Best practices for server hardening and patching have been in place for decades, but it’s still very cumbersome to enforce those rules continuously. As a result, many servers are still unsecured. However, as the amount of server infrastructure increases, the ways we manage our systems must adapt to keep pace. We need tools that enable us to implement compliance automation.
Christoph Hartmann and Dominik Richter offer an overview of InSpec—an open source tool for infrastructure, security, and compliance testing—and demonstrate how patch and security level can be assessed in CI/CD and production environments. InSpec’s DSL is a human and machine-readable assessment language that is extendable and customizable. Since testing can be fully automated with InSpec, companies are enabled to assess and enforce secure configuration across their IT fleet.
Christoph Hartmann is a cofounder and lead engineer at Chef, where he has spent the last decade building complex software and infrastructure systems. Previously, Christoph was responsible for automation at the innovation laboratory at Deutsche Telekom and created effective solutions managing the future their core networks. He is the cofounder of InSpec, Chef Compliance, and the dev-sec.io project.
Dominik Richter is a product manager at Chef, an entrepreneur, and a leading expert in both security and automation. Dominik honed his abilities at Deutsche Telekom, where he headed the security of Telekom’s first OpenStack Cloud. He is a cofounder of InSpec, Chef Compliance, and the dev-sec.io project.
©2017, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org