Skip to main content

Mondoo 5.14.0 is out!

ยท 2 min read
Jay Mundrawala
Mondoo Core Team

๐Ÿฅณ mondoo 5.14.0 is out!

๐ŸŽ‰ NEW FEATURESโ€‹

Terraform Transport

This release adds support to scan Terraform HCL files.

mondoo shell -t terraform:// --option path=path/to/tf
mondoo > terraform.blocks { nameLabel type arguments }
terraform.blocks: [
  0: {
    arguments: {
      most_recent: {
        type: "bool"
        value: true
      }
      owners: {
        type: "tuple([string])"
        value: [
          0: "self"
        ]
      }
      tags: {
        type: "object({Name=string,Tested=string})"
        value: null
      }
    }
    type: "data"
    nameLabel: "aws_ami"
  }
  1: {
    arguments: {
      source: {
        type: "string"
        value: "hashicorp/consul/aws"
      }
      version: {
        type: "string"
        value: "0.11.0"
      }
    }
    type: "module"
    nameLabel: "consul"
  }
...
}

MQL glob fields

You can now ask the shell to print all the fields using *.

mondoo > sshd.config { * }
sshd.config: {
  macs: []
  file: file id = /etc/ssh/sshd_config
  ciphers: []
  params: {
    AuthorizedKeysFile: ".ssh/authorized_keys"
    ChallengeResponseAuthentication: "no"
    Port: "22"
    PrintMotd: "no"
    Subsystem: "sftp /usr/lib/ssh/sftp-server"
    UsePAM: "yes"
  }
  kexs: []
  content: "#	$OpenBSD: sshd_config..."
}

DNS DKIM Record Parsing

This release improves the previously released dns resource with the ability to parse DKIM TXT records.

dns("google._domainkey.mondoo.com").records { type rdata }
dns.records: [
  0: {
    type: "TXT"
    rdata: [
      0: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3E9IavfvGHiENM/bFBTJfRLBUE1PV9f2q2mbYOHu2d1zZ3VB22sXnpGN6TV1m8Tq8zUWlXPgkApOaSF/+zRqBuyF6ci1rmcfvFCAHdERXy37bFgi0/EkoslaqEZel4eddqqWt93KuwydPL2jEhd01M+PGbfFfCu65iZFW107u0PhlXWZG0iJbFsBNdp4mKXI4CxWNlVb0xPr0kcYaE0eAi+EcnG5QHONv5cQrQJ6ncUNehV0caUKWibIKTKPmwttPTyTYbF6sWY7olT9FAgbGz5flHHqBVWPXsf5Jivv5HbsJLTdejAvQwm7e+w0S//OFafffZUXgF/yNB4HczZiQIDAQAB"
    ]
  }
]

Now a dns("google._domainkey.mondoo.com").dkim returns the value and offers a valid method to verify if the public key is parsable:

dns("google._domainkey.mondoo.com").dkim {
  keyType
  version
  notes
  serviceTypes
  flags
  publicKeyData
  valid
}
dns.dkim: [
  0: {
    notes: ""
    publicKeyData: "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3E9IavfvGHiENM/bFBTJfRLBUE1PV9f2q2mbYOHu2d1zZ3VB22sXnpGN6TV1m8Tq8zUWlXPgkApOaSF/+zRqBuyF6ci1rmcfvFCAHdERXy37bFgi0/EkoslaqEZel4eddqqWt93KuwydPL2jEhd01M+PGbfFfCu65iZFW107u0PhlXWZG0iJbFsBNdp4mKXI4CxWNlVb0xPr0kcYaE0eAi+EcnG5QHONv5cQrQJ6ncUNehV0caUKWibIKTKPmwttPTyTYbF6sWY7olT9FAgbGz5flHHqBVWPXsf5Jivv5HbsJLTdejAvQwm7e+w0S//OFafffZUXgF/yNB4HczZiQIDAQAB"
    version: "DKIM1"
    flags: []
    valid: true
    serviceTypes: []
    keyType: "rsa"
  }
]

๐Ÿงน IMPROVEMENTSโ€‹

  • support mondoo scan -t scheme:// without ://. You can now just mondoo scan -t scheme
  • Add ability to load default ssh elliptic curve keys
  • Try to detect a platform identifier consistent across transports when scanning EC2 instances

๐Ÿ› BUG FIXES AND UPDATESโ€‹

  • Fix bug where the tls resource would panic with concurrent map access
  • Fix bug with machine resource on Linux where it would error out with could not retrieve smbios info for platform: read /sys/class/dmi/id: is a directory
  • Fix aws.accessAnalyzer resource