Mondoo 5.18.0 is out!
๐ฅณ mondoo 5.18.0 is out!
๐ NEW FEATURESโ
** Use Mondoo to verify certificate chains **
You can now use the isVerified
field on the certificate
resource
to check whether or not a certificate chain is valid:
tls("mondoo.com").certificates {
subject.commonName
isVerified
}
tls.certificates: [
0: {
isVerified: true
subject.commonName: "mondoo.com"
}
1: {
isVerified: true
subject.commonName: "R3"
}
2: {
isVerified: true
subject.commonName: "ISRG Root X1"
}
]
** Use Mondoo to query CloudWatch metrics on AWS resources **
Mondoo can now pull CloudWatch statistics for AWS resources. For instance, you can use Mondoo to query the number of invocations and errors for a Lambda function. This can be used to assess error rates, or to detect un-used resources.
Note: Mondoo queries CloudWatch Statistics for the last 24h of data, in 1h intervals.
aws.cloudwatch.metricstatistics(namespace: "AWS/EBS", region: "us-east-1", name: "VolumeTotalReadTime") {
label
datapoints {
maximum
average
sum
}
}
aws.cloudwatch.metricstatistics: {
datapoints: [
0: {
average: 0.0004509803921568627
maximum: 0
sum: 0.22999999999999998
}
]
label: "VolumeTotalReadTime"
or
aws.cloudwatch.metrics {
name
namespace
statistics {
label
datapoints
}
}
1512: {
statistics: {
datapoints: []
label: "CallCount"
}
namespace: "AWS/Logs"
name: "CallCount"
}
1513: {
statistics: {
datapoints: []
label: "CallCount"
}
namespace: "AWS/Usage"
name: "CallCount"
}
1514: {
statistics: {
datapoints: []
label: "ThrottleCount"
}
namespace: "AWS/Usage"
name: "ThrottleCount"
}
1515: {
statistics: {
datapoints: []
label: "CallCount"
}
namespace: "AWS/Usage"
name: "CallCount"
}
** Enhanced assessment of yum repo file contents through file
field **
Prior to this release, Mondoo could display a list of all configured yum repos. With this new improvement, Mondoo can now not only list all the configured repositories, but inspect the file for each yum repo definition in /etc/yum.repos.d
.
With the new file
field, the contents are also now available
to Mondoo:
yum.repos {
name
file {
path
content
}
}
yum.repos: [
0: {
name: "AlmaLinux 8 - AppStream"
file: {
path: "/etc/yum.repos.d/almalinux.repo"
content: "# almalinux.repo
[baseos]
name=AlmaLinux $releasever - BaseOS
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/baseos
# baseurl=https://repo.almalinux.org/almalinux/$releasever/BaseOS/$basearch/os/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
[appstream]
name=AlmaLinux $releasever - AppStream
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/appstream
# baseurl=https://repo.almalinux.org/almalinux/$releasever/AppStream/$basearch/os/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
[extras]
name=AlmaLinux $releasever - Extras
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/extras
# baseurl=https://repo.almalinux.org/almalinux/$releasever/extras/$basearch/os/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
## Sources
[baseos-source]
name=AlmaLinux $releasever - BaseOS Source
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/baseos-source
# baseurl=https://repo.almalinux.org/almalinux/$releasever/BaseOS/Source/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
[appstream-source]
name=AlmaLinux $releasever - AppStream Source
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/appstream-source
# baseurl=https://repo.almalinux.org/almalinux/$releasever/AppStream/Source/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
[extras-source]
name=AlmaLinux $releasever - Extras Source
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/extras-source
# baseurl=https://repo.almalinux.org/almalinux/$releasever/extras/Source/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
## Debuginfo
[baseos-debuginfo]
name=AlmaLinux $releasever - BaseOS debuginfo
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/baseos-debuginfo
# baseurl=https://repo.almalinux.org/almalinux/$releasever/BaseOS/debug/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
[appstream-debuginfo]
name=AlmaLinux $releasever - AppStream debuginfo
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/appstream-debuginfo
# baseurl=https://repo.almalinux.org/almalinux/$releasever/AppStream/debug/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
[extras-debuginfo]
name=AlmaLinux $releasever - Extras debuginfo
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/extras-debuginfo
# baseurl=https://repo.almalinux.org/almalinux/$releasever/extras/debug/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
"
}
}
...
}
** Use Mondoo to test that files exist, but have no content **
Mondoo can now detect that an empty file exists at an expected location. One common use case for this test is to detect files written in error to a location that would otherwise be a filesystem or chroot mount point.
We've added a new field to the file
resource to query
if the file or directory is empty:
file("/my/empty/file").empty;
file.empty: true
๐งน IMPROVEMENTSโ
- The AWS integration reports long-failing CloudFormation update
- Save more information to improve assessments
- Add support for Rocky Linux
- Add support for AlmaLinux
๐ BUG FIXES AND UPDATESโ
- Fix bug where AWS Lambda environment would get too big and fail to update
- Fix queries that were not working in the Mondoo AWS Baseline policy