Skip to main content

Mondoo 6.6 is out!

Β· 2 min read
Mondoo Core Team

πŸ₯³ Mondoo 6.6 is out! This release adds much-requested support for scanning pipelines with CircleCI, side scanning from the command line, and some nice improvements to the Linux Baseline policy for securing users and groups.


Get this release: Installation Docs | Package Downloads | Docker Container


πŸŽ‰ NEW FEATURES​

CircleCI Support​

Problem: You want to use Mondoo natively with CircleCI projects to secure your build pipelines.

Solution: Mondoo now securely integrates with CircleCI projects to scan Kubernetes manifests, Terraform configuration files, and Docker images for common misconfigurations and CVEs. Check out the CircleCI integration documentation to learn more.

CircleCI Security Scans

AWS Side Scanning From the CLI​

Problem: You want Mondoo to scan your AWS instances, but you want to do it without SSH credentials or an SSM agent and without directly impacting your production workloads.

Solution: Mondoo now supports AWS side scanning. You can scan an EC2 instance, an EC2 EBS volume, or an EC2 EBS snapshot. See the EC2 Snapshot Scanning documentation for details.

🧹 IMPROVEMENTS​

Improved Linux Baseline Policy​

Problem: You want the best possible out-of-the-box policies for securing your Linux systems.

Solution: Update the Linux Security Baseline policy to provide additional security recommendations. We've added 12 new controls to validate that users and groups are configured correctly on your Linux systems.

Multi-line Support in Mondoo Shell​

Problem: Writing complex MQL queries on one line can be frustrating.

Solution: The Mondoo shell now supports multi-line input! Multi-line Shell

Copy MRN From the Asset Detail Page​

Problem: It could be challenging to generate a properly-formed asset MRN to use with the Mondoo CLI.

Solution: You can now copy the MRN for any asset from that asset's detail page.

Copy MRN

Total Scans From the Vulnerability Page​

Problem: Mondoo didn't provide enough context about vulnerability scans. It provided the number of findings, but didn't show the total number of objects scanned. If you had a system with no vulnerabilities, it could appear that Mondoo wasn't doing anything!

Solution: Mondoo now also shows the total number of objects scanned in a vulnerability scan.

πŸ› BUG FIXES AND UPDATES​

  • Resolves improperly failing queries in the macOS policy
  • The Linux Security Baseline policy now correctly detects apache2 on Debian-based Linux distributions
  • Improved Kubernetes admission controller reliability on small Kubernetes clusters

Mondoo 6.5 is out!

Β· 3 min read
Mondoo Core Team

πŸ₯³ Mondoo 6.5 is out! This release is all about quality-of-life improvements and bug fixes.


Get this release: Installation Docs | Package Downloads | Docker Container


🧹 IMPROVEMENTS​

Kubernetes Scanning Enhancements​

The Kubernetes admission controller scanning in the CI/CD tab could be quite busy, and it was often difficult to find new deployment scans in this UI. We revamped how scanning occurs in the Mondoo Kubernetes Operator 0.5.0, with scans now only occurring on Kubernetes resources. This means you'll no longer see scans for each new pod generated during auto scaling, cron jobs, or otherwise. This makes it much easier to see the security status of new workloads entering the cluster.

We also improved the performance of Docker image scans. This should greatly improve the experience of users running the container image discovery in Kubernetes scans, which we introduced in Mondoo 6.2. If you haven't tried image scanning in your Kubernetes scans, be sure to try mondoo scan k8s --discover all and keep an eye out for more cluster asset discovery features in future releases.

Improved Integration Status​

Life isn't binary, and neither are our integration status fields now. We updated how Mondoo integrations report their status to include a new Pending status. This better describes the status of integrations that haven't failed but instead just haven't reported to Mondoo Platform yet.

Pending Integration

Many small improvements​

  • The CVE view on the individual asset now shows the total number of packages scanned
  • The Continuous Integration view now shows a timestamp for each branch scanned
  • The installation and usage instructions for HashiCorp Packer & HashiCorp Terraform in the Integrations page is much more useful

πŸ› BUG FIXES AND UPDATES​

  • Improved the readability of buttons on the SAML setup page
  • Fixed the "Load More" button not working when viewing CVEs tied to an individual asset
  • Scanning Microsoft Azure with Mondoo Client no longer requires a URL
  • Container scans now properly set platform architecture
  • SSHD config file scanning in Linux Security Baseline by Mondoo now properly parses all recognized time string formats
  • Improved the Ensure filesystem integrity is regularly checked query in the Linux Security Baseline by Mondoo policy to also support running Aide as a systemd timer
  • Improved the Pod should not run with default service account query in the Kubernetes Application Benchmark by Mondoo policy to not fail when a manifest doesn't specify the service account

Mondoo 6.4 is out!

Β· 3 min read
Mondoo Core Team

πŸ₯³ Mondoo 6.4 is out! This release includes new GitHub resources and improvements to the Linux Baseline policy.


Get this release: Installation Docs | Package Downloads | Docker Container


πŸŽ‰ NEW FEATURES​

New GitHub Resource Capabilities​

Problem: Customers want to write Mondoo policies to ensure the security of their GitHub repositories and organizations

Solution: Mondoo is writing resources to allow users to gather critical information about the security stance of their GitHub Organization and any public repositories they wish to examine.

Connect to mondoo shell to begin discovering more about your GitHub infrastructure:

mondoo shell -t github --option token=${GH_TOKEN} --option login=USERNAME

mondoo shell -t github --option token=${GH_TOKEN} --option organization=ORGANIZATION_NAME

Ask questions and discover:

github.organization { repositories { files { path type  isBinary files { path type  isBinary files  } } }}

github.repository("chris-rock/bubbletea") { files { content} }

Assess:

github.organization { repositories { default=defaultBranchName branches.where(name == default) { protected }}}

github.repository("chris-rock/bubbletea") { archived == false hasIssues == true}

Keep an eye out for our GitHub Security Policy that should be shipping in the next month πŸŽ‰

New Enterprise Windows Installer​

Problem: Customers want to fully automate the installation of Mondoo on Windows using MDM or configuration management solutions.

Solution: A new enterprise Mondoo MSI Installer (mondoo-enterprise.msi) has been created to make the automated setup of Mondoo simpler. This new installer requires a REGISTRATIONTOKEN value, which it uses to automatically register the system with Mondoo and then start the service.

🧹 IMPROVEMENTS​

Improved Linux Baseline Policy​

Problem: Customers want the best possible out of the box policies for securing their Linux systems

Solution: Update the Linux Security Baseline policy to provide additional security recommendations as well as more reliable checks. All checks involving systemd services now check to see if the service is both running and enabled. The Ensure filesystem integrity is regularly checked query now matches the remediation steps. We also updated a number of remediation steps to include SLES instructions.

πŸ› BUG FIXES AND UPDATES​

  • Improve the display of the Mondoo Console on mobile devices
  • Display error messages when the AWS integrations fail to scan instances
  • Add links to OpenShift and cert-manager on the K8s Integration setup page
  • Fix invalid example code in the 'Generate Long-Lived Credentials' Integration page
  • Return actual asset error when scanning on CLI without policies set
  • Fix remediation steps for privileged containers in the Kubernetes Application Benchmark by Mondoo
  • Fix the Mondoo Client Windows service failing to stop
  • Various fixes to the junit output from Mondoo Client
  • Only scan unique container images when running mondoo scan k8s --discover=all
  • Remove version checks in the Mondoo Operator that block upgrading an existing operator

Mondoo 6.3 is out!

Β· 4 min read
Mondoo Core Team

πŸ₯³ Mondoo 6.3 is out! This release includes significant UI updates, a new Packer plugin, agentless scans of AWS infrastructure, querying across AWS Organizations, and substantial speed improvements in Kubernetes scans.


Get this release: Installation Docs | Package Downloads | Docker Container


πŸŽ‰ NEW FEATURES​

Refreshed Overview Page​

Problem: Customers didn't have immediate access to the essential information about their infrastructure when logging into the Mondoo Console.

Solution: The Overview page has been refreshed to focus only on the most pertinent information. Customers can now see information about their Kubernetes integrations directly from the Overview page. If customers are not using Mondoo with Kubernetes or Amazon AWS, the Overview page will no longer show cards for these technologies.

Look for additional improvements to the Overview page in the coming weeks.

Overview Page

Information about managed clients is no longer part of the Overview page. Instead, you can now access the list of managed clients via the Integrations page.

Integrations Marketplace​

Problem: Customers find it difficult to install Mondoo in their infrastructure, so they can quickly get started with scans.

Solution: The Integrations page has been completely re-designed. With the new Integrations Marketplace, it's easy to find, install, and manage your Mondoo integrations and clients from this single location.

Integrations Page

Packer Plugin Mondoo​

Problem: Customers who want to use Mondoo to secure the machine images they create with HashiCorp Packer face a lot of complexity, manual downloads, and manual configuration.

Solution: Mondoo is now available as a native, open source Packer plugin. You can include Mondoo directly in any Packer 1.7 or higher build by adding these blocks to your template:

packer {
required_plugins {
mondoo = {
version = ">= 0.2.1"
source = "github.com/mondoohq/mondoo"
}
}
}
build {
...

provisioner "mondoo" {
score_threshold = 80
on_failure = "continue"
asset_name = "${var.image_prefix}-${local.timestamp}"
}
}

Agentless AWS EBS Volume Scanning​

Problem: Customers need to ensure that a specific EC2 instance meets security and policy standards but have no direct access to that instance. They need a way to inspect EC2 instances externally without losing scan fidelity.

Solution: Agentless AWS EBS Volume Scanning lets Mondoo perform agentless, read-only evaluation of EC2 instances without accessing the instances directly. Mondoo can quickly scan any instance, snapshot, or volume without accessing production workloads.

Requirements:

  • Requires the ability to run mondoo client in the same AWS account as the infrastructure you wish to scan. (AWS CloudShell is excellent for this!)
  • The scanner needs permission to list instances, copy snapshots, create volumes, and attach volumes to instances.
Here's an example AWS security policy to enable Agentless AWS EBS Volume Scanning. It's a little long, so we've collapsed it by default.
{
"Version": "2012-10-17",
"Statement": [
{
"Condition": {
"StringEquals": {
"aws:ResourceTag/Created By": "Mondoo"
}
},
"Action": [
"ec2:AttachVolume",
"ec2:DetachVolume",
"ec2:DeleteVolume",
"ec2:DeleteSnapshot"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ec2:CreateSnapshot",
"ec2:CreateVolume",
"ec2:CopySnapshot",
"ec2:CreateTags",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeSnapshots",
"kms:Decrypt",
"kms:ReEncryptTo",
"kms:GenerateDataKeyWithoutPlaintext",
"kms:DescribeKey",
"kms:ReEncryptFrom"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Condition": {
"Bool": {
"kms:GrantIsForAWSResource": "true"
}
},
"Action": "kms:CreateGrant",
"Resource": "*",
"Effect": "Allow"
}
]
}

Example usage:

mondoo scan aws ec2 ebs <INSTANCE_ID>
mondoo scan aws ec2 ebs volume <VOLUME_ID>
mondoo scan aws ec2 ebs snapshot <SNAPSHOT_ID>

AWS Cross-Organization Queries​

Problem: Customers with many AWS accounts in their AWS Organization need to know about all of their infrastructure, regardless of the associated AWS account.

Solution: Using the Mondoo AWS integration, customers can now search across every AWS account associated with their AWS Organization. Find abandoned or untagged resources, or locate every resource tagged to a particular project or cost center quickly and easily.

Example: I need to find a particular S3 bucket, but I don't know in which AWS account it may be located. I only know part of the bucket name.

mondoo exec --integration-mrn //integration.api.mondoo.app/spaces/<SPACE_ID>/aws/<INTEGRATION_ID> 'aws.s3.buckets.where(name.contains("lost-bucket"))'

🧹 IMPROVEMENTS​

Kubernetes Scan Speed Improvements​

Problem: Initial scans of Kubernetes clusters were too slow.

Solution: Optimizations in the Kubernetes scan code have reduced test scan duration from 2min 10s to only 9s!

πŸ› BUG FIXES AND UPDATES​

  • Using the processes.list MQL resource on a Docker container will no longer run the container out of file handles
  • Fleet-wide statistics now correctly include unscored assets
  • The Mondoo Console has been updated to use Mondoo's new logo

Mondoo 6.2 is out!

Β· One min read
Mondoo Core Team

πŸ₯³ Mondoo 6.2 is out! This release adds automatic container discovery for Kubernetes and support for Amazon Linux 2022.


Get this release: Installation Docs | Package Downloads | Docker Container


πŸŽ‰ NEW FEATURES​

Automatic Container Discovery for Kubernetes​

Problem: Customers couldn't secure containers running within Kubernetes cluster.

Solution: Mondoo automatically discovers and scans containers in Kubernetes clusters!

Use Mondoo to not just scan Kubernetes cluster and pod configurations, but also all the containers running within your Kubernetes clusters by enabling discovery in command line scans:

mondoo scan k8s --discover=all

This scan will return results for the overall Kubernetes cluster and pod security, a new asset scan for each running container, and a link to the Mondoo Console.

Container Scan

Amazon Linux 2022 Support​

Problem: Customers could not be certain that Mondoo would work as expected with the Amazon Linux 2022 preview release.

Solution: Mondoo has been fully tested on Amazon Linux 2022 Preview, and Mondoo now supports using Mondoo Client with Amazon Linux 2022 Preview.

Bug Fixes and Performance Improvements​

About a half-dozen minor stability improvements under the hood.

Mondoo 6.1.1 is out!

Β· 3 min read
Mondoo Core Team

πŸ₯³ Mondoo 6.1.1 is out! This release adds additional support for Red Hat Linux and AlmaLinux 9 and improvements for working with AWS and K8s.


Get this release: Installation Docs | Package Downloads | Docker Container


πŸŽ‰ NEW FEATURES​

EU Region Support​

Problem: Customers in the EU are subject to local regulatory requirements and need the data storage and processing that Mondoo performs on their behalf to physically occur in Europe.

Solution: Mondoo has added a new cloud infrastructure in the EU. Customers can now create and join organizations and spaces in the EU region. All data created and processed in the EU region happens on servers located in data centers within the EU.

Just select the US / EU region pulldown in the Mondoo UI to switch regions.

Mondoo Region Selector

At this time, Mondoo does not support cross-region organizations or spaces.

Red Hat Linux / AlmaLinux 9 Support​

Problem: Customers who wanted to upgrade to the May releases of Red Hat Linux 9 and AlmaLinux 9 were unable to use the full capabilities of Mondoo with these new operating systems.

Solution: Mondoo now supports the detection of EOL dates and package vulnerabilities for Red Hat Linux 9 and AlmaLinux 9.

🧹 IMPROVEMENTS​

Additional Resources Shown in AWS Accounts​

Problem: The AWS account integration page sometimes didn't display the information customers needed about their accounts.

Solution: The AWS Account integrations page now displays the number of EC2 Snapshots, CloudWatch LogGroups, Lambda Functions, Config Recorders, and EKS clusters.

Kubernetes Custom Resources Support in MQL​

Problem: When writing policies to inspect Kubernetes installations, customers need to easily interrogate my Kubernetes custom resources.

Solution: The MQL query language now exposes Kubernetes custom resources for use in policies as k8s.customresource.

k8s.customresource usage example

πŸ› BUG FIXES AND UPDATES​

  • AWS SSM scans should no longer fail due to AWS SSM timeouts
  • Fetch the default registry entries on Windows in addition to the explicitly set registry entries
  • Improve Linux Security Baseline policy queries and remediation steps to reduce errors
  • EBS volume-based scans of AWS EC2 instances are more reliable
  • The filtering of assets by AWS integration now works as intended
  • Add missing UI breadcrumbs from CI/CD scan jobs back to their projects
  • Fix the load more button in a CI/CD project not loading more jobs
  • Fix service checks when scanning hosts using the fs transport
  • Fix failures in the Platform End-of-Life Policy

Mondoo 6.0 is out!

Β· 8 min read
Mondoo Core Team

πŸ₯³ Mondoo 6.0 is out.


Get this release: Installation Docs | Package Downloads | Docker Container


We have just hit a major milestone - Mondoo’s 6.0 release! This version includes many changes we’re eager to share with you:

Most of these changes have been available hidden behind feature flags and CLI options for a while now. This release changes the default experience to make them available to everyone.

Is it difficult to upgrade?

Not at all! We have kept most things backwards-compatible with v5. In most cases you should only see a few deprecation warnings asking you to use new CLI options. The few breaking changes are outlined below.

Breaking changes

  • mondoo scan now uses the exit code 0 whenever the scan is successfully executed. Previously we used non-zero exit codes when a scan didn’t achieve a perfect score. This change makes it easier to use Mondoo in a CI/CD. See [the section on exit codes] below.
  • mondoo scan without additional arguments no longer automatically scans your local system. We changed this to prevent you from accidentally scanning your local OS. Run mondoo scan local to scan your local system. Check out our new [scan providers] for more targets below.
  • The default CLI reporter has changed to compact mode, which doesn’t rely on pagination and prints a much shorter summary. See [CLI reports] for more information.
  • When you run mondoo scan with a --policy-bundle, the option --incognito is now used by default instead of printing an error and aborting.

Deprecations

All deprecations will be supported throughout the lifetime of Mondoo v6. We will remove them when we release Mondoo v7.

  • The -t and --connection options for mondoo scan, mondoo exec and mondoo shell have been deprecated. Please use [scan providers] instead.
  • The --exit-0-on-success option has been deprecated and is the new default. Feel free to remove it. See [the section on exit codes].

πŸŽ‰ NEW FEATURES​

CLI scan providers​

Problem: Mondoo can scan many different targets, from your local machine, to remote machines via SSH or WinRM, to cloud systems like AWS or Azure, and even arbitrary APIs. These are specified via the --connection or -t option in the CLI. Unfortunately, it was difficult to use this option effectively, partly due to the wide range of targets and parameters that were supported.

Solution: We are providing a new way to target assets with this release. The scan command has changed from:

mondoo scan -t <schema>://<options>
mondoo scan --connection <schema>://<options>

to

mondoo scan <provider>

To access a list of all available providers, type:

mondoo scan -h
Usage:
mondoo scan [flags]
mondoo scan [command]

Available commands:
arista Scan an Arista endpoint
aws Scan an AWS account or instance
azure Scan a Microsoft Azure account or instance
container Scan a container, an image, or a registry
docker Scan a Docker container or image
gcp Scan a Google Cloud Platform (GCP) account
github Scan a GitHub organization
gitlab Scan a GitLab group
host Scan a host endpoint
k8s Scan a Kubernetes cluster
local Scan a local target
mock Scan a mock target (a simulated asset)
ms365 Scan a Microsoft 365 endpoint
ssh Scan a SSH target
terraform Scan all Terraform files in a path (.tf files)
vagrant Scan a Vagrant host
vsphere Scan a VMware vSphere API endpoint
winrm Scan a WinRM target

You can find more information on every provider with the -h or --help option. For example:

mondoo scan container -h

Here are a few more examples of mondoo scan with different providers:

mondoo scan local
mondoo scan ssh user@host
mondoo scan container b62b
mondoo scan container image ubuntu:20.04
mondoo scan aws

CLI reports overhaul​

Problem: The default CLI reports used a lot of screen space to convey their findings. They also printed from top to bottom, with a summary and a lot of information below, which forced us to default to pagination for these reports to avoid scrolling. These reports are helpful for security audits, but they didn’t help most other CLI users.

Solution: We have designed a new report whose primary audience is developers and operations experts. This means that we now print a list of controls and data queries first, then list vulnerabilities, and then finish with a short summary. We deactivated the pagination. The default report is also much more compact:

mondoo scan local
# OR
mondoo scan local -o compact

To get more information about individual controls, use the full formatter:

mondoo scan local -o full

Here is an example of compact (left) versus full (right) output side-by-side for the scan scan:

Mondoo6 Compact vs Full Output

You can access the auditor- and security-centric report via -o report. This was the default output before v6.

You can list all output formats:

mondoo scan -o help
Available output formats: junit, compact, full, report, json, csv, yaml

Exit codes and score thresholds​

Problem: Whenever Mondoo scans ran in CI/CD pipes, unless they had perfect scores (an A+ with a score of 100), they finished with a non-zero exit code. This caused the pipeline to fail, even with only minor issues.

We had previously introduced the --exit-0-on-success option to address this use case. It changed the behavior to always finish with an exit code of 0 whenever the scan was successfulβ€”even if it produced an F.

While this helped remedy the original problem with failing pipeline runs, it didn’t help users who wanted to fail their tests if certain conditions were met. This was technically possible, by knowing all the available exit codes mondoo scan generated, but was impractical and hard to use.

Solution: Mondoo scans now always return an exit code of 0 by default when a scan is successful. Both As and Fs show a successful run.

With the previously introduced --score-threshold you can change this behavior to fail the execution (exit code 1) whenever the score falls too low. For example, this command fails all scans that result in an F (if their score is below 10):

mondoo scan … --score-threshold 10

AWS Organization integration​

We are excited to release the AWS Organization integration, which allows you to set up AWS integrations across your entire AWS Organization or organizational unit.

Mondoo6 AWS Organization Integration

We previously only supported single account installs. With this change, you can use AWS CloudFormation StackSets to install the integration across all accounts in your AWS Organization and automatically have the integration be installed to all new accounts added to that AWS Organization.

🧹 IMPROVEMENTS​

MQL improvements​

Problem: It was impossible to use variables across blocks in MQL, which made a lot of queries more difficult to write. We have wanted to fix this issue for a while, which required a major change in MQL’s execution engine.

Solution: Variables can now be used across blocks like you would in many other programming languages. Here is a simple example:

aws.dynamodb.tables {
x = region
aws.dynamodb.
limits.
where(region == x) {*}
}

In this example, we define a new variable x and set its value to the region of the table. We can then use the variable to access the limits entry that matches this region. Previously this was not possible, since both fields had the same name (region) and variables weren’t accessible across blocks.

CI/CD detection​

We now automatically detect the client running in CI/CD environments. Once detected, we collect more contextual information about the run, like the repository, PR/MR number, and git reference. This allows CI/CD runs to automatically show up in the CI/CD tab in the UI, where you can explore more details.

Today, we support this feature for GitHub, GitLab, and Kubernetes out of the box. We are expanding to other systems soon, so stay tuned!

πŸ› BUGFIXES​

  • update Kubernetes doc links in the UI
  • fix colors for the score display
  • fix EBS volume scanning targeting incorrect instances in some cases
  • fix "see your asset scores" (on aws integrations) button navigation
  • ensure asset labels link out to AWS when appropriate
  • ensure project jobs load more button loads more items
  • added error msg for when a user tries to cancel an invitation that is not their own
  • correct breadcrumb on CI/CD page
  • default Kubernetes integrations admission controller to off

Mondoo 5.39.0 is out!

Β· 2 min read
Mondoo Core Team

πŸ₯³ Mondoo 5.39 is out. Lots of significant features in this release! We're all about continuous integration/continuous delivery and Kubernetes. Also, check out Mondoo on the GitHub Actions marketplace!


Get this release: Installation Docs | Package Downloads | Docker Container


πŸŽ‰ NEW FEATURES​

New CI/CD integrations​

To help you better visualize scans of CI/CD pipelines, we've added new specialized views to the Mondoo Console. Of course, Mondoo already lets you scan infrastructure artifacts during the build process, such as Kubernetes Manifests, Terraform code, and Docker images. But now, you can use Mondoo to compare different builds and branches and see how they compare to one another.

Check out the official documentation and get started today!

CI-CD Examples

Mondoo is in the GitHub Marketplace​

To go with our new GitHub CI/CD views, Mondoo is now available as an action in the GitHub Marketplace. Use Mondoo with GitHub Actions to scan Kubernetes Manifests, Terraform configuration files, and Docker images. See examples and full setup instructions on our page in the GitHub Marketplace.

GitHub Marketplace - Mondoo Action GitHub Marketplace

Kubernetes integrations​

With the Mondoo Kubernetes Operator, you can now continuously validate your deployed workloads and assess the configuration and security of the nodes running your kubelets. Couple this with the Mondoo Admission Controller and Mondoo's support for scanning Kubernetes Manifests in the CI/CD pipeline. Mondoo provides a complete, end-to-end solution for securing Kubernetes from commit to production.

Kubernetes in Mondoo

🧹 IMPROVEMENTS​

New asset page​

We've given the individual asset view a beautiful new makeover. Graphs and scorecards help you understand how your assets stack up against policy at a glance, and the integrated filters make it easy to find the most relevant policies.

New Asset View

Kubernetes policy improvements​

We've added new controls and queries to the Kubernetes policies.

πŸ› BUGFIXES​

  • Fix to offline EBS volume scanning for AWS - Resolves an issue where the Mondoo Client would sometimes mount the wrong filesystem during offline EBS volume scans.

Mondoo 5.38.1 is out!

Β· 2 min read
Mondoo Core Team

πŸ₯³ Mondoo 5.38.1 is out. This release includes policy updates and lays the foundation for big things to come​

Get this release: Installation Docs | Package Downloads | Docker Container


πŸŽ‰ NEW FEATURES​

Ubuntu 20.04 CIS Benchmark Certification​

The Mondoo Ubuntu 20.04 Level 1 and Level 2 CIS Benchmarks are now officially CIS certified. See the Mondoo cisecurity.org page for a complete list of our CIS certified benchmarks and stay tuned for more certified benchmarks in the coming weeks.

🧹 IMPROVEMENTS​

Kubernetes Operator Updates

Our Mondoo Kubernetes Operator has seen yet another round of important improvements as we work towards the general availability of the operator next week. Kubernetes cluster node scanning now occurs using a Kubernetes CronJob instead of running the agent at all times on each node, saving CPU and memory resources. We've also added some behind the scenes capabilities required for registering the operator using a short-lived registration token instead of a full Mondoo service account. This keeps secrets out of the user's shell history when configuring the operator in the cluster. Our upcoming integrations setup workflow in the Mondoo Console will use this new capability to securely deploy the operator to your clusters.

πŸ› BUGFIXES​

  • Fix incorrect remediation steps for multiple queries in the Linux Security Baseline by Mondoo policy:
    • Ensure the audit configuration is immutable
    • Ensure permissions on /etc/passwd- are configured
    • Ensure permissions on /etc/group- are configured
  • Fix errors in Linux Security Baseline by Mondoo policy when /etc/passwd- or /etc/gshadow- doesn't exist.
  • Fix errors in Kubernetes Application Benchmark by Mondoo's query Pod should not run with default service account.

Mondoo 5.37.0 is out!

Β· 3 min read
Mondoo Core Team

πŸ₯³ Mondoo 5.37.0 is out. This release's big features: Windows, Windows, and more Windows! Updated CIS benchmarks, expanded vulnerability scanning, and much more.


Get this release: Installation Docs | Package Downloads | Docker Container


πŸŽ‰ NEW FEATURES​

Expanded Windows Platform Support​

New and Updated CIS Benchmarks

New CIS Windows 11 and Windows 2022 benchmarks version 1.0 are available in the Mondoo Policy Hub. We've also updated our existing CIS benchmarks for Windows to the latest CIS releases:

  • Windows 2016 updated to 1.3.0
  • Windows 2019 updated to 1.3.0
  • Windows 10 updated to 1.12.0

Windows 10 and 11 Security Advisories

The Mondoo Platform Vulnerability Policy now includes security advisory and CVE reporting for Windows 10 and 11. We've also made improvements to ensure that systems with many security advisories correctly report the complete set.

Unpatched Windows 10 Scan

Windows 10 and 11 Platform EOL Dates

The Mondoo Platform End-of-Life Policy includes EOL data for Windows 10 and 11.

Non-EOL Windows 10 Scan

Kubernetes Deployment Scans

The Mondoo Kubernetes operator's admission controller now includes full scanning of each Kubernetes deployment and pod. With the admission controller enabled, these scans will show up in the fleet view. See the mondoo-operator repo for more details. Stay tuned for a guided operator setup and improved UI experience coming soon.

🧹 IMPROVEMENTS​

New ssh-host-key id-detector

You can now identify the system you're scanning through the ssh-host-key with the --id-detector CLI flag.

mondoo scan --id-detector ssh-host-key

New Ubuntu Security Advisory Data

The Mondoo Platform Vulnerability Policy now includes security advisory data for Ubuntu 22.04 and the upcoming Ubuntu 22.10 release.

New UI Color Theme

The Mondoo CLI output has a new color theme to better match the output you see in the Mondoo Console.

Improved Output in Kubernetes Application Benchmark

The output in the Kubernetes Application Benchmark by Mondoo now displays the pod name and namespace in the query output. With this information, you can trace vulnerable pods back to their manifests.

Pop!_OS Support

Mondoo now detects and scans the Pop!_OS Linux distribution by System76.

πŸ› BUGFIXES​

  • Fix loading of id-detector config option for mondoo scan
  • Fix handling of non-existing registry keys on Windows
  • Fix several detection errors in Mondoo Security Baseline policies:
    • Improve reliability of Auditd state to prevent errors checking state
    • Don't fail when /etc/group- doesn't exist on a system
    • Add a new query on Windows hosts to make sure users don't have the privilege to attach debuggers