Mondoo 8.17 is out!
π₯³ Mondoo 8.17 is out! This release includes new Jira ticketing integration, GCP snapshot scanning, continuous Azure VM scanning, and more!β
Get this release: Installation Docs | Package Downloads | Docker Container
π NEW FEATURESβ
Atlassian Jira ticketing integrationβ
Exposing critical issues is only half the journey toward a secure and compliant infrastructure. The next step is effectively communicating these findings to the appropriate teams and tracking remediation progress. Take the work out of communicating your findings with Mondoo's new Atlassian Jira integration.
Automatically create issues directly in Atlassian Jira so teams can schedule remediation work within their existing project workflows. Without ever leaving the Mondoo Console, you can create Jira tickets that include all the details necessary for infrastructure owners to remediate findings, even if they don't have access to Mondoo.
GCP snapshot scanningβ
In Mondoo 8.16, we introduced GCP VM instance scanning using snapshots, allowing you to scan running instances without agents or impact on production workloads. This week we're extending our GCP scanning options with support for scanning snapshots by name. With snapshot scanning, you scan different point-in-time snapshots of VMs, giving you deep insights into systems at a particular point in time as well as security over time.
cnquery shell gcp snapshot suse12 --project-id my-project-id
β discover related assets for 1 asset(s)
β resolved assets resolved-assets=1
β found target volume device name=/dev/sdb3
___ _ __ ___ _ __ ___ ___
/ __| '_ \/ __| '_ \ / _ \/ __|
| (__| | | \__ \ |_) | __/ (__
\___|_| |_|___/ .__/ \___|\___|
mondooβ’ |_|
cnspec> asset.platform
asset.platform: "sles"
cnspec> asset.version
asset.version: "12.5"
cnspec> packages
packages.list: [
0: package name="release-notes-sles" version="12.5.20200504-3.11.1"
1: package name="libqrencode3" version="3.4.3-1.31"
2: package name="lifecycle-data-sle-module-toolchain" version="1-3.15.1"
3: package name="yast2-firewall" version="3.4.0-6.3.2"
4: package name="recode" version="3.6-663.62"
5: package name="sle-module-legacy-release-POOL" version="12-10.10.1"
6: package name="SuSEfirewall2" version="3.6.312.333-3.13.1"
7: package name="gamin-server" version="0.1.10-11.19"
...
Continuous Azure VM scanningβ
Scanning Azure VMs is easier than ever with our Azure integration's new continuous VM scanning feature. Automatically scan all VMs in your subscription without needing to deploy agents or change your provisioning process.
To enable VM scanning, select the Scan VMs option during the Azure integration setup.
Mondoo discovers all Linux and Windows VMs in your subscription automatically and scans these VMs using Azure's built-in Run Commands functionality.
π§Ή IMPROVEMENTSβ
Use the latest existing snapshot for GCP VM instance scanningβ
Want to scan GCP VM instances by snapshot, but don't want to wait for a new snapshot to be created? Now you can scan GCP instances using existing VM snapshots with the new --use-latest-snapshot
flag.
cnspec scan gcp instance sles12 --project-id my-project-id --zone us-central1-a --use-latest-snapshot
β no Mondoo configuration file provided. using defaults
β discover related assets for 1 asset(s)
β resolved assets resolved-assets=1
sles12 βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ 100% score: C
Asset: sles12
-------------
Checks:
β Fail: D 20 Ensure auditing for processes that start prior to auditd is enabled
β Fail: D 20 Ensure successful file system mounts are collected
β Fail: C 40 Ensure Advanced Intrusion Detection Environment (AIDE) is installed
β Pass: A 100 Ensure rsh server is stopped and not enabled
β Fail: F 0 Ensure secure permissions on /etc/group- are set
β Pass: A 100 Ensure Avahi server is stopped and not enabled
β Fail: D 20 Ensure system accounts are non-login
β Pass: A 100 Ensure secure permissions on /etc/group are set
! Error: Ensure rsyslog default file permissions configured
β Pass: A 100 Ensure prelink is disabled
β Pass: A 100 Ensure auditd is installed
β Pass: A 100 Ensure X Window System is not installed
! Error: Ensure access to the su command is restricted
β Fail: D 20 Ensure session initiation information is collected
β Fail: F 0 Ensure broadcast ICMP requests are ignored
β Fail: D 20 Ensure login and logout events are collected
...
More asset inventory data on Windowsβ
The cnquery Windows Asset Inventory Pack now includes additional inventory data collection:
- Installed hotfixes
- Installed features
- Windows Computer/System information
- Expanded network interface information
π BUG FIXES AND UPDATESβ
- Add a remediation hint for UFW users to the Linux Security policy. Thanks for this update, @danielwillshare!
- Add custom metrics to the Mondoo Kubernetes Operator. Thanks for this update, @mariuskimmina!
- Improve help output in cnspec and cnquery.
- Fix ignored checks on assets not displaying as ignored.
- Fixed incorrect "Private" status for policies on the Security Policies page.
- Improve Security Policy tooltips and column names.
- Remove outdated (ONLINE) status from assets on the Security Policies page.
- Use the term "checks" instead of "queries" on the Security Policies page.
- Fix the display of nested queries in the asset resources tab.
- Fix an incorrect remediation step in the CIS Distribution Independent Linux Benchmark policy.