Continuous Delivery of Habitat Packages with Chef Automate

This post was originally published on the SysAdvent blog on December 21, 2017. Introduction Habitat by Chef is a framework for building, deploying, and running any kind of application. Chef’s blog has a good introductory series on the concepts behind Habitat, and the Habitat tutorial is a good place to start learning. In this post, I’m […]

Read More

You Got Unix In My Ruby!

Or: Writing Ruby test code to verify Unix/Linux systems for auditing purposes Many organizations must adhere to PCI-DSS requirements, or similar standards. However, those standards are often not specific, so we cannot rely on them to give implementation details. The CIS Benchmarks provide technical recommendations with specific commands and scripts to audit systems, and remediate […]

Read More

System Archaeology Through Testing

As you may be aware, I have been working on a Chef audit-mode cookbook that implements the CIS Benchmarks. I recently added coverage for Ubuntu 14.04. In this post, I want to share a discovery about OS-level configuration that is inherently against the recommendation from the benchmark, and the way users can remediate this using […]

Read More

Chef Audit Mode Introduction

I have been working with the audit mode feature introduced in Chef version 12.1.0 – previously announced was the audit-cis cookbook. Audit mode allows users to write custom rules (controls) in Chef recipes using new DSL helpers. In his ChefConf 2015 talk, “Compliance At Velocity,” James Casey goes into more of the background and reasoning […]

Read More