Chef Compliance 1.0 is now available from the Chef downloads site. This is a major release update which is recommended for all users of Chef Compliance.
We enhanced capabilities for Chef Compliance to enable automated management of compliance policies that are based on the broadly used Center for Internet Security (CIS) benchmarks. Users can now implement CIS and other compliance policies as code, called “compliance profiles”. In addition, Chef Compliance offers an enhanced Windows experience by allowing users to import Windows policies from the Microsoft Security Compliance Manager.
Our full product announcement is available via this recorded webinar:
Here are the enhancements and bug fixes included in this release:
- More CIS content: CentOS 6 and 7, Ubuntu 12.04 and 14.04. Additional profiles will be provided in the next releases.
- Uses InSpec 0.17.1. Provides plugins for Microsoft SCCM and SCAP content, along with many bug fixes.
- Chef Server authentication integration and ability to view Compliance reports for Chef Server managed nodes that use the `audit` cookbook or resources.
- The licensed node count can be modified. Instructions here.
- Improve output for connectivity errors.
- User environments loaded in Organizations after reports.
- Sort Organizations in the Navigation dropdown.
- Fix embedded pry that ships with the Chef Compliance package.
Upgrade instructions for Chef Compliance are found here.
Many thanks to those that installed the dot releases and gave us valuable feedback!
Since this is a major release upgrade, we recommend to backup the database before the upgrade. You can do this using these two bash commands:
export THEDATE=$(date '+%Y-%m-%d-%H-%M-%S') su - chef-pgsql -c "/opt/chef-compliance/embedded/bin/pg_dumpall -c | gzip --fast > /tmp/postgresql-dump-$THEDATE.gz"
In the event that a database restore is needed, it can be done with the following command:
gunzip -c /tmp/postgresql-dump-$THEDATE.gz | su - chef-pgsql -c "/opt/chef-compliance/embedded/bin/psql -d postgres"