Mondoo 5.38.1 is out!
๐ฅณ Mondoo 5.38.1 is out. This release includes policy updates and lays the foundation for big things to comeโ
Get this release: Installation Docs | Package Downloads | Docker Container
๐ NEW FEATURESโ
Ubuntu 20.04 CIS Benchmark Certificationโ
The Mondoo Ubuntu 20.04 Level 1 and Level 2 CIS Benchmarks are now officially CIS certified. See the Mondoo cisecurity.org page for a complete list of our CIS certified benchmarks and stay tuned for more certified benchmarks in the coming weeks.
๐งน IMPROVEMENTSโ
Kubernetes Operator Updates
Our Mondoo Kubernetes Operator has seen yet another round of important improvements as we work towards the general availability of the operator next week. Kubernetes cluster node scanning now occurs using a Kubernetes CronJob instead of running the agent at all times on each node, saving CPU and memory resources. We've also added some behind the scenes capabilities required for registering the operator using a short-lived registration token instead of a full Mondoo service account. This keeps secrets out of the user's shell history when configuring the operator in the cluster. Our upcoming integrations setup workflow in the Mondoo Console will use this new capability to securely deploy the operator to your clusters.
๐ BUGFIXESโ
- Fix incorrect remediation steps for multiple queries in the Linux Security Baseline by Mondoo policy:
Ensure the audit configuration is immutableEnsure permissions on /etc/passwd- are configuredEnsure permissions on /etc/group- are configured
- Fix errors in Linux Security Baseline by Mondoo policy when
/etc/passwd-or/etc/gshadow-doesn't exist. - Fix errors in Kubernetes Application Benchmark by Mondoo's query
Pod should not run with default service account.