Skip to main content

Mondoo 7.7 is out!

ยท 5 min read
Tim Smith
Mondoo Core Team

๐Ÿฅณ Mondoo 7.7 is out! This release includes new Kubernetes integration pages & VMware Cloud Director scanning!โ€‹

Get this release: Installation Docs | Package Downloads | Docker Container

๐ŸŽ‰ NEW FEATURESโ€‹

VMware Cloud Director scanningโ€‹

Problem: Your organization uses VMware Cloud Director, and you'd like to secure your deployments with Mondoo policies.

Solution:

Mondoo now includes a set of new VMware vCloud Director resources to help you secure your VMware infrastructure.

Sample queries:

# display vCloud Director version
asset { platform version build }
asset: {
  build: "20079017"
  version: "10.4.0"
  platform: "vcd"
}

# show all vCenter server
vcd.serverInstances { * }

# list all vCenter organizations
vcd.organizations

# list all external networks
vcd.externalNetworks

For additional use cases, see the VMware Cloud Director Resource Pack MQL documentation.

New Kubernetes integrations pagesโ€‹

Problem: Once you've set up a Kubernetes integration in Mondoo, it's difficult to see the status of the resources, including the version of the operator that's running.

Solution: Mondoo has a whole new Kubernetes integration page to help you understand what's running and what's been detected. This page includes essential status information such as the Kubernetes release, operator release, and the enabled scanning methods. It also includes a quick summary of everything that's been detected by the operator with a link to view operator-scanned assets in the fleet view.

New Kubernetes integration page

Overview data for assetsโ€‹

Problem: In scan results, it can be hard to understand an asset's location or platform.

Solution: We redesigned the Mondoo asset pages to make finding details about your assets easier. We've combined multiple tabs into a new summarized main page that folds asset metadata into the main view.

New asset page

Debian 11 and Ubuntu 22.04 CIS level 1 & 2 policiesโ€‹

Problem: You're running the latest Debian and Ubuntu releases and you need to apply CIS policies to meet regulatory requirements.

Solution: Mondoo now includes CIS Level 1 and 2 policies for Ubuntu 22.04 and Debian 11.

๐Ÿงน IMPROVEMENTSโ€‹

Assets now display their last scanned timeโ€‹

We've updated the asset pages to better describe when assets were scanned and when they last checked into Mondoo Platform. Previously we tracked only the update time, which showed the last time the asset had checked in either through a CLI scan or a non-scanning integration discovery. This led to confusion since some AWS assets looked as though they had just been scanned after the integration discovery ran. You now see both the scan time and the update time so you can better understand how old scan results are and when assets were last seen.

Update vs. Scanned Time

Automatic stale service account cleanupโ€‹

Mondoo now automatically cleans up service accounts that sit unused for 30 days. This reduces both clutter and the risk of account compromise.

Policy improvementsโ€‹

This week we made several improvements to Linux and Kubernetes policies with new and updated controls:

  • Add new Ensure the kubelet is not configured with the AlwaysAllow authorization mode and The default namespace should not be used controls to the NSA Kubernetes Hardening Guide policy.
  • Add new Use clear naming for external channels control to the Slack Security Best Practices policy.
  • Add new Ensure system accounts are non-login control to the BSI SYS.1.3 Linux and Unix Servers policy.
  • Update the Slack Security Best Practices policy to collect the names of all Slack workstation admins.
  • Update the Slack Security Best Practices policy to ignore the SlackBot users when ensuring users have 2FA enabled.
  • Ensure the Linux Security policy's auditd controls can run when scanning containers, EBS volumes, or Kubernetes nodes.
  • Update the Ensure system accounts are non-login control in CIS policies to treat accounts with a UID < 1000 as non-system accounts instead of < 500.

MQL Improvementsโ€‹

Empty arrays evaluate as falseโ€‹

We've updated MQL to treat an empty array as a false-like (falsey) value. This means queries like list.where(a == 1), which return an empty array, now evaluate as false instead of true. This may correct code in your environment that was intended to fail, but didn't due to the empty array result.

IPv6 data in the port resourceโ€‹

The port resource now includes TCP/UDP port information for IPv6 addresses in additional to IPv4 addresses.

Indexed array outputโ€‹

Query results that return an array now include the array index in the results so you can more easily find flagged issues or dig deeper into specific results.

Indexed Results

๐Ÿ› BUG FIXES AND UPDATESโ€‹

  • Only attempt to delete EBS volumes if there's a failure during the scan.
  • Fix failures checking file ownership when running under sudo.
  • Fix incorrectly formatted output of scan results on Windows.
  • Fix an error message that included a typo in the suggested --incognito flag.
  • Default to us-east-1 in cnquery/mondoo if no AWS region is provided to avoid failures.
  • Exit with 1 when cnspec fails to connect to an asset.
  • Avoid a crash if asset data cannot be synced to Mondoo Platform.
  • Improve some error messages that included legacy components and client names.
  • Set asset name when EBS scanning if it is provided.
  • Avoid a crash when working with certain dict values in MQL.
  • Avoid a crash when viewing some older service accounts in the console.