rules 'local-user-account-creation'
rule on run_resource
when
resource_type = 'user'
and
resource_result = 'create'
then
alert:warn('Local user account {{message.resource_name}} created on {{message.run.node_name}}')
notify('slack', '
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version='1.0' encoding='UTF-8'?> | |
<project> | |
<actions/> | |
<description></description> | |
<keepDependencies>false</keepDependencies> | |
<properties> | |
<com.coravy.hudson.plugins.github.GithubProjectProperty plugin="github@1.11"> | |
<projectUrl>https://github.com/smford22/sample-cookbook/</projectUrl> | |
</com.coravy.hudson.plugins.github.GithubProjectProperty> | |
<hudson.model.ParametersDefinitionProperty> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version='1.0' encoding='UTF-8'?> | |
<project> | |
<actions/> | |
<description></description> | |
<keepDependencies>false</keepDependencies> | |
<properties> | |
<com.coravy.hudson.plugins.github.GithubProjectProperty plugin="github@1.11"> | |
<projectUrl>https://github.com/smford22/chef-repo/</projectUrl> | |
</com.coravy.hudson.plugins.github.GithubProjectProperty> | |
<hudson.model.ParametersDefinitionProperty> |
rules 'updated-resources'
rule on run_converge
when
updated_resource_count > 0
then
notify('slack', '
{
"username": "Chef Server",
"icon_emoji": ":chef:",
rules 'failed-audit'
rule on run_control_group
when
status != 'success'
then
alert:warn('{{message.cookbook_name}} {{message.recipe_name}} audit failed')
notify('slack', '
{
"username": "Audit Alarm",
Demo how to setup accessing the Chef Compliance server's api and some of the useful things you can do with it.
In order to make requests against the Chef Compliance's API you need to have a token to authenticate. There are two types of token:
- Refresh Tokens - A long-lived token that can be used to initially identify with the service, in exchange for an
access token
- Access Tokens - A short-lived (12 hours) and used for every request against the API.
There are a couple of ways to get refresh tokens
and access tokens
which are explained on the doc.chef.io
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"version": "2", | |
"build_cookbook": { | |
"name": "build_cookbook", | |
"path": ".delivery/build_cookbook" | |
}, | |
"delivery-truck": { | |
"publish": { | |
"chef_server": true | |
} |
name "base_linux"
description "A base role for all linux nodes"
run_list 'recipe[cookbook::recipe]', 'recipe[cookbook::recipe]'
default_attributes({
"audit" => {
"collector" => "chef-server-visibility",
"profiles" => [
{
"name" => 'linux-patch-baseline',