Mondoo 5.18.0 is out!

Back to releases

🥳 mondoo 5.18.0 is out!

🎉 NEW FEATURES

Use Mondoo to verify certificate chains

You can now use the isVerified field on the certificate resource to check whether or not a certificate chain is valid:

MQLCopy
tls("mondoo.com").certificates {
  subject.commonName
  isVerified
}

MQLCopy
tls.certificates: [
  0: {
    isVerified: true
    subject.commonName: "mondoo.com"
  }
  1: {
    isVerified: true
    subject.commonName: "R3"
  }
  2: {
    isVerified: true
    subject.commonName: "ISRG Root X1"
  }
]

Use Mondoo to query CloudWatch metrics on AWS resources

Mondoo can now pull CloudWatch statistics for AWS resources. For instance, you can use Mondoo to query the number of invocations and errors for a Lambda function. This can be used to assess error rates, or to detect un-used resources.

Note: Mondoo queries CloudWatch Statistics for the last 24h of data, in 1h intervals.

MQLCopy
aws.cloudwatch.metricstatistics(namespace: "AWS/EBS", region: "us-east-1", name: "VolumeTotalReadTime") {
  label
  datapoints {
    maximum
    average
    sum
  }
}

MQLCopy
aws.cloudwatch.metricstatistics: {
  datapoints: [
    0: {
      average: 0.0004509803921568627
      maximum: 0
      sum: 0.22999999999999998
    }
  ]
  label: "VolumeTotalReadTime"

or

MQLCopy
aws.cloudwatch.metrics {
  name
  namespace
  statistics {
    label
    datapoints
  }
}

MQLCopy
1512: {
    statistics: {
      datapoints: []
      label: "CallCount"
    }
    namespace: "AWS/Logs"
    name: "CallCount"
  }
  1513: {
    statistics: {
      datapoints: []
      label: "CallCount"
    }
    namespace: "AWS/Usage"
    name: "CallCount"
  }
  1514: {
    statistics: {
      datapoints: []
      label: "ThrottleCount"
    }
    namespace: "AWS/Usage"
    name: "ThrottleCount"
  }
  1515: {
    statistics: {
      datapoints: []
      label: "CallCount"
    }
    namespace: "AWS/Usage"
    name: "CallCount"
  }

Enhanced assessment of yum repo file contents through file field

Prior to this release, Mondoo could display a list of all configured yum repos. With this new improvement, Mondoo can now not only list all the configured repositories, but inspect the file for each yum repo definition in /etc/yum.repos.d.

With the new file field, the contents are also now available to Mondoo:

MQLCopy
yum.repos {
  name
  file {
    path
    content
  }
}

MQLCopy
yum.repos: [
  0: {
    name: "AlmaLinux 8 - AppStream"
    file: {
      path: "/etc/yum.repos.d/almalinux.repo"
      content: "# almalinux.repo

[baseos]
name=AlmaLinux $releasever - BaseOS
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/baseos
# baseurl=https://repo.almalinux.org/almalinux/$releasever/BaseOS/$basearch/os/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

[appstream]
name=AlmaLinux $releasever - AppStream
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/appstream
# baseurl=https://repo.almalinux.org/almalinux/$releasever/AppStream/$basearch/os/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

[extras]
name=AlmaLinux $releasever - Extras
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/extras
# baseurl=https://repo.almalinux.org/almalinux/$releasever/extras/$basearch/os/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

## Sources
[baseos-source]
name=AlmaLinux $releasever - BaseOS Source
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/baseos-source
# baseurl=https://repo.almalinux.org/almalinux/$releasever/BaseOS/Source/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

[appstream-source]
name=AlmaLinux $releasever - AppStream Source
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/appstream-source
# baseurl=https://repo.almalinux.org/almalinux/$releasever/AppStream/Source/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

[extras-source]
name=AlmaLinux $releasever - Extras Source
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/extras-source
# baseurl=https://repo.almalinux.org/almalinux/$releasever/extras/Source/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

## Debuginfo
[baseos-debuginfo]
name=AlmaLinux $releasever - BaseOS debuginfo
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/baseos-debuginfo
# baseurl=https://repo.almalinux.org/almalinux/$releasever/BaseOS/debug/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

[appstream-debuginfo]
name=AlmaLinux $releasever - AppStream debuginfo
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/appstream-debuginfo
# baseurl=https://repo.almalinux.org/almalinux/$releasever/AppStream/debug/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

[extras-debuginfo]
name=AlmaLinux $releasever - Extras debuginfo
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/extras-debuginfo
# baseurl=https://repo.almalinux.org/almalinux/$releasever/extras/debug/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
"
    }
  }
  ...
}

Use Mondoo to test that files exist, but have no content

Mondoo can now detect that an empty file exists at an expected location. One common use case for this test is to detect files written in error to a location that would otherwise be a filesystem or chroot mount point.

We've added a new field to the file resource to query if the file or directory is empty:

MQLCopy
file('/my/empty/file').empty;

MQLCopy
file.empty: true

🧹 IMPROVEMENTS

• The AWS integration reports long-failing CloudFormation update
• Save more information to improve assessments
• Add support for Rocky Linux
• Add support for AlmaLinux

🐛 BUG FIXES AND UPDATES

• Fix bug where AWS Lambda environment would get too big and fail to update
• Fix queries that were not working in the Mondoo AWS Baseline policy