
Container Monitoring with Sysdig
bySreenivas Makam
 
Distributed Compiler Icecc
bySZ Lin
 
Introduction to selenium_grid_workshop
byseleniumconf
 

Viewers also liked

PDF
Managing Complexity at Velocity
byMatt Ray
 
PDF
OpenStack Deployments with Chef
byMatt Ray
 
PDF
Containers - Portable, repeatable user-oriented application delivery. Build, ...
byWalid Shaari
 
PDF
Inspec, or how to translate compliance spreadsheets into code
byMichael Goetz
 
PDF
The team is not enough: a leap to become an Agile Coach
byCaio Cestari
 
PDF
Certified professional - DevOps Foundation (CP-DOF) course information
byDevOps++ Alliance
 
PDF
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000
byCTruncer
 
Managing Complexity at Velocity
byMatt Ray
 
OpenStack Deployments with Chef
byMatt Ray
 
Containers - Portable, repeatable user-oriented application delivery. Build, ...
byWalid Shaari
 
Inspec, or how to translate compliance spreadsheets into code
byMichael Goetz
 
The team is not enough: a leap to become an Agile Coach
byCaio Cestari
 
Certified professional - DevOps Foundation (CP-DOF) course information
byDevOps++ Alliance
 
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000
byCTruncer
 

Similar to Compliance as Code with InSpec - DevOps Melbourne 2017

PDF
2016 - Compliance as Code - InSpec
bydevopsdaysaustin
 
PDF
Compliance as Code
byMatt Ray
 
PDF
Automating AWS Compliance with InSpec
byMatt Ray
 
PDF
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
byAgileNZ Conference
 
PDF
Automating Compliance with InSpec - AWS North Sydney
byMatt Ray
 
PDF
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
byMatt Ray
 
PDF
Melbourne Chef Meetup: Automating Azure Compliance with InSpec
byMatt Ray
 
PPTX
Compliance Automation with Inspec Part 2
byChef
 
PDF
Security and dev ops for high velocity organizations
byChef
 
PDF
Bay Area Chef Meetup February
byJessica DeVita
 
PDF
Philly security shell meetup
byNicole Johnson
 
PDF
Automating Compliance with InSpec - Chef Singapore Meetup
byMatt Ray
 
PPTX
Chef Hack Day Denver
byChef
 
PPTX
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
byAlert Logic
 
PPTX
Compliance Automation with InSpec - Chef NYC Meetup - April 2017
byadamleff
 
PPTX
Adding Security to Your Workflow With InSpec - SCaLE17x
byMandi Walls
 
PPTX
InSpec Workshop at Velocity London 2018
byMandi Walls
 
PDF
Compliance as Code Everywhere
byMatt Ray
 
PDF
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
byNETWAYS
 
PDF
Threat stack aws
byJen Andre
 
2016 - Compliance as Code - InSpec
bydevopsdaysaustin
 
Compliance as Code
byMatt Ray
 
Automating AWS Compliance with InSpec
byMatt Ray
 
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
byAgileNZ Conference
 
Automating Compliance with InSpec - AWS North Sydney
byMatt Ray
 
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
byMatt Ray
 
Melbourne Chef Meetup: Automating Azure Compliance with InSpec
byMatt Ray
 
Compliance Automation with Inspec Part 2
byChef
 
Security and dev ops for high velocity organizations
byChef
 
Bay Area Chef Meetup February
byJessica DeVita
 
Philly security shell meetup
byNicole Johnson
 
Automating Compliance with InSpec - Chef Singapore Meetup
byMatt Ray
 
Chef Hack Day Denver
byChef
 
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
byAlert Logic
 
Compliance Automation with InSpec - Chef NYC Meetup - April 2017
byadamleff
 
Adding Security to Your Workflow With InSpec - SCaLE17x
byMandi Walls
 
InSpec Workshop at Velocity London 2018
byMandi Walls
 
Compliance as Code Everywhere
byMatt Ray
 
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
byNETWAYS
 
Threat stack aws
byJen Andre
 

More from Matt Ray

PDF
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
byMatt Ray
 
PDF
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
byMatt Ray
 
PDF
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...
byMatt Ray
 
PDF
HashiTalks 2020 - Chef Tools & Terraform: Better Together
byMatt Ray
 
PDF
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP Mode
byMatt Ray
 
PDF
Wellington DevOps: Bringing Your Applications into the Future with Habitat
byMatt Ray
 
PDF
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...
byMatt Ray
 
PDF
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...
byMatt Ray
 
PDF
DevOpsDays Jakarta: State of DevOps 2018
byMatt Ray
 
PDF
DevOps Talks Melbourne 2018: Whales, Cats and Kubernetes
byMatt Ray
 
PDF
Infrastructure and Compliance Delight with Chef Automate
byMatt Ray
 
PDF
Cooking Up Windows with Chef Automate
byMatt Ray
 
PDF
DevOpsDays Singapore Habitat Ignite
byMatt Ray
 
PDF
Chef Automate - Azure Sydney User Group
byMatt Ray
 
PDF
Automating Applications with Habitat - Sydney Cloud Native Meetup
byMatt Ray
 
PDF
Chef Automate - Infracoders Canberra August 8, 2017
byMatt Ray
 
PDF
OpsWorks for Chef Automate - Auckland AWS
byMatt Ray
 
PDF
Chef Automate - Wellington DevOps August 2, 2017
byMatt Ray
 
PDF
Compliance as Code: Shifting Compliance Left in Continuous Delivery
byMatt Ray
 
PDF
DevOps Sydney: Chef Automate
byMatt Ray
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
byMatt Ray
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
byMatt Ray
 
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...
byMatt Ray
 
HashiTalks 2020 - Chef Tools & Terraform: Better Together
byMatt Ray
 
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP Mode
byMatt Ray
 
Wellington DevOps: Bringing Your Applications into the Future with Habitat
byMatt Ray
 
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...
byMatt Ray
 
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...
byMatt Ray
 
DevOpsDays Jakarta: State of DevOps 2018
byMatt Ray
 
DevOps Talks Melbourne 2018: Whales, Cats and Kubernetes
byMatt Ray
 
Infrastructure and Compliance Delight with Chef Automate
byMatt Ray
 
Cooking Up Windows with Chef Automate
byMatt Ray
 
DevOpsDays Singapore Habitat Ignite
byMatt Ray
 
Chef Automate - Azure Sydney User Group
byMatt Ray
 
Automating Applications with Habitat - Sydney Cloud Native Meetup
byMatt Ray
 
Chef Automate - Infracoders Canberra August 8, 2017
byMatt Ray
 
OpsWorks for Chef Automate - Auckland AWS
byMatt Ray
 
Chef Automate - Wellington DevOps August 2, 2017
byMatt Ray
 
Compliance as Code: Shifting Compliance Left in Continuous Delivery
byMatt Ray
 
DevOps Sydney: Chef Automate
byMatt Ray
 

Recently uploaded

PDF
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
PDF
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
PDF
Founder & Tech Lead | Web Development & Digital Growth Consultant | Helping B...
byShyamal Das
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PDF
apidays New York 2025 | AI in Application Security
byapidays
 
PPTX
Celonis Optimizing your future with process
bydevjeremyappleyard
 
PPTX
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
PDF
apidays Paris 2025 | API Layer7 Security: Real-World Use Cases (BBVA & Nexi)
byapidays
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PPTX
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
PDF
AI TOOLS FOR PRODUCTIVITY IN MODERN TIMES.pdf
bySantunu
 
PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PDF
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PPTX
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
Founder & Tech Lead | Web Development & Digital Growth Consultant | Helping B...
byShyamal Das
 
Workflow and decision Automation with Flowable
bychakib ch
 
apidays New York 2025 | AI in Application Security
byapidays
 
Celonis Optimizing your future with process
bydevjeremyappleyard
 
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
apidays Paris 2025 | API Layer7 Security: Real-World Use Cases (BBVA & Nexi)
byapidays
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
AI TOOLS FOR PRODUCTIVITY IN MODERN TIMES.pdf
bySantunu
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 

Compliance as Code with InSpec - DevOps Melbourne 2017

  • 1.
    Compliance as Code DevOpsMelbourne March 28, 2017
  • 4.
  • 7.
    SSH Control "SSH supportstwo different protocol versions.The original version, SSHv1, was subject to a number of security issues. Please use SSHv2 instead to avoid these."
  • 8.
    How will Iverify this?
  • 9.
    Whip up aone-liner! grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //'
  • 10.
    Apache Server InformationLeakage • Description This Directive Controls wheather Server response field is sent back to clients includes a description of Generic OSType of the Server. This allows attackers to identify web servers details greatly and increases the efficiency of any attack,as security vulnerabilities are dependent upon specific software versions. • How toTest In order to test for ServerToken configuration, one should check the Apache configuration file. • Misconfiguration ServerTokens Full • Remediation Configure the ServerTokens directive in the Apache configuration to value of Prod or ProductOnly.This tells Apache to only return "Apache" in the Server header, returned on every page request. ServerTokens Prod or ServerTokens ProductOnly https://www.owasp.org/index.php/SCG_WS_Apache
  • 11.
    More grep andsed! grep "^ServerTokens" /etc/httpd/conf/httpd.conf | sed 's/ServerTokens //'
  • 17.
  • 19.
    Two-thirds of organizationsdid not adequately test the security of all in-scope systems
  • 20.
    Key Trends • Whileindividual rule compliance is up, testing of security systems is down • Sustainability is low. Fewer than a third of companies were found to be still fully compliant less than a year after successful validation.
  • 22.
    Shell Scripts grep "^Protocol"/etc/ssh/sshd_config | sed 's/Protocol //' grep "^ServerTokens" /etc/httpd/conf/httpd.conf | sed 's/ServerTokens //'
  • 23.
    Infrastructure Code package 'httpd'do action :install end service 'httpd' do action [ :start, :enable ] end
  • 24.
    We Have ACommunications Problem
  • 26.
  • 27.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
    Examples of AvailableResources apache_conf apt audit_policy auditd_conf auditd_rules bond bridge Command crontab directory etc_group file gem group host inetd_conf interface iptables kernel_module kernel_parameter limits_conf login_defs mount mysql_conf mysql_session npm ntp_conf oneget os os_env package parse_config parse_config_file passwd pip port postgres_conf postgres_session powershell processes registry_key security_policy service ssh_config sshd_config user windows_feature yum
  • 40.
    What is itnot? • IDS / IPS • Firewall • Antivirus • Pentesting tool
  • 41.
    One Language Linux,Windows, BSD,Solaris,AIX, ... Bare-metal
  • 42.
    One Language Linux,Windows, BSD,Solaris,AIX, ... Bare-metal,VMs
  • 43.
    One Language Linux,Windows, BSD,Solaris,AIX, ... Bare-metal,VMs, Containers
  • 44.
    One Language Linux,Windows, BSD,Solaris,AIX, ... Bare-metal,VMs, Containers Nodes
  • 45.
    One Language Linux,Windows, BSD,Solaris,AIX, ... Bare-metal,VMs, Containers Nodes, GRUB, DBs
  • 46.
  • 47.
    One Language Linux,Windows, BSD,Solaris,AIX, ... Bare-metal,VMs, Containers Nodes, GRUB, DBs, Endpoints,APIs, ...
  • 48.
  • 49.
    InSpec > inspec exectest.rb Test a machine remotely via SSH > inspec exec test.rb -i identity.key -t ssh://root@172.17.0.1 Test your machine locally > inspec exec test.rb -t winrm://Admin@192.168.1.2 --password super Test Docker Container > inspec exec test.rb -t docker://5cc8837bb6a8 Test a machine remotely via WinRM AGENTLESS
  • 50.
    Operating System &Application Coverage • Microsoft Windows • Microsoft Windows Server • Red Hat Enterprise Linux • Ubuntu Linux • SUSE Linux Enterprise Server • Oracle Enterprise Linux • AIX • HP-UX • Solaris • VMware ESXi • MySQL • Oracle • PostgreSQL • Tomcat • SQL Server • IIS • HTTP request
  • 51.
    Scan for Compliance Build &Test Locally Build & Test CI/CD Remediate Verify New Workflow
  • 52.
  • 53.
    CONTINUOUS COMPLIANCE AUTOMATION InSpec- Part of your InfoSec toolchain FIREWALL ANTIVIRUS INTRUSION DETECTION/ PREVENTION PENETRATION TESTING
  • 54.
    Open Source Community •InSpec •https://inspec.io •ChefAudit cookbook •https://github.com/chef-cookbooks/audit •Kitchen-InSpec •https://github.com/chef/kitchen-inspec •Supermarket.chef.io
  • 56.
    The Chef AutomatePlatform Continuous Automation for HighVelocity IT Workflow • Local development • Integration • Tooling (APIs & SDKs) COLLABORATE ▪ Package ▪ Test ▪ Approve BUILD ▪ Provision ▪ Configure ▪ Execute ▪ Update DEPLOY ▪ Secure ▪ Comply ▪ Audit ▪ Measure ▪ Log MANAGE Infrastructure Automation Compliance AutomationApplication Automation OSS AUTOMATION ENGINES Increase Speed ▪ Package infrastructure and app configuration as code ▪ Continuously automate infrastructure and app updates Improve Efficiency ▪ Define and execute standard workflows and automation ▪ Audit and measure effectiveness of automation Decrease Risk ▪ Define compliance rules as code ▪ Deliver continuous compliance as part of standard workflow