InSpec SSL Testing


#1

I just watched the ChefConf 2016 Keynotes and there was an interesting slide showing the following code to test if nodes are using SSLv2:

port.protocols(/tcp/).entries.each do |socket|
  next unless ssl(port: socket.port).enabled?

  describe ssl(port: socket.port).protocols('ssl2') do
    it { should_not be_enabled }
  end
end

I grabbed the latest inspec (0.27.1) but I receive an error when I try to run this locally:

test/sslv2_spec.rb:3:in `<top (required)>': undefined local variable or method `port' for main:Object (NameError)

I assume that this is because the ssl.rb resource isn’t in this release - am I missing something, or am I just being impatient? I looked through a few of the branches in the chef/inspec github repo but couldn’t find any reference to ssl(…) there either.

I’m interested in demonstrating this sort of functionality to our security team, so any hints would be greatly appreciated.

Thanks,
Shaw