- Create Ubuntu VM in AWS (or whichever cloud provider you prefer)
- SSH into instance
$ sudo apt-get update
$ sudo apt install git
$ wget https://packages.chef.io/files/stable/inspec/3.0.9/ubuntu/18.04/inspec_3.0.9-1_amd64.deb
$ sudo dpkg -i inspec_3.0.9-1_amd64.deb
$ inspec --version
$ git clone https://github.com/dev-sec/nginx-baseline
$ inspec exec nginx-baseline
Will see this output at the end:
Profile Summary: 0 successful controls, 0 control failures, 16 controls skipped
Test Summary: 0 successful, 0 failures, 16 skipped
- On workstation
$ git clone https://github.com/dev-sec/nginx-baseline
$ cd nginx-baseline
$ hab plan init
- Open up plan file with your editor of choice
$ vim habitat/plan.sh
habitat/plan.sh
pkg_name=nginx-baseline
pkg_origin=nshamrell
pkg_version="2.0.2"
pkg_maintainer="The Habitat Maintainers <[email protected]>"
pkg_license=("Apache-2.0")
pkg_source=https://github.com/dev-sec/nginx-baseline/archive/2.0.2.tar.gz
pkg_shasum="b546c3940ce03d72f4bbb77503ecf792fd54e608cd729f6511c03e11c5cd0727"
pkg_deps=(chef/inspec)
pkg_bin_dirs=(bin)
do_build() {
return 0
}
do_install() {
# Add InSpec to bin for packaged profile
cp $(pkg_path_for inspec)/bin/inspec $pkg_prefix/bin/inspec
# Copy profile code into easily accessible directory
mkdir $pkg_prefix/$pkg_name
cp -r ./* $pkg_prefix/$pkg_name
}
- Enter a studio and build the package
$ hab studio enter
(studio) $ build
- After it's built, exit the studio and upload the package to Builder
(studio) $ exit
hab pkg upload ./results/nshamrell-nginx-baseline-2.0.2-<timestamp>.hart
- Make sure to promote it to stable!
- Create new VM in AWS (or Azure, GCP, etc.)
- SSH into that VM
- Install Habitat and create the appropriate users
$ curl https://raw.githubusercontent.com/habitat-sh/habitat/master/components/hab/install.sh | sudo bash
- Install the package you just created
$ sudo hab install nshamrell/nginx-baseline
$ sudo hab pkg binlink nshamrell/nginx-baseline
- Run the inspec profile
$ sudo inspec exec $(hab pkg path nshamrell/nginx-baseline)/nginx-baseline