Mondoo and cnspec
cnspec is a core component of Mondoo Platform. Think of it as both the CLI for Mondoo and part of its engine. This cross-platform binary evaluates systems and exposes misconfigurations and vulnerabilities that put your organization at risk. It's what enables Mondoo to assess and secure the IT infrastructure that powers your critical business systems.
You can invoke cnspec directly from the command line to assess the local host, perform agentless scans of remote assets, or remotely query IT infrastructure using MQL. It can also run automatically as a background service.
When combined with Mondoo Platform's management capabilities, cnspec can continuously assess your business-critical systems according to the policies you apply. Mondoo reports any deviation from those policies so that you can take immediate action.
$ cnspec scan
→ Connecting to your local system. To learn how to scan other platforms, use the --help flag.
→ no Mondoo configuration file provided, using defaults
! No credentials provided. Switching to --incognito mode.
→ discover related assets for 1 asset(s)
Bob Bobberson ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% score: LOW
Asset: (macOS) Bob Bobberson
----------------------------
Passing:
✓ Control access to audit records
✓ Disable Bonjour advertising service
✓ Disable Content Caching
✓ Disable File Sharing
✓ Disable Internet Sharing
✓ Disable Media Sharing
✓ Disable Printer Sharing
✓ Disable Remote Apple Events
✓ Disable Remote Login
✓ Disable Remote Management
✓ Disable Screen Sharing
✓ Do not enable the "root" account
✓ Enable "Show Wi-Fi status in menu bar"
✓ Enable FileVault
✓ Enable Firewall
✓ Enable Firewall Stealth Mode
✓ Enable Gatekeeper
✓ Enable security auditing
✓ Ensure AirDrop Is Disabled
✓ Ensure EDR Agent is installed
✓ Ensure EDR Agent is running
✓ Ensure Firewall is configured to log
✓ Ensure NFS server is not running
✓ Ensure automatic checking of software updates enabled
✓ Ensure automatic download of software updates enabled
✓ Ensure critical updates are installed automatically
✓ Ensure http server is not running
✓ Ensure macOS is up to date
✓ Ensure security auditing retention
✓ Password Age
✓ Password History
✓ Retain install.log for 365 or more days with no maximum size
✓ Set a minimum password length
Failing:
✕ MEDIUM (40): Reduce the sudo timeout period
. Skipped: Disable Bluetooth Sharing
. Skipped: Ensure macOS Kernel Code Execution Vulnerability CVE-2023-32434 is not on the system
Scanned 1 asset
macOS
LOW (1): Bob Bobberson
Communication matrix, IPs, and DNS names
For Mondoo to function properly in your environment, these communications must be allowed:
| From | To | Port |
|---|---|---|
| Command line | Mondoo backend (*.api.mondoo.com) | https/443 |
| Command line | Mondoo install scripts (install.mondoo.com) | https/443 |
| Command line | Mondoo package repositories (releases.mondoo.com) | https/443 |
| Your browser | Mondoo console (console.mondoo.com) | https/443 |
These are the DNS names and static IP addresses for Mondoo Platform:
| DNS name | IP address |
|---|---|
| us.api.mondoo.com | 34.160.242.34 |
| eu.api.mondoo.com | 34.102.168.217 |
| releases.mondoo.com | 34.110.159.213 |
| install.mondoo.com | 34.110.159.213 |
Learn more
- To learn more about cnspec, read What Is cnspec?.
- To learn how to register cnspec, read Register cnspec.