Mondoo 5.18.0 is out!
Announcing the 5.18 release of Mondoo, the security and compliance platform that prioritizes risks that matter most in your infrastructure.
๐ฅณ mondoo 5.18.0 is out!
๐ NEW FEATURES
** Use Mondoo to verify certificate chains **
You can now use the isVerified field on the certificate resource
to check whether or not a certificate chain is valid:
tls("mondoo.com").certificates {
subject.commonName
isVerified
}tls.certificates: [
0: {
isVerified: true
subject.commonName: "mondoo.com"
}
1: {
isVerified: true
subject.commonName: "R3"
}
2: {
isVerified: true
subject.commonName: "ISRG Root X1"
}
]** Use Mondoo to query CloudWatch metrics on AWS resources **
Mondoo can now pull CloudWatch statistics for AWS resources. For instance, you can use Mondoo to query the number of invocations and errors for a Lambda function. This can be used to assess error rates, or to detect un-used resources.
Note: Mondoo queries CloudWatch Statistics for the last 24h of data, in 1h intervals.
aws.cloudwatch.metricstatistics(namespace: "AWS/EBS", region: "us-east-1", name: "VolumeTotalReadTime") {
label
datapoints {
maximum
average
sum
}
}aws.cloudwatch.metricstatistics: {
datapoints: [
0: {
average: 0.0004509803921568627
maximum: 0
sum: 0.22999999999999998
}
]
label: "VolumeTotalReadTime"or
aws.cloudwatch.metrics {
name
namespace
statistics {
label
datapoints
}
} 1512: {
statistics: {
datapoints: []
label: "CallCount"
}
namespace: "AWS/Logs"
name: "CallCount"
}
1513: {
statistics: {
datapoints: []
label: "CallCount"
}
namespace: "AWS/Usage"
name: "CallCount"
}
1514: {
statistics: {
datapoints: []
label: "ThrottleCount"
}
namespace: "AWS/Usage"
name: "ThrottleCount"
}
1515: {
statistics: {
datapoints: []
label: "CallCount"
}
namespace: "AWS/Usage"
name: "CallCount"
}** Enhanced assessment of yum repo file contents through file field **
Prior to this release, Mondoo could display a list of all configured yum repos. With this new improvement, Mondoo can now not only list all the configured repositories, but inspect the file for each yum repo definition in /etc/yum.repos.d.
With the new file field, the contents are also now available
to Mondoo:
yum.repos {
name
file {
path
content
}
}yum.repos: [
0: {
name: "AlmaLinux 8 - AppStream"
file: {
path: "/etc/yum.repos.d/almalinux.repo"
content: "# almalinux.repo
[baseos]
name=AlmaLinux $releasever - BaseOS
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/baseos
# baseurl=https://repo.almalinux.org/almalinux/$releasever/BaseOS/$basearch/os/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
[appstream]
name=AlmaLinux $releasever - AppStream
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/appstream
# baseurl=https://repo.almalinux.org/almalinux/$releasever/AppStream/$basearch/os/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
[extras]
name=AlmaLinux $releasever - Extras
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/extras
# baseurl=https://repo.almalinux.org/almalinux/$releasever/extras/$basearch/os/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
## Sources
[baseos-source]
name=AlmaLinux $releasever - BaseOS Source
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/baseos-source
# baseurl=https://repo.almalinux.org/almalinux/$releasever/BaseOS/Source/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
[appstream-source]
name=AlmaLinux $releasever - AppStream Source
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/appstream-source
# baseurl=https://repo.almalinux.org/almalinux/$releasever/AppStream/Source/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
[extras-source]
name=AlmaLinux $releasever - Extras Source
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/extras-source
# baseurl=https://repo.almalinux.org/almalinux/$releasever/extras/Source/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
## Debuginfo
[baseos-debuginfo]
name=AlmaLinux $releasever - BaseOS debuginfo
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/baseos-debuginfo
# baseurl=https://repo.almalinux.org/almalinux/$releasever/BaseOS/debug/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
[appstream-debuginfo]
name=AlmaLinux $releasever - AppStream debuginfo
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/appstream-debuginfo
# baseurl=https://repo.almalinux.org/almalinux/$releasever/AppStream/debug/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
[extras-debuginfo]
name=AlmaLinux $releasever - Extras debuginfo
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/extras-debuginfo
# baseurl=https://repo.almalinux.org/almalinux/$releasever/extras/debug/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
"
}
}
...
}** Use Mondoo to test that files exist, but have no content **
Mondoo can now detect that an empty file exists at an expected location. One common use case for this test is to detect files written in error to a location that would otherwise be a filesystem or chroot mount point.
We've added a new field to the file resource to query
if the file or directory is empty:
file('/my/empty/file').empty;file.empty: true๐งน IMPROVEMENTS
- The AWS integration reports long-failing CloudFormation update
- Save more information to improve assessments
- Add support for Rocky Linux
- Add support for AlmaLinux
๐ BUG FIXES AND UPDATES
- Fix bug where AWS Lambda environment would get too big and fail to update
- Fix queries that were not working in the Mondoo AWS Baseline policy
Mondoo 5.19.0 is out!
Announcing the 5.19 release of Mondoo, the security and compliance platform that prioritizes risks that matter most in your infrastructure.
Mondoo 5.17.1 is out!
Announcing the 5.17 release of Mondoo, the security and compliance platform that prioritizes risks that matter most in your infrastructure.