Lead Image © pandavector, 123RF.com
Automated compliance with Chef InSpec
Self-Regulating
IT compliance is indispensable in both small and large businesses and should be monitored wherever possible. The Chef InSpec open source framework helps admins apply rules on servers in a fully automated process by checking system status against a list of policies and alerting the admin if a system violates them. In this article, I look at setting up and using the software in a practical application.
Chef InSpec comes from a company that feels very much at home in the areas of automation and compliance: Chef, the provider behind the automation platform of the same name. The software is based on its own declarative script language (DSL), a kind of pseudo-programming language. In this language, the administrator describes the rules in a fixed syntax, which InSpec checks later.
InSpec offers the user a few simplifications. For example, it makes available ready-to-use functions for checking certain configuration files or their content (Figure 1), which helps avoid a great deal of manual work. Everyone is familiar with configuration files. They have certain basic formats (e.g., .ini) in which they can be written. The administrator would need to retype the keywords the developers of a program use for their configurations for each service. For this reason, the InSpec developers provide the user with parsers to match a large number of common Unix services out of the box.
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Automated compliance testing with InSpec
Don't equate compliance through certification with security, because compliance and security are not the same. We look at automated compliance testing with InSpec for the secure operation of enterprise IT. -
The new version of Chef Automate comes with many new features
Chef, one of the oldest automation solutions, seeks to become a universal administration robot for cloud environments with new version 2.0. -
Chef users faced with a license change might find solace in a new open source distribution, Cinc.
For the past two years, Chef software used commercially has required a separate license. Cinc enters the scene as a free and completely compatible Chef distribution that makes it a genuine alternative. -
OPA and Gatekeeper enforce policy defaults in Kubernetes
Enforce container compliance in Kubernetes in one of two ways: with Open Policy Agent or Gatekeeper. -
Automation with Chef
The Chef automator borrows some of its vocabulary from the world of cooking. Its cookbooks contain good recipes for many recurring tasks, and admins can follow them to prepare palatable results with manageable overhead.