inspec/www/source/index.html.slim

260 lines
12 KiB
Text
Raw Normal View History

2016-09-11 23:26:00 +00:00
---
title: Chef InSpec - Audit and Automated Testing Framework
description: Chef InSpec is an open source (OSS) automated testing tool for integration, compliance, security, and other policy requirements. Easily test your network and systems on-site or on cloud platforms such as AWS, Azure, and Docker Containers.
priority: 1.0
change_frequency: daily
2016-09-11 23:26:00 +00:00
---
2017-01-06 21:21:45 +00:00
/! header
header.bg-gradient.margin-top-offset.short-bg.relative
.row.align.margin-top-sm
.large-7.medium-7.mobile-12.columns.z-20
.margin-both
h1.t-white Chef InSpec is compliance as code
h3.t-white Turn your compliance, security, and other policy requirements into automated tests.
/! buttons
.row.align.columns.margin-top-sm.mobile-row-btn
a.button.btn-lg.btn-purple.shadow-dark.margin-right-xs.mobile-row-btn href="/docs/reference/install.html"
i.fa.fa-cloud-download
span download inspec 4
a.button.btn-lg.btn-white-o.shadow-dark.mobile-row-btn href="/tutorials" browse tutorials
a class="github-button" href="https://github.com/chef/inspec" data-size="large" data-show-count="true" aria-label="Star chef/inspec on GitHub" Star
.large-5.medium-5.columns.relative.mobile-hide
/! diamond image
img.diamond src="/images/home/diamond.png" alt="image of diamond"/
img.grid-animate.fit.z-20 src="/images/home/web.svg" onerror="this.src='/images/home/web.png'" alt="image of grid"/
/! canvas elements
#particles-js.particles
canvas.particles-js-canvas-el /
/! Get started
.margin-both
.row.relative
.columns
hr
small.t-gray How Chef InSpec works
h2.txt-margin Get started with Chef InSpec in 3 simple steps
hr
.large-5.medium-5.columns.blue-grid.mobile-hide
img.grid-animate.fit src="/images/community/blue-web.svg" onerror="this.src='/images/community/blue-web.png'" alt="image of grid"
.margin-top-sm
.row.align.mobile-row
.large-6.medium-6.mobile-12.columns
.flex.align
.num-container
h3.t-purple 1
.block.margin-left-sm
h4.t-purple write the test
p Create simple Ruby-based tests to verify your expected state against the current state of your systems.
.large-6.medium-6.mobile-12.columns
.flex.align.slide-right
.tooltip-triangle
.box-dark.box-scroll.tip.shadow
pre.slide-up-slow.animate-delay-10
code control 'example-1.0' do
code impact 0.9
code title 'Ensure login disabled'
code desc 'An optional description...'
code describe sshd_config do
code its('PermitRootLogin') {
code should_not cmp 'yes'
code }
code end
code end
.margin-top-xs
.row.align.mobile-row
.large-6.medium-6.mobile-12.columns
.flex.align
.num-container
h3.t-purple 2
.block.margin-left-sm
h4.t-purple run the test
p Execute your test against your target system locally or remotely with one simple command.
.large-6.medium-6.mobile-12.columns
.flex.align.slide-right
.tooltip-triangle
.box-dark.tip.shadow
pre
code $ inspec exec linux-baseline
.margin-top-xs
.row.align.mobile-row
.large-6.medium-6.mobile-12.columns
.flex.align
.num-container
h3.t-purple 3
.block.margin-left-sm
h4.t-purple See the results
p See which tests failed, passed and skipped and the expected state against the current state of your target system, in one simple output.
.large-6.medium-6.mobile-12.columns
.flex.align.slide-right
.tooltip-triangle
.box-dark.box-scroll.tip.shadow
pre.slide-up-slow.animate-delay-20
code Profile: Chef InSpec Profile (example_profile)
code Version: 0.1.0
code Target: local://
br
code ✔ example-1.0: Ensure root login is disabled via SSH
code ✔ SSHD Configuration PermitRootLogin should not cmp == "yes"
br
code Profile Summary: 1 successful control, 0 control failures, 0 controls skipped
code Test Summary: 1 successful, 0 failures, 0 skipped
/! how it works
.row.relative.margin-under-sm
.columns.strict-center
hr.center
small.t-gray Features of Chef InSpec
h2.txt-margin Chef InSpec is compliance by design
hr.center
.row.strict-center.mobile-row
.large-6.medium-6.columns.mobile-12.margin-under-xs
.box-white.shadow.strict-center.fit-height.relative.slide-up
img.icon-art.margin-under-xs src="/images/home/platform.svg" onerror="this.src='/images/home/platform.png'" alt="image for Chef InSpec platform support"/
h4.t-purple Platform Agnostic
p
| Chef InSpec supports all major operating systems and is platform agnostic, allowing you the freedom to run compliance and security tests anywhere.
a title="Linux, Windows/Azure, Mac, Ubuntu, Docker, AWS, VMware, RedHat"
img.icon-logos src="/images/home/platform-logos.svg" onerror="this.src='/images/home/platform-logos.png'" alt="logos for Linux, Windows/Azure, Mac, Ubuntu, Docker container, AWS, VMware"/
.triangle-right
.large-6.medium-6.columns.mobile-12.margin-under-xs
.box-white.shadow.strict-center.fit-height.relative.slide-up
img.icon-art.margin-under-xs src="/images/home/test.svg" onerror="this.src='/images/home/test.png'" alt="image for Chef InSpec remote and local testing"/
h4.t-purple Test locally or remotely
p
| Chef InSpec provides a local agent for host-based assessments, as well as full remote testing support via SSH and WinRM.
a title="SSH, WinRM"
img.icon-logos src="/images/home/test-logos.svg" onerror="this.src='/images/home/test-logos.png'" alt="logos for SSH and WinRM" /
.triangle-right
.row.strict-center.mobile-row
.large-6.medium-6.mobile-12.columns.margin-under-xs
.box-white.shadow.strict-center.fit-height.relative.slide-up
img.icon-art.margin-under-xs src="/images/home/run.svg" onerror="this.src='/images/home/run.png'" alt="image for Chef InSpec freedom"/
h4.t-purple Free to run anywhere
p
| Chef InSpec is an open-source language that can easily express compliance as code, with the freedom to run anywhere.
.triangle-right
.large-6.medium-6.mobile-12.columns.margin-under-xs
.box-white.shadow.strict-center.fit-height.relative.slide-up
img.icon-art.margin-under-xs src="/images/home/extensible.svg" onerror="this.src='/images/home/extensible.png'" alt="image for Chef InSpec's extensible language" /
h4.t-purple Extensible language
p
| Easily extend the Chef InSpec language to cover new operating systems, devices, or applications.
.triangle-right
/! use cases
.bg-gradient.margin-top
.pad-both.relative
#particles-second
canvas.particles-js-canvas-el
.slider
.row
.columns.selectors.mobile-hide.z-20
a.button.btn-lg.btn-slider.shadow-dark for Compliance
a.button.btn-lg.btn-slider.shadow-dark for Infrastructure
a.button.btn-lg.btn-slider.shadow-dark for Provisioning
.columns.selectors.slider-selectors.mobile-show.z-20
a.button.btn-lg.btn-slider.shadow-dark Compliance
a.button.btn-lg.btn-slider.shadow-dark Infrastructure
a.button.btn-lg.btn-slider.shadow-dark Provisioning
.view
.row
.large-7.medium-7.mobile-12.columns
h2.t-white.margin-both-sm
| Transform your compliance and security requirements into simple code
.row.mobile-row
.large-6.medium-6.mobile-12.columns.mobile-row
.box-white.shadow-dark.fit-height.z-20
.block.margin-both-xs
h4.t-purple Codify agreements
p Combine profiles and customize them with overlays. Pick controls and define exceptions as code.
.block.margin-under-xs
h4.t-purple Add context to your tests
p Utilize many fields like descriptions, tags, and impact.
.block
h4.t-purple Apply to all systems
p Analyze everything using the same codified profiles and controls.
.large-6.medium-6.mobile-12.columns
.box-dark.shadow-dark.fit-height.z-20
pre.t-white.align-vertical-50
code control 'sshd-21' do
code title 'Set SSH Protocol to 2'
code desc 'A detailed description'
code impact 1.0 # This is critical ref 'compliance guide, section 2.1'
code describe sshd_config do
code its('Protocol') { should cmp 2 }
code end
code end
.view
.row
.large-7.medium-7.mobile-12.columns
h2.t-white.margin-both-sm
| Solve your infrastructure testing needs simply and efficiently
.row.mobile-row
.large-6.medium-6.mobile-12.columns.mobile-row
.box-white.shadow-dark.fit-height.z-20
.block.margin-both-xs
h4.t-purple Test the desired state
p Verify the current desired state of your apps and infrastructure according to the code you write.
.block.margin-under-xs
h4.t-purple HUMAN-READABLE CODE
p Reduce friction by writing tests that are easy to understand by anyone.
.block
h4.t-purple Extensible
p Create custom resources with ease and share them easily with others.
.large-6.medium-6.mobile-12.columns
.box-dark.shadow-dark.fit-height.z-20
pre.t-white.align-vertical-50
code describe file('/etc/myapp.conf') do
code it { should exist }
code its('mode') { should cmp 0644 }
code end
br
code describe apache_conf do
code its('Listen') { should cmp 8080 }
code end
br
code describe port(8080) do
code it { should be_listening }
code end
.view
.row
.large-7.medium-7.mobile-12.columns
h2.t-white.margin-both-sm
| Verify provisioning to cloud providers
.row.mobile-row
.large-6.medium-6.mobile-12.columns.mobile-row
.box-white.shadow-dark.fit-height.z-20
.block.margin-both-xs
h4.t-purple Test AWS and Azure configuration
p Verify all necessary settings of your favorite public cloud providers.
.block.margin-under-xs
h4.t-purple Test provisioners
p Chef InSpec can be used in combination with Cloudformation, Azure resource manager templates and Terraform.
.block
h4.t-purple Verify security configuration
p Ensure that your cloud deployments are not open to malicious attacks due to misconfiguration.
.large-6.medium-6.mobile-12.columns
.box-dark.shadow-dark.fit-height.z-20
pre.t-white.align-vertical-50
code describe aws_s3_bucket(bucket_name: 'my_secret_files') do
code it { should exist }
code it { should_not be_public }
code end
br
code describe aws_iam_user(username: 'test_user') do
code it { should have_mfa_enabled }
code it { should_not have_console_password }
code end
.scrollToTop.shadow-dark
img#scrollup src="/images/home/arrow.svg" onerror="this.src='/images/home/arrow.png'" alt="image of scroll to top arrow"