mirror of
https://github.com/inspec/inspec
synced 2024-11-27 07:00:39 +00:00
280 lines
13 KiB
Text
280 lines
13 KiB
Text
---
|
||
title: Chef InSpec - Audit and Automated Testing Framework
|
||
description: Chef InSpec is an open source (OSS) automated testing tool for integration, compliance, security, and other policy requirements. Easily test your network and systems on-site or on cloud platforms such as AWS, Azure, and Docker Containers.
|
||
priority: 1.0
|
||
change_frequency: daily
|
||
---
|
||
|
||
/! header
|
||
header.bg-gradient.margin-top-offset.short-bg.relative
|
||
.row.align.margin-top-sm
|
||
.large-7.medium-7.mobile-12.columns.z-20
|
||
.margin-both
|
||
h1.t-white Chef InSpec is compliance as code
|
||
h3.t-white Turn your compliance, security, and other policy requirements into automated tests.
|
||
/! buttons
|
||
.row.align.columns.margin-top-sm.mobile-row-btn
|
||
a.button.btn-lg.btn-purple.shadow-dark.margin-right-xs.mobile-row-btn href="/downloads"
|
||
i.fa.fa-cloud-download
|
||
span download inspec 4
|
||
a.button.btn-lg.btn-white-o.shadow-dark.mobile-row-btn href="/tutorials" browse tutorials
|
||
a class="github-button" href="https://github.com/chef/inspec" data-size="large" data-show-count="true" aria-label="Star chef/inspec on GitHub" Star
|
||
|
||
.large-5.medium-5.columns.relative.mobile-hide
|
||
/! diamond image
|
||
img.diamond src="/images/home/diamond.png" alt="image of diamond"/
|
||
img.grid-animate.fit.z-20 src="/images/home/web.svg" onerror="this.src='/images/home/web.png'" alt="image of grid"/
|
||
/! announcement
|
||
.row.columns
|
||
.box-white.shadow.z-20.slide-left
|
||
h3.large-11.medium-11 Announcing InSpec 4
|
||
p.large-11.medium-11 Inputs system overhaul, updated AWS-SDK to v3, support for the new Chef License, and many bugfixes and minor features
|
||
#expand
|
||
.margin-top-sm.brdr-left.large-11.medium-11
|
||
.margin-left-sm
|
||
h4.t-purple core
|
||
p Inputs system overhaul - more consistent, extensible, and predictable
|
||
p Updated AWS-SDK to v3
|
||
p Laying the foundation for opt-in telemetry
|
||
p Support for the new Chef License
|
||
p Add support for more_permissive_than? on the File resource
|
||
p Many other minor bugfixes!
|
||
.margin-top-sm.brdr-left.large-11.medium-11
|
||
.margin-left-sm
|
||
h4.t-purple inspec-bin
|
||
p Moved the `inspec` executable to a separate gem, `inspec-bin`. This allows the use of the `inspec` gem as a library without the licensing restrictions placed on the executable.
|
||
p This release is the first to require accepting a license before using it as an executable.
|
||
.margin-top-xs
|
||
a#expandBtn Show all new features
|
||
/! canvas elements
|
||
#particles-js.particles
|
||
canvas.particles-js-canvas-el /
|
||
|
||
|
||
/! Get started
|
||
.margin-both
|
||
.row.relative
|
||
.columns
|
||
hr
|
||
small.t-gray How Chef InSpec works
|
||
h2.txt-margin Get started with Chef InSpec in 3 simple steps
|
||
hr
|
||
.large-5.medium-5.columns.blue-grid.mobile-hide
|
||
img.grid-animate.fit src="/images/community/blue-web.svg" onerror="this.src='/images/community/blue-web.png'" alt="image of grid"
|
||
.margin-top-sm
|
||
.row.align.mobile-row
|
||
.large-6.medium-6.mobile-12.columns
|
||
.flex.align
|
||
.num-container
|
||
h3.t-purple 1
|
||
.block.margin-left-sm
|
||
h4.t-purple write the test
|
||
p Create simple Ruby-based tests to verify your expected state against the current state of your systems.
|
||
.large-6.medium-6.mobile-12.columns
|
||
.flex.align.slide-right
|
||
.tooltip-triangle
|
||
.box-dark.box-scroll.tip.shadow
|
||
pre.slide-up-slow.animate-delay-10
|
||
code control 'example-1.0' do
|
||
code impact 0.9
|
||
code title 'Ensure login disabled'
|
||
code desc 'An optional description...'
|
||
code describe sshd_config do
|
||
code its('PermitRootLogin') {
|
||
code should_not cmp 'yes'
|
||
code }
|
||
code end
|
||
code end
|
||
.margin-top-xs
|
||
.row.align.mobile-row
|
||
.large-6.medium-6.mobile-12.columns
|
||
.flex.align
|
||
.num-container
|
||
h3.t-purple 2
|
||
.block.margin-left-sm
|
||
h4.t-purple run the test
|
||
p Execute your test against your target system locally or remotely with one simple command.
|
||
.large-6.medium-6.mobile-12.columns
|
||
.flex.align.slide-right
|
||
.tooltip-triangle
|
||
.box-dark.tip.shadow
|
||
pre
|
||
code $ inspec exec linux-baseline
|
||
.margin-top-xs
|
||
.row.align.mobile-row
|
||
.large-6.medium-6.mobile-12.columns
|
||
.flex.align
|
||
.num-container
|
||
h3.t-purple 3
|
||
.block.margin-left-sm
|
||
h4.t-purple See the results
|
||
p See which tests failed, passed and skipped and the expected state against the current state of your target system, in one simple output.
|
||
.large-6.medium-6.mobile-12.columns
|
||
.flex.align.slide-right
|
||
.tooltip-triangle
|
||
.box-dark.box-scroll.tip.shadow
|
||
pre.slide-up-slow.animate-delay-20
|
||
code Profile: Chef InSpec Profile (example_profile)
|
||
code Version: 0.1.0
|
||
code Target: local://
|
||
br
|
||
code ✔ example-1.0: Ensure root login is disabled via SSH
|
||
code ✔ SSHD Configuration PermitRootLogin should not cmp == "yes"
|
||
br
|
||
code Profile Summary: 1 successful control, 0 control failures, 0 controls skipped
|
||
code Test Summary: 1 successful, 0 failures, 0 skipped
|
||
|
||
|
||
/! how it works
|
||
.row.relative.margin-under-sm
|
||
.columns.strict-center
|
||
hr.center
|
||
small.t-gray Features of Chef InSpec
|
||
h2.txt-margin Chef InSpec is compliance by design
|
||
hr.center
|
||
|
||
.row.strict-center.mobile-row
|
||
.large-6.medium-6.columns.mobile-12.margin-under-xs
|
||
.box-white.shadow.strict-center.fit-height.relative.slide-up
|
||
img.icon-art.margin-under-xs src="/images/home/platform.svg" onerror="this.src='/images/home/platform.png'" alt="image for Chef InSpec platform support"/
|
||
h4.t-purple Platform Agnostic
|
||
p
|
||
| Chef InSpec supports all major operating systems and is platform agnostic, allowing you the freedom to run compliance and security tests anywhere.
|
||
a title="Linux, Windows/Azure, Mac, Ubuntu, Docker, AWS, VMware, RedHat"
|
||
img.icon-logos src="/images/home/platform-logos.svg" onerror="this.src='/images/home/platform-logos.png'" alt="logos for Linux, Windows/Azure, Mac, Ubuntu, Docker container, AWS, VMware"/
|
||
.triangle-right
|
||
.large-6.medium-6.columns.mobile-12.margin-under-xs
|
||
.box-white.shadow.strict-center.fit-height.relative.slide-up
|
||
img.icon-art.margin-under-xs src="/images/home/test.svg" onerror="this.src='/images/home/test.png'" alt="image for Chef InSpec remote and local testing"/
|
||
h4.t-purple Test locally or remotely
|
||
p
|
||
| Chef InSpec provides a local agent for host-based assessments, as well as full remote testing support via SSH and WinRM.
|
||
a title="SSH, WinRM"
|
||
img.icon-logos src="/images/home/test-logos.svg" onerror="this.src='/images/home/test-logos.png'" alt="logos for SSH and WinRM" /
|
||
.triangle-right
|
||
|
||
.row.strict-center.mobile-row
|
||
.large-6.medium-6.mobile-12.columns.margin-under-xs
|
||
.box-white.shadow.strict-center.fit-height.relative.slide-up
|
||
img.icon-art.margin-under-xs src="/images/home/run.svg" onerror="this.src='/images/home/run.png'" alt="image for Chef InSpec freedom"/
|
||
h4.t-purple Free to run anywhere
|
||
p
|
||
| Chef InSpec is an open-source language that can easily express compliance as code, with the freedom to run anywhere.
|
||
.triangle-right
|
||
.large-6.medium-6.mobile-12.columns.margin-under-xs
|
||
.box-white.shadow.strict-center.fit-height.relative.slide-up
|
||
img.icon-art.margin-under-xs src="/images/home/extensible.svg" onerror="this.src='/images/home/extensible.png'" alt="image for Chef InSpec's extensible language" /
|
||
h4.t-purple Extensible language
|
||
p
|
||
| Easily extend the Chef InSpec language to cover new operating systems, devices, or applications.
|
||
.triangle-right
|
||
|
||
|
||
/! use cases
|
||
|
||
.bg-gradient.margin-top
|
||
.pad-both.relative
|
||
#particles-second
|
||
canvas.particles-js-canvas-el
|
||
.slider
|
||
.row
|
||
.columns.selectors.mobile-hide.z-20
|
||
a.button.btn-lg.btn-slider.shadow-dark for Compliance
|
||
a.button.btn-lg.btn-slider.shadow-dark for Infrastructure
|
||
a.button.btn-lg.btn-slider.shadow-dark for Provisioning
|
||
.columns.selectors.slider-selectors.mobile-show.z-20
|
||
a.button.btn-lg.btn-slider.shadow-dark Compliance
|
||
a.button.btn-lg.btn-slider.shadow-dark Infrastructure
|
||
a.button.btn-lg.btn-slider.shadow-dark Provisioning
|
||
.view
|
||
.row
|
||
.large-7.medium-7.mobile-12.columns
|
||
h2.t-white.margin-both-sm
|
||
| Transform your compliance and security requirements into simple code
|
||
.row.mobile-row
|
||
.large-6.medium-6.mobile-12.columns.mobile-row
|
||
.box-white.shadow-dark.fit-height.z-20
|
||
.block.margin-both-xs
|
||
h4.t-purple Codify agreements
|
||
p Combine profiles and customize them with overlays. Pick controls and define exceptions as code.
|
||
.block.margin-under-xs
|
||
h4.t-purple Add context to your tests
|
||
p Utilize many fields like descriptions, tags, and impact.
|
||
.block
|
||
h4.t-purple Apply to all systems
|
||
p Analyze everything using the same codified profiles and controls.
|
||
.large-6.medium-6.mobile-12.columns
|
||
.box-dark.shadow-dark.fit-height.z-20
|
||
pre.t-white.align-vertical-50
|
||
code control 'sshd-21' do
|
||
code title 'Set SSH Protocol to 2'
|
||
code desc 'A detailed description'
|
||
code impact 1.0 # This is critical ref 'compliance guide, section 2.1'
|
||
code describe sshd_config do
|
||
code its('Protocol') { should cmp 2 }
|
||
code end
|
||
code end
|
||
.view
|
||
.row
|
||
.large-7.medium-7.mobile-12.columns
|
||
h2.t-white.margin-both-sm
|
||
| Solve your infrastructure testing needs simply and efficiently
|
||
.row.mobile-row
|
||
.large-6.medium-6.mobile-12.columns.mobile-row
|
||
.box-white.shadow-dark.fit-height.z-20
|
||
.block.margin-both-xs
|
||
h4.t-purple Test the desired state
|
||
p Verify the current desired state of your apps and infrastructure according to the code you write.
|
||
.block.margin-under-xs
|
||
h4.t-purple HUMAN-READABLE CODE
|
||
p Reduce friction by writing tests that are easy to understand by anyone.
|
||
.block
|
||
h4.t-purple Extensible
|
||
p Create custom resources with ease and share them easily with others.
|
||
.large-6.medium-6.mobile-12.columns
|
||
.box-dark.shadow-dark.fit-height.z-20
|
||
pre.t-white.align-vertical-50
|
||
code describe file('/etc/myapp.conf') do
|
||
code it { should exist }
|
||
code its('mode') { should cmp 0644 }
|
||
code end
|
||
br
|
||
code describe apache_conf do
|
||
code its('Listen') { should cmp 8080 }
|
||
code end
|
||
br
|
||
code describe port(8080) do
|
||
code it { should be_listening }
|
||
code end
|
||
.view
|
||
.row
|
||
.large-7.medium-7.mobile-12.columns
|
||
h2.t-white.margin-both-sm
|
||
| Verify provisioning to cloud providers
|
||
.row.mobile-row
|
||
.large-6.medium-6.mobile-12.columns.mobile-row
|
||
.box-white.shadow-dark.fit-height.z-20
|
||
.block.margin-both-xs
|
||
h4.t-purple Test AWS and Azure configuration
|
||
p Verify all necessary settings of your favorite public cloud providers.
|
||
.block.margin-under-xs
|
||
h4.t-purple Test provisioners
|
||
p Chef InSpec can be used in combination with Cloudformation, Azure resource manager templates and Terraform.
|
||
.block
|
||
h4.t-purple Verify security configuration
|
||
p Ensure that your cloud deployments are not open to malicious attacks due to misconfiguration.
|
||
.large-6.medium-6.mobile-12.columns
|
||
.box-dark.shadow-dark.fit-height.z-20
|
||
pre.t-white.align-vertical-50
|
||
code describe aws_s3_bucket(bucket_name: 'my_secret_files') do
|
||
code it { should exist }
|
||
code it { should_not be_public }
|
||
code end
|
||
br
|
||
code describe aws_iam_user(username: 'test_user') do
|
||
code it { should have_mfa_enabled }
|
||
code it { should_not have_console_password }
|
||
code end
|
||
|
||
.scrollToTop.shadow-dark
|
||
img#scrollup src="/images/home/arrow.svg" onerror="this.src='/images/home/arrow.png'" alt="image of scroll to top arrow"
|