In this article you will find:

  1. Technical Overview

  2. How to configure Chef connector

  3. How to generate cookbooks via Vulcan

  4. How to use Chef in playbooks

  5. Chef on-premise

1. Technical Overview

Vulcan's Chef connector enables users to push auto-generated cookbooks into your Chef server.
The cookbook will contain:

  • run_list file - Used to add Run List items (recipes) to a node.

  • recipes - fixes that were generated by Vulcan

Basic flow:

2. Configuring Chef connector

In the Connectors page, click on Add a Connector

Click on Chef connector

Upload the relevant files:
 
Knife.rb file -  File used to specify the chef-repo-specific configuration details for knife. More details of how to configure knife.rb can be found here

Pem file - Used for authentication

Click on Create

  • You can see the connector's process under the Log tab

3. Generating cookbooks via Vulcan

Note: This feature will be enabled only if the vulnerability can be fixed by Chef - meaning, at least one of the assets is a Chef client and the OS is one of the following:

  • RedHat

  • CentOS

  • Ubuntu

To generate a recipe for a vulnerability, simply click on Take Action and Deploy a patch

Go to Generate Chef scripts.
If you have more than one Chef server, you can choose which one to deploy the cookbook.
Also Vulcan offers 3 types of fallback options in the case the generated solution was not completed:
Fallback to the latest package version -  If the specific package version was not found, then update to the latest version available.
Skip to the next solution - Try to deploy the next generated recipe.
Stop the deployment - Do not try to perform additional action.

In addition, you can click on Download scripts to view the generated cookbook

Click on Deploy fix
The cookbook is now added to Run List in the Chef server. 

4. How to use Chef in playbooks

You can automatically generate and add to the run list Chef's cookbook using Vulcan's Automation module.
Go to Automation --> Create New Playbook

  1. Name your playbook.

  2. Choose which vulnerabilities you want to fix - For example, each vulnerability that came from Qualys, and the affected package is 'vim', where the asset is managed by Chef.

  3. Choose remediation action 'Generate Chef scripts'. Choose a fallback method as mentioned above (under 'Generating cookbooks via Vulcan').

  4. Click Save

5. Chef On-Premise

Vulcan's Chef connector is also available for on-premise versions of Chef.

Once the connector is configured, all abilities as the cloud version will be available

Pre-requisite

  • Allow access from Vulcan to Chef server by using Vulcan Gateway

  • Supported version: Chef 12.17

  • Chef server Internal IP - Note that any change in the

How to configure Chef on-premise

  1. Once the Vulcan Gateway is up and running, enable the Use Vulcan Gateway toggle in the Chef connector.

  2. Type the Chef's server internal IP

  3. Upload knife.rb file

  4. Upload .pem file

Did this answer your question?