Chef InSpec Plugin
Chef InSpec is an open-source framework for testing and auditing your applications and infrastructure. Chef InSpec works by comparing the actual state of your system with the desired state that you express in easy-to-read and easy-to-write Chef InSpec code. Chef InSpec detects violations and displays findings in the form of a report, but puts you in control of remediation.
Prerequsites
Chef InSpec Plugin Configuration
- Issue an SSH Certificate from Akelyess:
akeyless get-ssh-certificate -s <target_username> -c ssh-cert-issuer-name -p <path_to_public_ssh_key> && echo
- Test SSH connection
ssh <target_username>@<target_ssh_server>
- Setup
ssh-agent
and add SSH key public key to the agent:
eval `ssh-agent`
ssh-add <path_to_public_ssh_key>
- Test Chef InSpec
inspec shell -c 'package("git").installed?' -t <target_username>@<target_ssh_server>
inspec shell -c 'package("git").version' -t <target_username>@<target_ssh_server>
Example
# sign public ssh key by Akeyless to get ssh certificate
akeyless get-ssh-certificate -s ubuntu -c ssh-cert-issuer-demo -p ~/.ssh/id_rsa.pub --profile inspec && echo
# Test ssh connection
ssh [email protected]
# Setup ssh-agent and add ssh key + certificate to it
eval `ssh-agent`
ssh-add ~/.ssh/id_rsa
# Test chef inspec
inspec shell -c 'package("git").installed?' -t ssh://[email protected]
inspec shell -c 'package("git").version' -t ssh://[email protected]
Updated about 1 year ago