SlideShare a Scribd company logo

Automating AWS Compliance with InSpec

Matt Ray, profile picture
Matt Ray

The document discusses automating compliance using Chef's InSpec tool, emphasizing the importance of configuring security settings correctly in servers. It highlights trends in organizational compliance, noting that while some compliance testing is up, overall sustainability remains low. Moreover, it presents various automation practices and capabilities with AWS and Chef integration for enhanced security and compliance workflows.

Technology
1 of 64
Downloaded 12 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
Automating Compliance with InSpec Sydney AWS Security Meetup August 10, 2017
Matt Ray Manager, Solutions Architect – APJ Chef Software matt@chef.io @mattray
Automating AWS Compliance with InSpec
Automating AWS Compliance with InSpec
Automating AWS Compliance with InSpec
SSH Control "SSH supports two different protocol versions.The original version, SSHv1, was subject to a number of security issues. Please use SSHv2 instead to avoid these."
How will I verify this?
Whip up a one-liner! grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //'
Apache Server Information Leakage • Description This Directive Controls wheather Server response field is sent back to clients includes a description of Generic OSType of the Server. This allows attackers to identify web servers details greatly and increases the efficiency of any attack,as security vulnerabilities are dependent upon specific software versions. • How toTest In order to test for ServerToken configuration, one should check the Apache configuration file. • Misconfiguration ServerTokens Full • Remediation Configure the ServerTokens directive in the Apache configuration to value of Prod or ProductOnly.This tells Apache to only return "Apache" in the Server header, returned on every page request. ServerTokens Prod or ServerTokens ProductOnly https://www.owasp.org/index.php/SCG_WS_Apache
More grep and sed! grep "^ServerTokens" /etc/httpd/conf/httpd.conf | sed 's/ServerTokens //'
Automating AWS Compliance with InSpec
Automating AWS Compliance with InSpec
Automating AWS Compliance with InSpec
Automating AWS Compliance with InSpec
Automating AWS Compliance with InSpec
C o m p l i a n c e
Automating AWS Compliance with InSpec
Two-thirds of organizations did not adequately test the security of all in-scope systems
Key Trends • While individual rule compliance is up, testing of security systems is down • Sustainability is low. Fewer than a third of companies were found to be still fully compliant less than a year after successful validation.
Automating AWS Compliance with InSpec
Shell Scripts grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //' grep "^ServerTokens" /etc/httpd/conf/httpd.conf | sed 's/ServerTokens //'
Infrastructure Code package 'httpd' do action :install end service 'httpd' do action [ :start, :enable ] end
We Have A Communications Problem
Automating AWS Compliance with InSpec
Security != Compliance
Automating AWS Compliance with InSpec
Automating AWS Compliance with InSpec
Automating AWS Compliance with InSpec
Automating AWS Compliance with InSpec
Automating AWS Compliance with InSpec
Automating AWS Compliance with InSpec
Compliance Language
One Language Linux
One Language Linux,Windows
Windows
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ...
Examples of Available Resources apache_conf apt audit_policy auditd_conf auditd_rules bond bridge command crontab directory etc_group file gem group host inetd_conf interface iptables kernel_module kernel_parameter limits_conf login_defs mount mysql_conf mysql_session npm ntp_conf oneget os os_env package parse_config parse_config_file passwd pip port postgres_conf postgres_session powershell processes registry_key security_policy service ssh_config sshd_config user windows_feature yum
What is it not? • IDS / IPS • Firewall • Antivirus • Pentesting tool
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes, Databases
DB Testing
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes, Databases,APIs
Cloud Testing
InSpec > inspec exec test.rb Test a machine remotely via SSH > inspec exec test.rb -i identity.key -t ssh://root@172.17.0.1 Test your machine locally > inspec exec test.rb -t winrm://Admin@192.168.1.2 --password super Test Docker Container > inspec exec test.rb -t docker://5cc8837bb6a8 Test a machine remotely via WinRM AGENTLESS
Operating System & Application Coverage • Microsoft Windows • Red Hat Enterprise Linux • Ubuntu Linux • SUSE Linux Enterprise Server • Oracle Enterprise Linux • AIX • HP-UX • Solaris • VMware ESXi • MySQL • Oracle • PostgreSQL • Tomcat • SQL Server • IIS • HTTP request
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes, Databases,APIs, Cloud Platforms, ...
Open Source Community •https://inspec.io •https://github.com/chef/inspec •https://supermarket.chef.io •https://learn.chef.io •#inspec in https://chefcommunity.slack.com
CONTINUOUS COMPLIANCE AUTOMATION InSpec - Part of your InfoSec toolchain FIREWALL ANTIVIRUS INTRUSION DETECTION/ PREVENTION PENETRATION TESTING
Continuous Workflow Detect Correct
The Chef Automate Platform Continuous Automation for High Velocity IT Workflow • Local development • Integration • Tooling (APIs & SDKs) COLLABORATE ▪ Package ▪ Test ▪ Approve BUILD ▪ Provision ▪ Configure ▪ Execute ▪ Update DEPLOY ▪ Secure ▪ Comply ▪ Audit ▪ Measure ▪ Log MANAGE Infrastructure Automation Compliance AutomationApplication Automation OSS AUTOMATION ENGINES Increase Speed ▪ Package infrastructure and app configuration as code ▪ Continuously automate infrastructure and app updates Improve Efficiency ▪ Define and execute standard workflows and automation ▪ Audit and measure effectiveness of automation Decrease Risk ▪ Define compliance rules as code ▪ Deliver continuous compliance as part of standard workflow
AWS OpsWorks for Chef Automate Native Amazon Service Managed Chef Server ▪ Utilizes RDS and other native services ▪ May be externally accessible AWS Native ▪ Auto Scaling in your VPC ▪ Automatic backups and upgrades OpsWorks Stacks ▪ New name for previous version of OpsWorks ● Partnership between Amazon and Chef, jointly developed and maintained ● Fully managed AWS service with frequent updates ● Fully compatible with open source Chef ● Amazon is your support and billing ● All Chef Automate features will be supported ○ Visibility and Workflow today ○ Compliance soon ○ Currently Northern Virginia, Oregon & Ireland with more planned
Automating AWS Compliance with InSpec
InSpec-AWS • https://github.com/chef/inspec-aws
aws_ec2
aws_iam_access_key
aws_iam_password_policy
aws_iam_root_user
aws_iam_user
aws_iam_users
Dig into the new way of learning about Chef, Automation, and DevOps. Self-paced training on Linux and Windows and much more! learn.chef.io
Automating AWS Compliance with InSpec

More Related Content

PDF
Automating Compliance with InSpec - AWS North Sydney
Matt Ray
 
PDF
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
Matt Ray
 
PDF
DevOpsDays Singapore Habitat Ignite
Matt Ray
 
PPTX
Compliance Automation with Inspec Part 4
Chef
 
PPTX
Application Automation with Habitat
Chef
 
PPTX
Chef Hack Day Denver
Chef
 
PPTX
Compliance Automation with Inspec Part 2
Chef
 
PPTX
Achieving DevOps Success with Chef Automate
Chef
 
Automating Compliance with InSpec - AWS North Sydney
Matt Ray
 
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
Matt Ray
 
DevOpsDays Singapore Habitat Ignite
Matt Ray
 
Compliance Automation with Inspec Part 4
Chef
 
Application Automation with Habitat
Chef
 
Chef Hack Day Denver
Chef
 
Compliance Automation with Inspec Part 2
Chef
 
Achieving DevOps Success with Chef Automate
Chef
 

What's hot (20)

PPTX
Chef Workflow Demo
Chef
 
PDF
Chef Automate Workflow Demo
Chef
 
PPTX
Chef Compliance & Workflow w/Delivery
Chef
 
PPTX
London Community Summit 2016 - Fresh New Chef Stuff
Chef
 
PDF
Nike popup compliance workshop
Chef
 
PDF
Automating Compliance with InSpec - Chef Singapore Meetup
Matt Ray
 
PPTX
Devops journey chefpopup-2016.04.26-v2
Chef
 
PDF
Intermediate/Compliance training Guide
Chef
 
PPTX
Compliance Automation with InSpec
Nathen Harvey
 
PPTX
Compliance Automation with InSpec - Chef NYC Meetup - April 2017
adamleff
 
PPTX
London Community Summit - Chef at SkyBet
Chef
 
PDF
Chef compliance - Intermediate Training
Sarah Hynes Cheney
 
PPTX
Azure handsonlab
Chef
 
PPTX
Compliance Automation with Inspec Part 1
Chef
 
PPTX
Adding Security and Compliance to Your Workflow with InSpec
Mandi Walls
 
PPTX
Compliance Automation with Inspec Part 3
Chef
 
PDF
Nike pop up habitat
Chef
 
PPT
Nginx internals
liqiang xu
 
PDF
Compliance Automation Workshop
Chef
 
PPTX
How to Write Chef Cookbook
devopsjourney
 
Chef Workflow Demo
Chef
 
Chef Automate Workflow Demo
Chef
 
Chef Compliance & Workflow w/Delivery
Chef
 
London Community Summit 2016 - Fresh New Chef Stuff
Chef
 
Nike popup compliance workshop
Chef
 
Automating Compliance with InSpec - Chef Singapore Meetup
Matt Ray
 
Devops journey chefpopup-2016.04.26-v2
Chef
 
Intermediate/Compliance training Guide
Chef
 
Compliance Automation with InSpec
Nathen Harvey
 
Compliance Automation with InSpec - Chef NYC Meetup - April 2017
adamleff
 
London Community Summit - Chef at SkyBet
Chef
 
Chef compliance - Intermediate Training
Sarah Hynes Cheney
 
Azure handsonlab
Chef
 
Compliance Automation with Inspec Part 1
Chef
 
Adding Security and Compliance to Your Workflow with InSpec
Mandi Walls
 
Compliance Automation with Inspec Part 3
Chef
 
Nike pop up habitat
Chef
 
Nginx internals
liqiang xu
 
Compliance Automation Workshop
Chef
 
How to Write Chef Cookbook
devopsjourney
 
Ad

Similar to Automating AWS Compliance with InSpec (20)

PDF
Melbourne Chef Meetup: Automating Azure Compliance with InSpec
Matt Ray
 
PDF
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
AgileNZ Conference
 
PDF
Melbourne Infracoders: Compliance as Code with InSpec
Matt Ray
 
PDF
Bay Area Chef Meetup February
Jessica DeVita
 
PDF
Chef Automate - Infracoders Canberra August 8, 2017
Matt Ray
 
PDF
Compliance as Code with InSpec - DevOps Melbourne 2017
Matt Ray
 
PDF
Infrastructure and Compliance Delight with Chef Automate
Matt Ray
 
PPTX
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
Alert Logic
 
PDF
Chef Automate - Wellington DevOps August 2, 2017
Matt Ray
 
PDF
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
Tamir Dresher
 
PDF
Compliance as Code Everywhere
Matt Ray
 
PPTX
A Bit of Everything Chef
Mandi Walls
 
PDF
Cooking Up Windows with Chef Automate
Matt Ray
 
PPTX
Anatomy of a Build Pipeline
Samuel Brown
 
PPTX
Delivering High-Availability Web Services with NGINX Plus on AWS
NGINX, Inc.
 
PDF
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
Emerson Eduardo Rodrigues Von Staffen
 
PDF
.NET Cloud-Native Bootcamp
VMware Tanzu
 
ODP
Cfengine presentation at the RMLL
RUDDER
 
PPTX
Using Chef InSpec for Infrastructure Security
Mandi Walls
 
PDF
A Byte of Software Deployment
Gong Haibing
 
Melbourne Chef Meetup: Automating Azure Compliance with InSpec
Matt Ray
 
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
AgileNZ Conference
 
Melbourne Infracoders: Compliance as Code with InSpec
Matt Ray
 
Bay Area Chef Meetup February
Jessica DeVita
 
Chef Automate - Infracoders Canberra August 8, 2017
Matt Ray
 
Compliance as Code with InSpec - DevOps Melbourne 2017
Matt Ray
 
Infrastructure and Compliance Delight with Chef Automate
Matt Ray
 
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
Alert Logic
 
Chef Automate - Wellington DevOps August 2, 2017
Matt Ray
 
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
Tamir Dresher
 
Compliance as Code Everywhere
Matt Ray
 
A Bit of Everything Chef
Mandi Walls
 
Cooking Up Windows with Chef Automate
Matt Ray
 
Anatomy of a Build Pipeline
Samuel Brown
 
Delivering High-Availability Web Services with NGINX Plus on AWS
NGINX, Inc.
 
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
Emerson Eduardo Rodrigues Von Staffen
 
.NET Cloud-Native Bootcamp
VMware Tanzu
 
Cfengine presentation at the RMLL
RUDDER
 
Using Chef InSpec for Infrastructure Security
Mandi Walls
 
A Byte of Software Deployment
Gong Haibing
 
Ad

More from Matt Ray (18)

PDF
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Matt Ray
 
PDF
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
Matt Ray
 
PDF
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...
Matt Ray
 
PDF
HashiTalks 2020 - Chef Tools & Terraform: Better Together
Matt Ray
 
PDF
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP Mode
Matt Ray
 
PDF
Wellington DevOps: Bringing Your Applications into the Future with Habitat
Matt Ray
 
PDF
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...
Matt Ray
 
PDF
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...
Matt Ray
 
PDF
DevOpsDays Jakarta: State of DevOps 2018
Matt Ray
 
PDF
DevOps Talks Melbourne 2018: Whales, Cats and Kubernetes
Matt Ray
 
PDF
Chef Automate - Azure Sydney User Group
Matt Ray
 
PDF
Automating Applications with Habitat - Sydney Cloud Native Meetup
Matt Ray
 
PDF
OpsWorks for Chef Automate - Auckland AWS
Matt Ray
 
PDF
Compliance as Code: Shifting Compliance Left in Continuous Delivery
Matt Ray
 
PDF
DevOps Sydney: Chef Automate
Matt Ray
 
PDF
Brisbane AWS Meetup: OpsWorks for Chef Automate
Matt Ray
 
PDF
Managing Complexity at Velocity
Matt Ray
 
PDF
Habitat & Amazon's ECS
Matt Ray
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Matt Ray
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
Matt Ray
 
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...
Matt Ray
 
HashiTalks 2020 - Chef Tools & Terraform: Better Together
Matt Ray
 
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP Mode
Matt Ray
 
Wellington DevOps: Bringing Your Applications into the Future with Habitat
Matt Ray
 
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...
Matt Ray
 
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...
Matt Ray
 
DevOpsDays Jakarta: State of DevOps 2018
Matt Ray
 
DevOps Talks Melbourne 2018: Whales, Cats and Kubernetes
Matt Ray
 
Chef Automate - Azure Sydney User Group
Matt Ray
 
Automating Applications with Habitat - Sydney Cloud Native Meetup
Matt Ray
 
OpsWorks for Chef Automate - Auckland AWS
Matt Ray
 
Compliance as Code: Shifting Compliance Left in Continuous Delivery
Matt Ray
 
DevOps Sydney: Chef Automate
Matt Ray
 
Brisbane AWS Meetup: OpsWorks for Chef Automate
Matt Ray
 
Managing Complexity at Velocity
Matt Ray
 
Habitat & Amazon's ECS
Matt Ray
 

Recently uploaded (20)

PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Approach and Philosophy of On baking technology
30anthuong17
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
A Presentation on Artificial Intelligence
memembruh336
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Cloud computing and distributed systems.
kkkkkhan
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Teaching material agriculture food technology
LiaRayya
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 

Automating AWS Compliance with InSpec

  • 1. Automating Compliance with InSpec Sydney AWS Security Meetup August 10, 2017
  • 2. Matt Ray Manager, Solutions Architect – APJ Chef Software matt@chef.io @mattray
  • 6. SSH Control "SSH supports two different protocol versions.The original version, SSHv1, was subject to a number of security issues. Please use SSHv2 instead to avoid these."
  • 7. How will I verify this?
  • 8. Whip up a one-liner! grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //'
  • 9. Apache Server Information Leakage • Description This Directive Controls wheather Server response field is sent back to clients includes a description of Generic OSType of the Server. This allows attackers to identify web servers details greatly and increases the efficiency of any attack,as security vulnerabilities are dependent upon specific software versions. • How toTest In order to test for ServerToken configuration, one should check the Apache configuration file. • Misconfiguration ServerTokens Full • Remediation Configure the ServerTokens directive in the Apache configuration to value of Prod or ProductOnly.This tells Apache to only return "Apache" in the Server header, returned on every page request. ServerTokens Prod or ServerTokens ProductOnly https://www.owasp.org/index.php/SCG_WS_Apache
  • 10. More grep and sed! grep "^ServerTokens" /etc/httpd/conf/httpd.conf | sed 's/ServerTokens //'
  • 18. Two-thirds of organizations did not adequately test the security of all in-scope systems
  • 19. Key Trends • While individual rule compliance is up, testing of security systems is down • Sustainability is low. Fewer than a third of companies were found to be still fully compliant less than a year after successful validation.
  • 21. Shell Scripts grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //' grep "^ServerTokens" /etc/httpd/conf/httpd.conf | sed 's/ServerTokens //'
  • 22. Infrastructure Code package 'httpd' do action :install end service 'httpd' do action [ :start, :enable ] end
  • 23. We Have A Communications Problem
  • 36. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ...
  • 37. Examples of Available Resources apache_conf apt audit_policy auditd_conf auditd_rules bond bridge command crontab directory etc_group file gem group host inetd_conf interface iptables kernel_module kernel_parameter limits_conf login_defs mount mysql_conf mysql_session npm ntp_conf oneget os os_env package parse_config parse_config_file passwd pip port postgres_conf postgres_session powershell processes registry_key security_policy service ssh_config sshd_config user windows_feature yum
  • 38. What is it not? • IDS / IPS • Firewall • Antivirus • Pentesting tool
  • 39. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal
  • 40. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs
  • 41. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers
  • 42. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes
  • 43. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes, Databases
  • 45. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes, Databases,APIs
  • 47. InSpec > inspec exec test.rb Test a machine remotely via SSH > inspec exec test.rb -i identity.key -t ssh://root@172.17.0.1 Test your machine locally > inspec exec test.rb -t winrm://Admin@192.168.1.2 --password super Test Docker Container > inspec exec test.rb -t docker://5cc8837bb6a8 Test a machine remotely via WinRM AGENTLESS
  • 48. Operating System & Application Coverage • Microsoft Windows • Red Hat Enterprise Linux • Ubuntu Linux • SUSE Linux Enterprise Server • Oracle Enterprise Linux • AIX • HP-UX • Solaris • VMware ESXi • MySQL • Oracle • PostgreSQL • Tomcat • SQL Server • IIS • HTTP request
  • 49. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes, Databases,APIs, Cloud Platforms, ...
  • 51. CONTINUOUS COMPLIANCE AUTOMATION InSpec - Part of your InfoSec toolchain FIREWALL ANTIVIRUS INTRUSION DETECTION/ PREVENTION PENETRATION TESTING
  • 53. The Chef Automate Platform Continuous Automation for High Velocity IT Workflow • Local development • Integration • Tooling (APIs & SDKs) COLLABORATE ▪ Package ▪ Test ▪ Approve BUILD ▪ Provision ▪ Configure ▪ Execute ▪ Update DEPLOY ▪ Secure ▪ Comply ▪ Audit ▪ Measure ▪ Log MANAGE Infrastructure Automation Compliance AutomationApplication Automation OSS AUTOMATION ENGINES Increase Speed ▪ Package infrastructure and app configuration as code ▪ Continuously automate infrastructure and app updates Improve Efficiency ▪ Define and execute standard workflows and automation ▪ Audit and measure effectiveness of automation Decrease Risk ▪ Define compliance rules as code ▪ Deliver continuous compliance as part of standard workflow
  • 54. AWS OpsWorks for Chef Automate Native Amazon Service Managed Chef Server ▪ Utilizes RDS and other native services ▪ May be externally accessible AWS Native ▪ Auto Scaling in your VPC ▪ Automatic backups and upgrades OpsWorks Stacks ▪ New name for previous version of OpsWorks ● Partnership between Amazon and Chef, jointly developed and maintained ● Fully managed AWS service with frequent updates ● Fully compatible with open source Chef ● Amazon is your support and billing ● All Chef Automate features will be supported ○ Visibility and Workflow today ○ Compliance soon ○ Currently Northern Virginia, Oregon & Ireland with more planned
  • 63. Dig into the new way of learning about Chef, Automation, and DevOps. Self-paced training on Linux and Windows and much more! learn.chef.io