Chef InSpec Plugin

Introduction

Chef InSpec is an open-source framework for testing and auditing your applications and infrastructure. Chef InSpec works by comparing the actual state of your system with the desired state that you express in easy-to-read and easy-to-write Chef InSpec code. Chef InSpec detects violations and displays findings in the form of a report, but puts you in control of remediation.

Prerequsites

Create ssh cert issuer, according to the described at How to: Create Dynamic Secret to SQL DB

Chef InSpec Plugin Configuration

  1. Sign public SSH key with AKEYLESS Vault to get ssh certificate
    Please refer to How to: Configure Keyless SSH prior to running this step.
akeyless get-ssh-certificate -s <target_username> -c ssh-cert-issuer-demo -p <path_to_public_ssh_key> && echo
  1. Test SSH connection
ssh <target_username>@<target_ssh_server>
  1. Setup ssh-agent and add SSH key and certificate to it
eval `ssh-agent`
ssh-add <path_to_public_ssh_key>
  1. Test Chef InSpec
inspec shell -c 'package("git").installed?' -t <target_username>@<target_ssh_server>
inspec shell -c 'package("git").version' -t <target_username>@<target_ssh_server>

Example

# sign public ssh key by Akeyless to get ssh certificate
akeyless get-ssh-certificate -s ubuntu -c ssh-cert-issuer-demo -p ~/.ssh/id_rsa.pub --profile inspec && echo
# Test ssh connection
ssh [email protected]
# Setup ssh-agent and add ssh key + certificate to it
eval `ssh-agent`
ssh-add ~/.ssh/id_rsa
# Test chef inspec
inspec shell -c 'package("git").installed?' -t ssh://[email protected]
inspec shell -c 'package("git").version' -t ssh://[email protected]

Did this page help you?