![]() While audit mode is related to Chef Analytics, you do not need Chef Analytics to use it. * Chef Recipe DSL and controls Do I need to use Chef Analytics? Read more about audit mode in the Chef Documentation Chef audit mode can be used with Chef Analytics for further analysis, or rules that send notifications. It implements new Chef Recipe DSL methods, control_group and control for performing audit validations using Serverspec (and thus RSpec). It '1.2.2 Verify that gpgcheck is Globally Activated' doĮxpect(file('/etc/yum.conf').content).to match(/^gpgcheck=1/)Ĭhef Audit Mode is a feature of Chef introduced in version 12.1. control_group '1 Install Updates, Patches and Additional Security Software' doĬontrol '1.2 Configure Software Updates' do ![]() Implemented in audit mode, that is an it block within a control block, which is within a control_group block. For example, 1.2.2 in the CentOS 7 benchmark says “verify that gpgcheck is globally activated.” To audit that the system complies, the benchmark says: % grep ^gpgcheck /etc/yum.conf The cookbook implements control groups and controls for the various sections of the benchmark, using the “audit” steps implemented in Chef’s audit mode controls. They have a scoring system, and two levels. This release targets CentOS 7, CIS Benchmark version 1.0.0.ĬIS Benchmarks are consensus based security recommendations for various operating systems, platform distributions, or commonly used applications. This is an “audit mode only” cookbook that runs on a node to check for compliance with The Center for Internet Security (CIS) benchmark for a specific platform. Today we’ve released an initial version of audit-cis. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |