Mondoo Operating Systems (OS) Resource Pack Reference
The Operating Systems (OS) resource pack lets you use MQL to query and assess the security of your operating system packages and configuration.
Resources included in this pack:
| ID | DESCRIPTION |
|---|---|
| asset | |
| asset.eol | |
| audit.advisory | Platform/package advisory |
| audit.cve | Common Vulnerabilities and Exposures (CVEs) |
| audit.cvss | Common Vulnerability Scoring System (CVSS) score |
| auditpol | Windows audit policies |
| auditpol.entry | Windows audit policy |
| authorizedkeys | List of SSH authorized keys |
| authorizedkeys.entry | SSH authorized key |
| command | Results of running a command on the system |
| container.image | Container image |
| container.repository | Container registry repository |
| docker | Docker host resource |
| docker.container | Docker container |
| docker.file | Dockerfile resource |
| docker.file.add | Dockerfile ADD instructions |
| docker.file.copy | Dockerfile COPY instructions |
| docker.file.expose | Dockerfile EXPOSE instruction |
| docker.file.from | Dockerfile FROM instructions |
| docker.file.run | Dockerfile RUN instructions |
| docker.file.stage | Dockerfile stages |
| docker.file.user | Dockerfile USER instructions |
| docker.image | Docker image |
| file | File on the system |
| file.permissions | Access permissions for a given file |
| files | |
| files.find | Find files on the system |
| fstab | |
| fstab.entry | |
| group | Group on this system |
| groups | Groups configured on this system |
| ip6tables | IPv6 tables |
| iptables | IPv4 tables |
| iptables.entry | |
| kernel | System kernel information |
| kernel.module | System kernel module information |
| kubelet | Kubernetes kubelet configuration |
| logindefs | Shadow password suite configuration |
| lsblk | Unix list block devices |
| lsblk.entry | Unix block device |
| machine | |
| machine.baseboard | SMBIOS baseboard (or module) information |
| machine.bios | SMBIOS BIOS information |
| machine.chassis | SMBIOS system enclosure or chassis |
| machine.system | SMBIOS system information |
| macos | macOS specific resources |
| macos.alf | macOS application layer firewall (ALF) service |
| macos.systemExtension | macOS system extension |
| macos.systemsetup | macOS machine settings |
| macos.timemachine | macOS Time Machine |
| mondoo.eol | Platform end-of-life information |
| mount | Unix mounted file system |
| mount.point | Unix mount point |
| npm.package | |
| npm.packages | npm packages |
| ntp.conf | NTP service configuration |
| os | Operating system information |
| os.base | |
| os.linux | |
| os.rootCertificates | Operating system root certificates |
| os.unix | |
| os.update | Operating system update information |
| package | Package on the platform or OS |
| packages | List of packages on this system |
| pam.conf | PAM configuration (pluggable authentication module) |
| pam.conf.serviceEntry | |
| parse.certificates | Parse certificates from files |
| parse.ini | Parse INI files |
| parse.json | Parse JSON files |
| parse.openpgp | Parse OpenPGP from files |
| parse.plist | Parse plist files |
| parse.yaml | Parse YAML files |
| pkgFileInfo | |
| platform | |
| platform.advisories | All platform/package advisories |
| platform.cves | All platform/package CVEs |
| platform.eol | Deprecated; will be removed in version 12.0 |
| port | TCP/IP port on the system |
| ports | TCP/IP ports on the system |
| powershell | Results of running a PowerShell script on the system |
| privatekey | Private key resource |
| process | Process on this system |
| processes | Processes available on this system |
| python | Python package details found on the operating system image |
| python.package | Python package information |
| registrykey | Windows registry key |
| registrykey.property | Windows registry key property |
| rsyslog.conf | rsyslog service configuration |
| secpol | Windows local security policy |
| service | Service on this system |
| services | Services configured on this system |
| shadow | Shadowed password file |
| shadow.entry | Shadowed password file entry |
| sshd | SSH server resource |
| sshd.config | SSH server configuration |
| sshd.config.matchBlock | |
| user | User on this system |
| users | Users configured on this system |
| vuln.advisory | Advisory information |
| vuln.cve | CVE information |
| vuln.package | Package information relevant for vulnerability management |
| vulnmgmt | Vulnerability Information |
| windows | Windows-specific resource to get operating system details |
| windows.bitlocker | Windows BitLocker |
| windows.bitlocker.volume | Windows BitLocker volume |
| windows.feature | Deprecated. Use windows.serverFeature instead |
| windows.firewall | Windows Firewall resource |
| windows.firewall.profile | Windows Firewall profile entry |
| windows.firewall.rule | Windows Firewall rule entry |
| windows.hotfix | Windows hotfix resource |
| windows.optionalFeature | Windows optional feature resource (desktop-only) |
| windows.security | |
| windows.security.health | Health of the Windows security provider |
| windows.security.product | Private Windows security product |
| windows.serverFeature | Windows Server feature resource |
| yum | Yum package manager resource |
| yum.repo | Yum repository resource |