Skip to main content

Mondoo 8.25 is out!

ยท 2 min read
Tim Smith
Tim Smith
Mondoo Core Team

๐Ÿฅณ Mondoo 8.25 is out! This release includes improvements to Compliance Hub, updated CIS Debian Linux 2.0 Benchmark, and more!โ€‹

Get this release: Installation Docs | Package Downloads | Docker Container

๐Ÿงน IMPROVEMENTSโ€‹

Improved Compliance Hub experienceโ€‹

We've been busy this week rolling out fixes and improvements to make Compliance Hub an even better experience.

  • The first exception on the compliance exceptions tab now automatically expands for easier viewing.
  • Compliance control pages now include tooltips for the completion column.
  • Controls listed in exceptions now link to the individual control pages.
  • The completion column in control pages now supports ascending and descending sorting.
  • The completion percentage shown for frameworks now better reflects progress.
  • There are improved recommendations when there are no checks or assets in a control.
  • Compliance completion bars in Firefox now size properly at all window dimensions.

CIS Debian Linux 10 Benchmark 2.0โ€‹

CIS Debian Linux 10 Benchmark is updated from 1.0 to 2.0. This is a massive update to the CIS benchmarks for Debian that includes the following changes:

  • 38 controls now have improved descriptions, audit instructions, and remediation steps.
  • 34 new controls now follow the "Ensure service X is not installed" method instead of "Ensure service X is disabled".
  • 58 legacy controls have been removed, including the existing "Ensure service X is disabled" controls mentioned above.

๐Ÿ› BUG FIXES AND UPDATESโ€‹

  • Don't show duplicate checks in the registry when a policy uses variants.
  • Remove a black box displayed in the registry when a policy uses policy variants.
  • Add three additional controls to the CIS Amazon Linux 2023 policies.
  • Improved descriptions and remediation steps in the CIS Distribution Independent Linux Benchmark policies.
  • Log errors for missing API support when scanning GCP organization and projects instead of failing.
  • Give a unique name to gcp-subnetwork assets that includes the region in the name.
  • Fix the grouping of GCP organizations and projects in the fleet view.
  • Don't attempt to discover GCP projects that are marked for deletion.
  • Don't detect GCP VM instances as VM images.