[chef] Auditing file checksums

[Daniel Gutierrez < >]

Hello Chefs,

We are trying to migrate all of our Puppet security audit functionality to Chef,

however, we don't see an easy way to monitor file checksums

for security audits. For example in Puppet this is easy with a line like:

file {"/etc/at.deny": mode=>"600", owner=>"root", group=>"root", checksum=>"
md5", audit=>all; }

Puppet will log the checksum of a file, and compare it on each subsequent run.

The Chef file resource has no checksum, or audit option similar to the Puppet file resource.

I found some references to the "remote_file" resource but this seems geared toward

downloading files remotely, not auditing files in place.

Has anyone done something like this with Chef before?

Any pointers would be greatly appreciated.

Regards,

Daniel