Skip to main content

Mondoo 6.4 is out!

ยท 3 min read

๐Ÿฅณ Mondoo 6.4 is out! This release includes new GitHub resources and improvements to the Linux Baseline policy.


Get this release: Installation Docs | Client Download | Installation Service | Docker Container | Kubernetes Operator


๐ŸŽ‰ FEATURESโ€‹

New GitHub Resource Capabilitiesโ€‹

Problem: Customers want to write Mondoo policies to ensure the security of their GitHub repositories and organizations

Solution: Mondoo is writing resources to allow users to gather critical information about the security stance of their GitHub Organization and any public repositories they wish to examine.

Connect to mondoo shell to begin discovering more about your GitHub infrastructure:

mondoo shell -t github --option token=${GH_TOKEN} --option login=USERNAME

mondoo shell -t github --option token=${GH_TOKEN} --option organization=ORGANIZATIONNAME

Ask questions and discover:

github.organization { repositories { files { path type  isBinary files { path type  isBinary files  } } }}

github.repository("chris-rock/bubbletea") { files { content} }

Assess:

github.organization { repositories { default=defaultBranchName branches.where(name == default) { protected }}}

github.repository("chris-rock/bubbletea") { archived == false hasIssues == true}

Keep an eye out for our Github Security Policy that should be shipping in the next month ๐ŸŽ‰

New Enterprise Windows Installerโ€‹

Problem: Customers want to fully automate the installation of Mondoo on Windows using MDM or configuration management solutions.

Solution: A new enterprise Mondoo MSI Installer (mondoo-enterprise.msi) has been created to make the automated setup of Mondoo simpler. This new installer requires a REGISTRATIONTOKEN value, which it uses to automatically register the system with Mondoo and then start the service.

๐Ÿงน IMPROVEMENTSโ€‹

Improved Linux Baseline Policyโ€‹

Problem: Customers want the best possible out of the box policies for securing their Linux systems

Solution: Update the Linux Security Baseline policy to provide additional security recommendations as well as more reliable checks. All checks involving systemd services now check to see if the service is both running and enabled. The Ensure filesystem integrity is regularly checked query now matches the remediation steps. We also updated a number of remediation steps to include SLES instructions.

๐Ÿ› BUG FIXESโ€‹

  • Improve the display of the Mondoo Console on mobile devices
  • Display error messages when the AWS integrations fail to scan instances
  • Add links to OpenShift and cert-manager on the K8s Integration setup page
  • Fix invalid example code in the 'Generate Long-Lived Credentials' Integration page
  • Return actual asset error when scanning on CLI without policies set
  • Fix remediations steps for priveleged containers in the Kubernetes Application Benchmark by Mondoo
  • Fix the Mondoo Client Windows service failing to stop
  • Various fixes to the junit output from Mondoo Client
  • Only scan unique container images when running mondoo scan k8s --discover=all
  • Remove version checks in the Mondoo Operator that block upgrading an existing operator