Chef Automate Compliance

Summary

How can you ensure that your systems are secure without slowing down your deployments? With Chef Automate compliance, you express your security requirements as code and automate the assessment and remediation of your infrastructure.

Description

In the instructor-led Chef Automate compliance course, you will learn how to use the Chef Automate compliance UIs, perform compliance scans against Windows and Linux nodes, and remediate compliance issues.

In addition, you will learn how to use InSpec, Chef’s open source testing framework for infrastructure. You will create and modify compliance profiles and also locate Department of Defense (DoD) compliance specifications that you can use as a basis for an InSpec compliance profile.  You will also learn how to use the Chef audit cookbook, which allows you to run InSpec profiles as part of the chef-client run. This course includes hands-on exercises to reinforce the material.

One day course agenda:

  • Chef Automate compliance overview
  • Using the Chef Automate UI and the Chef compliance server UI
  • Running compliance scans, remediating issues, and re-scanning nodes
  • Creating and managing custom compliance profiles using InSpec
  • Using the audit cookbook
  • Applying compliance frameworks using InSpec (translating DoD specifications into compliance tests)
  • Scheduling scans and running reports
  • Managing users, organizations, teams and permissions

Workstation requirements

For in person classes, you will need a WiFI enabled laptop with a Remote Desktop Client that supports Remote Desktop Protocol (RDP). For example:

  • Windows 7 or higher with Remote Desktop Connection
  • Mac OS X 10.11 (El Capitan) with Microsoft Remote Desktop
  • Ubuntu 14.04 with Remmina Remote Desktop Client

Attendees should have administrative access to the laptop.

Student requirements

It’s best that learners have some familiarity with:

  • Writing code (of just about any flavor) in a text editor such as Atom, Visual Studio Code
  • Working on the command line

Duration

7 hours