Mondoo 5.14.0 is out!
Announcing the 5.14 release of Mondoo, the security and compliance platform that prioritizes risks that matter most in your infrastructure.
๐ฅณ mondoo 5.14.0 is out!
๐ NEW FEATURES
Terraform Transport
This release adds support to scan Terraform HCL files.
mondoo shell -t terraform:// --option path=path/to/tf
mondoo > terraform.blocks { nameLabel type arguments }terraform.blocks: [
0: {
arguments: {
most_recent: {
type: "bool"
value: true
}
owners: {
type: "tuple([string])"
value: [
0: "self"
]
}
tags: {
type: "object({Name=string,Tested=string})"
value: null
}
}
type: "data"
nameLabel: "aws_ami"
}
1: {
arguments: {
source: {
type: "string"
value: "hashicorp/consul/aws"
}
version: {
type: "string"
value: "0.11.0"
}
}
type: "module"
nameLabel: "consul"
}
...
}MQL glob fields
You can now ask the shell to print all the fields using *.
mondoo > sshd.config { * }sshd.config: {
macs: []
file: file id = /etc/ssh/sshd_config
ciphers: []
params: {
AuthorizedKeysFile: ".ssh/authorized_keys"
ChallengeResponseAuthentication: "no"
Port: "22"
PrintMotd: "no"
Subsystem: "sftp /usr/lib/ssh/sftp-server"
UsePAM: "yes"
}
kexs: []
content: "# $OpenBSD: sshd_config..."
}DNS DKIM Record Parsing
This release improves the previously released dns resource with the ability to
parse DKIM TXT records.
dns("google._domainkey.mondoo.com").records { type rdata }dns.records: [
0: {
type: "TXT"
rdata: [
0: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3E9IavfvGHiENM/bFBTJfRLBUE1PV9f2q2mbYOHu2d1zZ3VB22sXnpGN6TV1m8Tq8zUWlXPgkApOaSF/+zRqBuyF6ci1rmcfvFCAHdERXy37bFgi0/EkoslaqEZel4eddqqWt93KuwydPL2jEhd01M+PGbfFfCu65iZFW107u0PhlXWZG0iJbFsBNdp4mKXI4CxWNlVb0xPr0kcYaE0eAi+EcnG5QHONv5cQrQJ6ncUNehV0caUKWibIKTKPmwttPTyTYbF6sWY7olT9FAgbGz5flHHqBVWPXsf5Jivv5HbsJLTdejAvQwm7e+w0S//OFafffZUXgF/yNB4HczZiQIDAQAB"
]
}
]Now a dns("google._domainkey.mondoo.com").dkim returns the value and offers a valid method to verify if the public key is parsable:
dns("google._domainkey.mondoo.com").dkim {
keyType
version
notes
serviceTypes
flags
publicKeyData
valid
}dns.dkim: [
0: {
notes: ""
publicKeyData: "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3E9IavfvGHiENM/bFBTJfRLBUE1PV9f2q2mbYOHu2d1zZ3VB22sXnpGN6TV1m8Tq8zUWlXPgkApOaSF/+zRqBuyF6ci1rmcfvFCAHdERXy37bFgi0/EkoslaqEZel4eddqqWt93KuwydPL2jEhd01M+PGbfFfCu65iZFW107u0PhlXWZG0iJbFsBNdp4mKXI4CxWNlVb0xPr0kcYaE0eAi+EcnG5QHONv5cQrQJ6ncUNehV0caUKWibIKTKPmwttPTyTYbF6sWY7olT9FAgbGz5flHHqBVWPXsf5Jivv5HbsJLTdejAvQwm7e+w0S//OFafffZUXgF/yNB4HczZiQIDAQAB"
version: "DKIM1"
flags: []
valid: true
serviceTypes: []
keyType: "rsa"
}
]๐งน IMPROVEMENTS
- support mondoo scan -t
scheme://without://. You can now justmondoo scan -t scheme - Add ability to load default ssh elliptic curve keys
- Try to detect a platform identifier consistent across transports when scanning EC2 instances
๐ BUG FIXES AND UPDATES
- Fix bug where the
tlsresource would panic with concurrent map access - Fix bug with
machineresource on Linux where it would error out withcould not retrieve smbios info for platform: read /sys/class/dmi/id: is a directory - Fix
aws.accessAnalyzerresource
Mondoo 5.14.1 is out!
Announcing the 5.14.1 release of Mondoo, the security and compliance platform that prioritizes risks that matter most in your infrastructure.
Mondoo 5.13.0 is out!
Announcing the 5.13 release of Mondoo, the security and compliance platform that prioritizes risks that matter most in your infrastructure.