Set Up Chef InSpec with Optional Chef Infra Server and Chef Automate in Three Easy Steps

1. Download, Install and Configure Chef Workstation

Chef Workstation provides all the tools you need to start working with Chef InSpec, including the knife and Cookstyle. Install it on your laptop.

After installing, optionally configure Chef Workstation with knife. Answer the on-screen questions to auto-create the .chef/credentials configuration file that integrates your laptop with Chef Infra Server and Chef Automate.

$ knife configure init-config

2. Scan a Node Using a Windows or Linux DevSec Benchmark

Without having to create your own code or installing an agent, you can immediately use Chef InSpec to scan your target nodes using publicly available InSpec profiles:

Windows targets:

> inspec exec https://github.com/dev-sec/windows-baseline -t
   winrm://winserver.example.com --user Admin --password 'mypassword'

Linux targets:

$ inspec exec https://github.com/dev-sec/linux-baseline -t
   ssh://[email protected] -i ~/.ssh/id_rsa

3. Connect Chef Workstation to Chef Automate and Chef Infra Server

Chef Infra Server stores all your Chef code, including InSpec profiles, and distributes that content to all your on-prem, cloud and edge nodes.

If your organization already has modern Chef, contact your Chef Administrator to set up access credentials to use with Chef Workstation.

If you want to start from scratch, create a Linux VM or cloud instance, login as an elevated user, and run the following command to install both Chef Infra Server and Chef Automate:

$ sudo hostnamectl set-hostname $(hostname –f) && \
  sudo sysctl -w vm.max_map_count=262144 && \
  sudo sysctl -w vm.dirty_expire_centisecs=20000 && \
  ./chef-automate deploy --product automate --product infra-server

Log into your Chef Automate dashboard (URL, username and password available in ~/automate-credential.toml on your Automate server) and add your server under the Infrastructure tab: