Skip to main content

Mondoo 5.15.0 is out!

ยท One min read
Mondoo Core Team

๐Ÿฅณ mondoo 5.15.0 is out!

๐ŸŽ‰ NEW FEATURESโ€‹

Support --path for exec command to allow for autocompletion in the shell This brings shell auto-completion for transports that require a path

Before:

$ mondoo exec -t terraform --option path=policy/bundles/test_data/terraform/fail "$(cat test.mql)"

After:

$ mondoo exec -t terraform --path policy/bundles/test_data/terraform/fail "$(cat test.mql)"

๐Ÿงน IMPROVEMENTSโ€‹

  • Add azure vm platform id auto-detection
  • Add tags to aws acm certificate resource

Mondoo 5.14.1 is out!

ยท One min read
Mondoo Core Team

๐Ÿฅณ mondoo 5.14.1 is out!

๐Ÿงน IMPROVEMENTSโ€‹

  • support trailing comments in MQL expressions
  • Add optional/customizable tags the AWS CloudFormation stack
  • Make files.find follow symlinks
  • Include default Mondoo AWS Policy

๐Ÿ› BUG FIXES AND UPDATESโ€‹

  • explicit health check for scan and serve

Mondoo 5.14.0 is out!

ยท 2 min read
Mondoo Core Team

๐Ÿฅณ mondoo 5.14.0 is out!

๐ŸŽ‰ NEW FEATURESโ€‹

Terraform Transport

This release adds support to scan Terraform HCL files.

mondoo shell -t terraform:// --option path=path/to/tf
mondoo > terraform.blocks { nameLabel type arguments }
terraform.blocks: [
0: {
arguments: {
most_recent: {
type: "bool"
value: true
}
owners: {
type: "tuple([string])"
value: [
0: "self"
]
}
tags: {
type: "object({Name=string,Tested=string})"
value: null
}
}
type: "data"
nameLabel: "aws_ami"
}
1: {
arguments: {
source: {
type: "string"
value: "hashicorp/consul/aws"
}
version: {
type: "string"
value: "0.11.0"
}
}
type: "module"
nameLabel: "consul"
}
...
}

MQL glob fields

You can now ask the shell to print all the fields using *.

mondoo > sshd.config { * }
sshd.config: {
macs: []
file: file id = /etc/ssh/sshd_config
ciphers: []
params: {
AuthorizedKeysFile: ".ssh/authorized_keys"
ChallengeResponseAuthentication: "no"
Port: "22"
PrintMotd: "no"
Subsystem: "sftp /usr/lib/ssh/sftp-server"
UsePAM: "yes"
}
kexs: []
content: "# $OpenBSD: sshd_config..."
}

DNS DKIM Record Parsing

This release improves the previously released dns resource with the ability to parse DKIM TXT records.

dns("google._domainkey.mondoo.com").records { type rdata }
dns.records: [
0: {
type: "TXT"
rdata: [
0: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3E9IavfvGHiENM/bFBTJfRLBUE1PV9f2q2mbYOHu2d1zZ3VB22sXnpGN6TV1m8Tq8zUWlXPgkApOaSF/+zRqBuyF6ci1rmcfvFCAHdERXy37bFgi0/EkoslaqEZel4eddqqWt93KuwydPL2jEhd01M+PGbfFfCu65iZFW107u0PhlXWZG0iJbFsBNdp4mKXI4CxWNlVb0xPr0kcYaE0eAi+EcnG5QHONv5cQrQJ6ncUNehV0caUKWibIKTKPmwttPTyTYbF6sWY7olT9FAgbGz5flHHqBVWPXsf5Jivv5HbsJLTdejAvQwm7e+w0S//OFafffZUXgF/yNB4HczZiQIDAQAB"
]
}
]

Now a dns("google._domainkey.mondoo.com").dkim returns the value and offers a valid method to verify if the public key is parsable:

dns("google._domainkey.mondoo.com").dkim {
keyType
version
notes
serviceTypes
flags
publicKeyData
valid
}
dns.dkim: [
0: {
notes: ""
publicKeyData: "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3E9IavfvGHiENM/bFBTJfRLBUE1PV9f2q2mbYOHu2d1zZ3VB22sXnpGN6TV1m8Tq8zUWlXPgkApOaSF/+zRqBuyF6ci1rmcfvFCAHdERXy37bFgi0/EkoslaqEZel4eddqqWt93KuwydPL2jEhd01M+PGbfFfCu65iZFW107u0PhlXWZG0iJbFsBNdp4mKXI4CxWNlVb0xPr0kcYaE0eAi+EcnG5QHONv5cQrQJ6ncUNehV0caUKWibIKTKPmwttPTyTYbF6sWY7olT9FAgbGz5flHHqBVWPXsf5Jivv5HbsJLTdejAvQwm7e+w0S//OFafffZUXgF/yNB4HczZiQIDAQAB"
version: "DKIM1"
flags: []
valid: true
serviceTypes: []
keyType: "rsa"
}
]

๐Ÿงน IMPROVEMENTSโ€‹

  • support mondoo scan -t scheme:// without ://. You can now just mondoo scan -t scheme
  • Add ability to load default ssh elliptic curve keys
  • Try to detect a platform identifier consistent across transports when scanning EC2 instances

๐Ÿ› BUG FIXES AND UPDATESโ€‹

  • Fix bug where the tls resource would panic with concurrent map access
  • Fix bug with machine resource on Linux where it would error out with could not retrieve smbios info for platform: read /sys/class/dmi/id: is a directory
  • Fix aws.accessAnalyzer resource

Mondoo 5.13.0 is out!

ยท 2 min read
Mondoo Core Team

๐Ÿฅณ mondoo 5.13.0 is out!

๐ŸŽ‰ NEW FEATURESโ€‹

DNS resource

This release includes a new resource to make DNS queries to allow testing against DNS records.

dns("mondoo.com").records {
type
rdata
}
dns.records: [
0: {
type: "TXT"
rdata: [
0: "google-site-verification=BJHy4ONNsxrKr7Vtz3g6Y-dJDAOZ3S0PLFdqKVZv6To"
1: "v=DMARC1; p=none; rua=mailto:postmaster@mondoo.com, mailto:dmarc@mondoo.com; sp=none; pct=100; adkim=r; aspf=r"
2: "v=spf1 include:_spf.google.com include:_spf.salesforce.com include:amazonses.com include:mail.zendesk.com ~all"
]
}
1: {
type: "SOA"
rdata: [
0: "ns-cloud-c1.googledomains.com. cloud-dns-hostmaster.google.com. 1 21600 3600 259200 300"
]
}
2: {
type: "MX"
rdata: [
0: "10 alt3.aspmx.l.google.com."
1: "5 alt2.aspmx.l.google.com."
2: "1 aspmx.l.google.com."
3: "10 alt4.aspmx.l.google.com."
4: "5 alt1.aspmx.l.google.com."
]
}
3: {
type: "NS"
rdata: [
0: "ns-cloud-c2.googledomains.com."
1: "ns-cloud-c3.googledomains.com."
2: "ns-cloud-c1.googledomains.com."
3: "ns-cloud-c4.googledomains.com."
]
}
4: {
type: "A"
rdata: [
0: "76.223.34.124"
1: "13.248.160.137"
]
}
]

CVE View through the CLI

In this release, we're introducing a new command to get a view of CVEs affecting a space:

mondoo vuln list //captain.api.mondoo.app/spaces/test-infallible-taussig-796596

vuln list

๐Ÿงน IMPROVEMENTSโ€‹

  • Improved query error handling
  • Introduce a new certificate.expiresIn field to get the remaining time !1680
  • The mount resource is now supported for file system based scans through /etc/fstab

โš ๏ธ BREAKING CHANGES:

  • The certificate resources has the following breaking changes:
    1. renamed hashs field to fingerprints
    2. use camelCase for certificate fields

Mondoo 5.12.2 is out!

ยท 4 min read
Mondoo Core Team

๐Ÿฅณ mondoo 5.12.0 is out!

๐ŸŽ‰ NEW FEATURESโ€‹

TLS resource

We are releasing a new resource that allows you to test remote TLS and SSL connections.

This resource is currently in preview and may be adjusted or expanded in the next month.

Whenever you run the tls resource against a target, we will execute a range of tests with the endpoint to see which features it can support:

tls("mondoo.com") {
versions
ciphers
}
tls: {
versions: [
0: "tls1.3"
1: "tls1.2"
]
ciphers: [
0: "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305"
1: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
2: "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"
3: "TLS_CHACHA20_POLY1305_SHA256"
4: "TLS_AES_128_GCM_SHA256"
5: "TLS_AES_256_GCM_SHA384"
6: "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
7: "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
8: "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"
]
}

Additionally, you can gain access to certificates available on the TLS/SSL endpoint, including the entire certificate chain:

tls("mondoo.com").certificates {
subject.dn
issuer.dn
}
tls.certificates: [
0: {
subject.dn: "CN=*.edge.easyredir.net"
issuer.dn: "CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB"
}
1: {
subject.dn: "CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB"
issuer.dn: "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US"
}
2: {
subject.dn: "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US"
issuer.dn: "CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB"
}
]

Port resources

We are also releasing a new resource to allow users to query open ports on their systems. This resource is currently in preview and may be expanded and adjusted in the next month.

ports.list {
state
port
protocol
process.executable
user
}
ports.list: [
0: {
state: "established"
user: user id = user/1000/zero
port: 41260
protocol: "tcp"
process.executable: "GeckoMain"
}
1: {
state: "established"
user: user id = user/1000/zero
port: 51690
protocol: "tcp"
process.executable: "GeckoMain"
}
...

You can simply query listening ports via:

ports.listening {
port
protocol
address
user
}
ports.listening: [
0: {
protocol: "tcp"
port: 22
user: user id = user/0/root
address: "0.0.0.0"
}
1: {
protocol: "tcp"
port: 443
user: user id = user/1000/zero
address: "127.0.0.1"
}
...

Empty fields in MQL resources

Problem: Some resources may have fields that don't have values. So far, this created a challenge in MQL in cases where we couldn't create the resource if its dependencies were null. For example: If we wanted to show a port resource but didn't know its running process.

Solution: Allow resources to be initialized with null fields. When extracting values from it, it will render the entire resource as null instead of printing errors for individual fields:

ports.list {
port
process {
executable
pid
}
}

Results in:

ports.list: [
0: {
port: 34454
process: {
pid: 1121
executable: "GeckoMain"
}
}
1: {
port: 68
process: null
}
...
]

This is in line with the expected behavior in GraphQL.

Comments in MQL

Problem: MQL is oriented around providing querying capabilities found in GraphQL with scripting found in other lightweight languages like JavaScript. The latter had informed our commenting style in MQL, which was limited to //. This created problems where users would try comments via # resulting in broken queries.

Solution: After careful review we decided to switch comments to use # as the preferred commenting style. This both aligns with comments in YAML, thus making policy editing easier, and with GraphQL comments.

At the same time we still support and will continue to support comments via //. These are not recommended and may be auto-formatted in the future, but are available as well.

mondoo {
# This is the recommended commenting style ๐Ÿคฉ
version build
}

Shell commands

Problem: When using the shell users would try to hit CTRL + C to clear the line but instead exited the shell. This was unexpected to most as most CLI shells behave differently.

Solution: The Mondoo shell now doesn't exit when you hit CTRL + C anymore. Instead it prints a newline. Additionally, CTRL + D now exits the shell, alongside the already existing exit command. This is in line with most other shell environments we tested.

Additionally you can now hit CTRL + Z to pause the execution and send the Mondoo shell to the background. Like other Linux/macOS/Unix commands, you can restore it using fg in Bash/Zsh/etc.

๐Ÿงน IMPROVEMENTSโ€‹

  • Add basic support for SUSE Linux Enterprise Micro
  • AWS Lambda function is now scheduled to update once every 8 hours instead of hourly
  • ๏ธUse connection hostname as vSphere API hostname so users can distinguish them
  • Agents can now report more error messages to the server, which will ease debugging in the future

๐Ÿ› BUG FIXES AND UPDATESโ€‹

  • regex.email has been improved to more accurately capture email addresses

Mondoo 5.11.0 is out!

ยท One min read
Mondoo Core Team

๐Ÿฅณ mondoo 5.11.0 is out!

๐ŸŽ‰ FEATURES

  • Export the Mondoo scan report as CSV. You can try it using mondoo scan -o csv
  • Added the lsblk resource for querying unmounted block devices
  • Added aws.ec2.instances { image } for querying information about the AMI used to launch the instance
  • You can now query the group resource for a user: users.list { group }
  • Expose EC2 instance launch time to enable queries like aws.ec2.instances { launchTime }

๐Ÿงน IMPROVEMENTS

  • Improvements to Distribution Independent Linux Policy queries

๐Ÿ› BUG FIXES AND UPDATES

  • Fix bug where # used as a comment in MQL queries would cause the query to erroneously compile
  • Fix service detection for openSUSE-leap

Mondoo 5.10.0 is out!

ยท One min read
Mondoo Core Team

๐Ÿฅณ mondoo 5.10.0 is out!

๐ŸŽ‰ FEATURES

  • Updates to CIS DIL and Linux policies, networking queries added and others with improved accuracy.
  • New MQL query feature: string array.where(/regex/) now supported! Where regex

๐Ÿงน IMPROVEMENTS

  • Introduced regex flags i, m, and s for interacting with regex queries in MQL

    • i for case-insensitive pattern matching

    • s allows . to match newlines

    • m allows the matching of entire lines with ^ and $ for beginning and end of line

    regex flags

  • Introduce common regex resource in MQL, allowing for easy use of common regex patterns. common regex

๐Ÿ› BUG FIXES AND UPDATES

  • Fix file resource Setuid and Setgid detection for the local transport
  • Fix bug where incorrect file permissions would be cached
  • Fix bug where errors would not be correctly propagated and would lead to execution timeouts

Mondoo 5.9.0 is out!

ยท One min read
Mondoo Core Team

๐Ÿฅณ mondoo 5.9.0 is out!

๐ŸŽ‰ FEATURES

  • Added a new YAML Parsing resource

YAML Resource

  • Improved Help Output Improved Help

  • Added resource to parse iptables and socket stats

  • Added 'clear' command to clear the mondoo shell

๐Ÿ› BUG FIXES AND UPDATES

  • Fix bug where policies uploaded through the CLI would always be unscored
  • Check if vsphere api response is available
  • fix early reading of contents in file resource
  • fix mql race conditions

Mondoo 5.7.0 is out!

ยท One min read
Mondoo Core Team

๐Ÿฅณ mondoo 5.7.0 is out!

๐ŸŽ‰ FEATURES

  • Generate chat alerts for score changes ๐ŸŽ‰

Chat alert

See the documentation for more details about how to setup chat alerts for your space.

๐Ÿงน IMPROVEMENTS

  • Add ability to sort the assets by score
  • Improvements to quick-start navigation and added instructions for setting up integrations with Azure, GCP and VMware
  • Improved the dashboard stats cards
  • Rename mondoo agents commands to mondoo client

๐Ÿ› BUG FIXES AND UPDATES

  • Prevent exceptions from being invalidated when policies are updated
  • Fix bug where a flicker was observed while creating a new space and org
  • Fix bug where a flicker was observed while navigating to and from errored assets details
  • Fix bug that prevented users from seeing the results of a custom policy in the UI
  • Fix examples for AWS integration EC2 filtering by tag
  • Make the total assets number "clickable"