inspec | InSpec: Auditing and Testing Framework | Security library
kandi X-RAY | inspec Summary
kandi X-RAY | inspec Summary
Issues Response SLA: 14 business days. Pull Request Response SLA: 14 business days. For more information on project states and SLAs, see this documentation. Chef InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements. Chef InSpec makes it easy to run your tests wherever you need. More options are found in our CLI docs.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Creates a new coverage object .
- Returns a list of services for the service .
- This method is called when a custom filter has been loaded .
- This method is used to install the plugins in the plugin .
- Reads the contents of the source file .
- Stops the test
- Create a new report
- Build a profile
- Displays a list of resources
- Display the user profile
inspec Key Features
inspec Examples and Code Snippets
Community Discussions
Trending Discussions on inspec
QUESTION
When executing the below chef inspec command getting error.
...ANSWER
Answered 2021-May-10 at 12:44This regex /^'sql-(\d)+.log'/
doesn't match this string sql-20201212.log
. You can try it out on https://regexr.com/
There are a few problems with your regex:
'
is in your regex but not in your string.
matches any character expect line breaks, perhaps you want to match only a dot(?), if so, then you'd need to e.g. escape it\.
- you probably don't need to have
\d
in a group (()
)
So, this regex ^sql-\d+\.log$
would match sql-20201212.log
string. I also added $
to match the end of the string.
QUESTION
I am using chef inspec for the postgressql. I am executing the below command to match the output "local0". Because the output can be local0 or local1 etc. so given % to match any number value. but getting error. pls advise.
...ANSWER
Answered 2021-Mar-05 at 07:36you need to write a regular expression that matches your criteria.
the following might do the trick
QUESTION
On executing the command ssh-keygen -lf /etc/ssh/ssh_host_dsa_key.pub
I am getting a output where the first few digits represent the key strength. Is there a possible way to validate the key strength using Chef inspec?
Suppose I get 1024...... as the output of the mentioned command, how do I check that it should be 1024 and not other values using Chef Inspec?
...ANSWER
Answered 2021-Mar-05 at 07:30use the command resource and match its output. something like the following should do the trick
QUESTION
I am using chef-client 16.8 on Ubuntu Focal, just found that its output is quite different with previous one,
...ANSWER
Answered 2021-Jan-15 at 12:32i am running chef 16.9.20 and i do not have that issue. after chef-client run i get
QUESTION
While executing the below postgresql command, how to validate the output under name column and row column using chef inspec.
...ANSWER
Answered 2021-Jan-07 at 07:35you can use 2 postgres resources:
postgres_session
to test SQL commands run against a PostgreSQL database
QUESTION
The SQL Server print messages are not taken into chef inspec for validation. Do we have an option to validate.
Below chef inspec sample code donot take the SQL Server print message.
...ANSWER
Answered 2020-Nov-22 at 20:10Instead of PRINT 'OK' use SELECT 'OK' AS value / SELECT 'NOT OK' AS value.
Programmatically getting a hold of PRINT messages can be done but you need code to listen to the connection's InfoMessage event. Basically you'd need to dig into the code for either mssql_session or sql.query... which you probably don't want to do.
QUESTION
I running a docker container through an ECS task, and attempting to override the Docker CMD in the Task Definition. I do not have control over the docker container, but by default it has an entrypoint of "/share/script.sh".
This entrypoint script, ultimately, invokes Chef Inspec (a compliance checking application) with arguments passed in from $@, like this:
...ANSWER
Answered 2020-Oct-22 at 11:21The best way might be to move this option into your startup script. You can't do this with only CMD
syntax.
If you're willing to part with the container-as-command pattern, you can achieve this by not having an ENTRYPOINT
and using the string form of CMD
:
QUESTION
Does anyone have any cool ideas on how to handle Terraform provider credentials for AWS given these use cases:
- Distributed environments (prod/pre/qa/test/dev) with individual AWS accounts
- S3 backend remote state for all environments in a single AWS account
- Test Kitchen using InSpec.
My current workflow requires changing the AWS_ACCESS_KEY
and AWS_SECRET_KEY
depending on the operation:
terraform init
- requires access to S3 backend remote stateterraform plan/apply
- requires access to specific environment + remote state- Non-functional (a single set of credentials doesn't have access to both the env + remote state)
kitchen converge
- requires access to test environment + remote state- Non-functional (same reason as above)
kitchen verify
- requires access to test environment.
Ideas
- I wish I could store the S3 remote state in the respective environment accounts but variables don't seem to be supported in the Terraform
backend
configuration.
ANSWER
Answered 2020-Oct-20 at 11:01You will need the main account to be able to assume a role on each env account to perform the changes, while the remote main account will keep all states. This is a good way to work with terraform worspaces Assuming you have two workspaces, prod and dev, you can try something like this:
QUESTION
how do I extract @hostname
value out of this data? e.g. to do what I was expecting puts output[:hostname]
ANSWER
Answered 2020-Aug-27 at 20:38Assuming that data is in the variable output
and there is a hostname
accessor method on the object under the key :resource_title, then the code would be:
QUESTION
I have a inspec test, this is great:
...ANSWER
Answered 2020-Aug-27 at 21:11I've never touched inspec
, so take the following with a grain of salt, but according to https://github.com/inspec/inspec/blob/master/lib/inspec/runner.rb#L140, you can provide reporter
option while instantiating the runner. Looking at https://github.com/inspec/inspec/blob/master/lib/inspec/reporters.rb#L11 I think it should be smth. like ["yaml", {}]
. So, could you please try
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install inspec
The Chef InSpec package is available for MacOS, RedHat, Ubuntu and Windows. Download the latest package at Chef InSpec Downloads or install Chef InSpec via script:.
Installing Chef InSpec from source may require installing ruby build tools to manage gem dependencies. (A compiler-free variant is available with reduced functionality; use inspec-core-bin and inspec-core.). To install build tools, use your package manager.
Note that installing from OS packages from the download page is the preferred method.
Currently, this method of installation only supports Linux. See the Chef Habitat site for more information. Download the hab binary from the Chef Habitat site.
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page