cookbook 'inspec-cron', '~> 0.3.0'
The inspec-cron cookbook has been deprecated
Author provided reason for deprecation:
The inspec-cron cookbook has been deprecated and is no longer being maintained by its authors. Use of the inspec-cron cookbook is no longer recommended.
You may find that the inspec_cron cookbook is a suitable alternative.
inspec-cron (1) Versions 0.3.0 Follow0
Installs/Configures inspec-cron
cookbook 'inspec-cron', '~> 0.3.0', :supermarket
knife supermarket install inspec-cron
knife supermarket download inspec-cron
inspec-cron
Schedules InSpec runs via cron. This is useful when the chef-client is not daemonized but you still wish to periodically run compliance scans. This cookbook leverages the chef-ingredient cookbook's inspec recipe to ensure InSpec is installed.
Attributes from other cookbooks
If you want to specify the version of InSpec, set the following:
node['inspec-cron']['version'] = '3.7.1'
If you are using the chef-client cookbook the following attributes will be reused if available. If not, you'll need to set them accordingly.
Location of the InSpec configuration file.
node['inspec-cron']['conf_dir'] = node['chef_client']['conf_dir']
Automate URL and token for reporting.
node['inspec-cron']['server_url'] = node['chef_client']['config']['data_collector.server_url']
node['inspec-cron']['token'] = node['chef_client']['config']['data_collector.token']
node['inspec-cron']['insecure'] = node['audit']['insecure']
Recipes
default
This includes the inspec-json
and profiles
recipes. They are separate in case you do not wish to generate an inspec.json file.
inspec-json
Writes out /etc/chef/inspec.json
configuration file, templatized with the relevant attributes. The location and filename may be overridden with node['inspec-cron']['conf_dir']
and node['inspec-cron']['conf_file']
respectively.
profiles
This recipe iterates over a hash of compliance profiles and their settings to create cron jobs to inspec exec
them. The default is to run every 12 hours, but you may provide your own cron schedule within the hash or override the defaults.
node['inspec-cron']['cron']['minute'] = '0'
node['inspec-cron']['cron']['hour'] = '*/12'
node['inspec-cron']['cron']['day'] = '*'
node['inspec-cron']['cron']['weekday'] = '*'
node['inspec-cron']['cron']['month'] = '*'
Currently only URLs are supported as a source for the compliance profiles. If you set any cron entries in your hash any unspecified cron expressions will be set to *
. Your hash will look something like this:
default['inspec-cron']['profiles'] = { 'linux-patch-baseline': { 'url': 'https://github.com/dev-sec/linux-patch-baseline/archive/0.4.0.zip', 'minute': '15', 'hour': '*/6' }, 'ssh-baseline': { 'url': 'https://github.com/dev-sec/ssh-baseline/archive/2.3.0.tar.gz', 'minute': '45' } }
Which produces cron entries like this:
# Chef Name: linux-patch-baseline
15 */6 * * * /opt/chef/embedded/bin/inspec exec https://github.com/dev-sec/linux-patch-baseline/archive/0.4.0.zip --json-config /etc/chef/inspec.json
# Chef Name: ssh-baseline
45 * * * * /opt/chef/embedded/bin/inspec exec https://github.com/dev-sec/ssh-baseline/archive/2.3.0.tar.gz --json-config /etc/chef/inspec.json
targets
This recipe configures the node to scan other machines with InSpec profiles. It iterates over a hash of nodes with settings specific to the node and a hash of the profiles and settings to use. Here is an example of a hash for scanning 2 nodes with profiles with their own cron settings.
default['inspec-cron']['targets'] = { '10.0.0.2': { 'profiles': { 'uptime': { 'url': 'https://github.com/mattray/uptime-profile', 'minute': '*/10', }, }, }, '10.0.0.3': { 'environment': 'foo', 'password': 'testing', 'profiles': { 'linux-patch-baseline': { 'url': 'https://github.com/dev-sec/linux-patch-baseline/', }, 'uptime': { 'url': 'https://github.com/mattray/uptime-profile', 'minute': '*/5', }, }, } }
Reporting to Automate via a Chef Server
If you do not want nodes directly reporting to Automate and they use a Chef Server, you can have them proxy their reports through the Chef Server. In the Chef Server config.rb
, set the following:
data_collector['root_url'] = 'https://your-chef-automate-server/data-collector/v0/'
data_collector['proxy'] = true
This works without requiring authentication with the Chef Server, only the Automate token is required.
License and Authors
- Author: Matt Ray matt@chef.io
- Copyright 2019, Chef Software, Inc
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Dependent cookbooks
chef-ingredient ~> 3.1.1 |
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
Collaborator Number Metric
0.3.0 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
0.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.3.0 passed this metric
No Binaries Metric
0.3.0 passed this metric
Testing File Metric
0.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.3.0 failed this metric
0.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.3.0 passed this metric
No Binaries Metric
0.3.0 passed this metric
Testing File Metric
0.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.3.0 passed this metric
0.3.0 passed this metric
Testing File Metric
0.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.3.0 failed this metric
0.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number