-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAWS-RunInspecChecks-20201211.sh
70 lines (58 loc) · 2.37 KB
/
AWS-RunInspecChecks-20201211.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
#!/bin/sh
# Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
# Permission is hereby granted, free of charge, to any person obtaining a copy of this
# software and associated documentation files (the "Software"), to deal in the Software
# without restriction, including without limitation the rights to use, copy, modify,
# merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
# PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
# Shell script to install InSpec and run checks.
# Results are reported to Compliance to after the run.
export HOME=/root
set -eo pipefail
# Install Chef Workstation if not already installed
CHEF_WORKSTATION_UNINSTALL=0
if ! [ -x "$(command -v chef)" ]; then
echo "Installing Chef Workstation"
curl -sS https://omnitruck.chef.io/install.sh | bash -s -- -c stable -P chef-workstation >> /dev/null 2>&1
if [ $? -ne 0 ]; then
echo "Failed to install Chef Workstation"
exit 1
fi
CHEF_WORKSTATION_UNINSTALL=1
else
echo "Using existing Chef"
fi
# Use the Chef version of Ruby
eval "$(chef shell-init sh)"
# Ensure aws-sdk-ssm is installed
gem install --no-document aws-sdk-ssm
# Run InSpec tests against this server and report compliance
EXITCODE=0
echo "Executing InSpec tests"
# Accept Chef license
export CHEF_LICENSE=accept-no-persist
# unset pipefail as InSpec exits with error code if any tests fail
set +eo pipefail
inspec exec . -t aws:// --config config.json
if [ $? -ne 0 ]; then
echo "Failed to execute InSpec tests: see stderr"
EXITCODE=2
fi
# Uninstall Chef Workstation if we installed it above
if [ "$CHEF_WORKSTATION_UNINSTALL" = "1" ]; then
# use the appropriate package manager
echo "Uninstalling Chef Workstation"
if [ -x "$(command -v yum)" ]; then
PACKAGE=`rpm -qa chef-workstation`
yum remove -y $PACKAGE >> /dev/null 2>&1
else
dpkg -P chef-workstation >> /dev/null 2>&1
fi
fi
exit $EXITCODE