19 Nisan 2018 Perşembe

Security Auditing with InSpec

InSpec is a tool from CHEF. With InSpec you can ,

  • Audit Policies
  • Check security requirements
  • Conduct compliance checks

InSpec can be installed on Linux, Mac or Windows. InSpec rules are written in ruby files.

I will give you some examples from the github repo about this amazing tool.

describe package('telnetd') do
  it { should_not be_installed }

describe inetd_conf do
  its("telnet") { should eq nil }

This rule will check the system against the installation of telnet and disallow this insecure service.

To run inspec save the above code snippet to a test.rb fie and in the command prompt run the following command to conduct the test.

inspec exec test.rb
you can also test this requirements against to remote systems.

on your linux servers using ssh ,

inspec exec test.rb -t ssh://user@hostname

or on windows through WinRM

inspec exec test.rb -t winrm://Administrator@windowshost --password 'your-password'

if you are familiar with CHEF compliance check, you can also make compliance check with the following syntax

  inspec compliance SUBCOMMAND ...   # Chef Compliance commands

For example this code uses the sshd_config resource to ensure that only enterprise-compliant ciphers are used for SSH servers.

describe sshd_config do
  its('Ciphers') { should cmp('chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr') }

You can see detailed tutorials in the following link 

Hiç yorum yok:

Yorum Gönder