Dear InSpec friends,
We have some great updates available:
- InSpec 1.4.1
- audit cookbook 2.0
- Train 0.21.1
- kitchen-inspec 0.16.0
InSpec 1.4.0 Release notes: https://github.com/chef/inspec/releases/tag/v1.4.0
- improvements for supermarket plugin
- json resource can now parse results from commands (contributed by Arista/Jere Julian)
- bugfixes
describe json({ command: 'retrieve_data.py --json' }) do
its('state') { should eq('open') }
end
Train 0.21.1 release notes: https://github.com/chef/train/releases/tag/v0.21.1
- Arista EOS support (contributed by Arista/Jere Julian)
- Fix for OS detection with PTY (thanks Tyler Ball for highlighting this issue)
audit cookbook 2.0 release notes https://github.com/chef-cookbooks/audit/releases/tag/v2.0.0
This is a complete rewrite from audit cookbook v1. The second version is more stable and easier to maintain. Iād like to thank Michael Hedgpeth from NCR for the idea to use Chef Handler mechanism. In addition Jeremy Miller, Joe Gardiner and Scott Russel helped with intensive testing.
- complete rewrite, easier to maintain, reuses more features from InSpec
- will not report a converge in chef-client run
- support for multiple reporters
- introduces json file reporter
It uses a new syntax for the profiles (https://github.com/chef-cookbooks/audit#configure-node):
"audit" => {
"collector" => "chef-server",
"inspec_version" => "1.2.1",
"profiles" => [
# profile from Chef Compliance
{
"name": "linux",
"compliance": "base/linux"
},
# profile from supermarket
# note: If reporting to Compliance, the Supermarket profile needs to be uploaded to Chef Compliance first
{
"name": "ssh",
"supermarket": "hardening/ssh-hardening"
},
# local Windows path
{
"name": "brewinc/win2012_audit",
# filesystem path
"path": "E:/profiles/win2012_audit"
},
# github
{
"name": "ssl",
"git": "https://github.com/dev-sec/ssl-benchmark.git"
},
# url
{
"name": "ssh",
"url": "https://github.com/dev-sec/tests-ssh-hardening/archive/master.zip"
}
]
}
You can also define multiple reporters: https://github.com/chef-cookbooks/audit#multiple-reporters
"audit": {
"collector": [ "chef-compliance", "json-file" ]
"server": "https://compliance-fqdn/api",
"owner": "my-comp-org",
"refresh_token": "5/4T...g==",
"insecure": false,
"profiles": [
{
"name": "windows",
"compliance": "base/windows"
}
]
}
kitchen-inspec 0.16.0 release notes https://github.com/chef/kitchen-inspec/releases/tag/v0.16.0
- support for more targets like supermarket and git
suites:
- name: contains_inspec
run_list:
- recipe[apt]
- recipe[yum]
- recipe[ssh-hardening]
- recipe[os-hardening]
verifier:
inspec_tests:
- name: hardening/ssh-hardening # name only defaults to supermarket
- name: ssh-supermarket # alternatively, you can explicitly specify that the profile is from supermarket in this way
supermarket: hardening/ssh-hardening
- path: path/to/some/local/tests
- name: ssh-hardening
url: https://github.com/dev-sec/tests-ssh-hardening/archive/master.zip
- name: os-hardening
git: https://github.com/dev-sec/tests-os-hardening.git
- support for attributes
verifier:
inspec_tests:
- path: test/integration/attributes
# inline attributes
attributes:
user: bob
password: secret
# attributes files
attrs:
- test/integration/profile-attribute.yml
Christoph Hartmann
InSpec Creator