inspec

by inspec

3.0Kstars

684forks

134watchers

Updated 8 months ago

About

Chef InSpec is an open-source framework for auditing and testing infrastructure compliance, security, and policy requirements using a human- and machine-readable language.

InSpec: Auditing and Testing Framework

Primary Use Case

Chef InSpec is primarily used by security professionals, compliance auditors, and DevOps teams to automate compliance auditing and security testing across various infrastructure environments. It enables users to write and execute tests that validate security policies on local, remote, containerized, and Windows hosts, ensuring continuous compliance and risk assessment.

Key Features

Human- and machine-readable language for specifying compliance and security requirements
Supports running tests locally, remotely via SSH, WinRM, and Docker
Built-in compliance testing integrated into the development lifecycle
Targeted tests focusing on specific compliance issues
Includes metadata required by security and compliance professionals
Command-line interface for easy and quick test execution
Open-source with active project maintenance and defined SLA for issues and pull requests

Installation

Ensure Ruby version >= 3.1.0 is installed
Accept the Chef InSpec EULA before use
For MacOS, RedHat, Ubuntu, and Windows, download the latest package from Chef InSpec Downloads or use the install script
Run the install script for RedHat, Ubuntu, and macOS: curl https://chefdownload-commercial.chef.io/install.sh?license_id=<LICENSE_ID> | sudo bash -s -- -P inspec
Run the install script for Windows: . { iwr -useb https://chefdownload-commercial.chef.io/install.ps1?license_id=<LICENSE_ID> } | iex; install -project inspec
Replace <LICENSE_ID> with your actual license ID
To install via RubyGems with build tools, first install build tools using your package manager (e.g., yum or apt-get)
For CentOS/RedHat/Fedora: yum -y install ruby ruby-devel make gcc gcc-c++
For Ubuntu: apt-get -y install ruby ruby-dev gcc g++ make
Install the inspec executable gem with license acceptance: gem install inspec-bin

Usage

>_ inspec exec test.rb

Run a test locally on the current machine

>_ inspec exec test.rb -t ssh://user@hostname -i /path/to/key

Run a test on a remote host via SSH using a private key

>_ inspec exec test.rb -t ssh://user@hostname

Run a test on a remote host via SSH using SSH agent private key authentication

>_ inspec exec test.rb -t winrm://Administrator@windowshost --password 'your-password'

Run a test on a remote Windows host via WinRM with password authentication

>_ inspec exec test.rb -t winrm://windowshost --user 'UserName@domain' --password 'your-password'

Run a test on a remote Windows host via WinRM as a domain user with password authentication

>_ inspec exec test.rb -t docker://container_id

Run a test inside a Docker container

Security Frameworks

Discovery

Defense Evasion

Collection

Credential Access

Impact

Usage Insights

Integrate InSpec tests into CI/CD pipelines to enforce compliance early in the development lifecycle.
Use InSpec for continuous compliance monitoring across hybrid and cloud environments to reduce audit overhead.
Leverage InSpec's human- and machine-readable language to create custom compliance profiles tailored to organizational policies.
Combine InSpec with configuration management tools like Chef or Ansible for automated remediation workflows.
Utilize InSpec's remote execution capabilities to perform security assessments on ephemeral infrastructure such as containers and cloud instances.