Mondoo v7.7.1 releases: Cloud-Native Security & Vulnerability Risk Management
Mondoo is a natural language query system for scanning, deploying, and remediating your cloud-native applications.
Insights into your fleet
Ask questions about your deployments and get answers. Simple questions are answered using AI for recognition and a fast search. Developers use queries based on GraphQL with added JS extensions. Stop searching across multiple tools, parsing and aggregating information.
Mondoo helps find vulnerabilities across all deployments. It works with cloud workloads, containers, kubernetes, VMs, and bare-metal servers. Quickly assess and monitor your assets continuously. Use it as a developer, in your CI/CD, or in your production fleet.
Gain quick understanding into your deployments with our scoring system. Mondoo provides reports for security, and operational efficiency. This helps to prioritize and tackle the problems that have the largest impact. Score are incredibly effective in communicating what needs work and where you shine.
Cloud native and flexible
Mondoo easily integrates with all major cloud providers (AWS, Azure, GCP) and the leading container runtime, Kubernetes. It also supports on-prem deployments. This mix makes it especially well suited for hybrid or multi-cloud use-cases.
Live and uncut
Once set up, Mondoo will watch for changes and update your queries. No need to refresh. Provide IDS functionality with assertions across your fleet. Integrate custom actions and cloud functions whenever a query changes you care about.
The Mondoo agent is a small & cross-platform binary that makes it easy to assess system vulnerabilities. Its main responsibility is to determine installed packages and send the package list including their versions for further analysis to Mondoo’s vulnerability database.
How it works
The agent works by continuously assessing the installed packages and submitting the package metadata to Mondoo API over HTTPS. After the registration with your Mondoo Space, the agent is ready for vulnerability assessments.
The CLI is designed for two use cases:
- run as service for continuous vulnerability assessment
- run on a workstation to assess vulnerabilities for remote systems or docker images
- run docker image scan as part of a CI/CD
Use case: Service
You want to see the vulnerability assessment of your server continuously. The agent runs in the background and submits changes of the installed packages for vulnerability analysis. By using this approach, you always have the latest view of your infrastructure.
The agent can scan the following assets:
- Local Operating System
- Remote Operating System via SSH
- Docker images (local or remote)
- Docker containers (running or stopped)
🐛 BUG FIXES
- Only attempt to delete EBS volumes if there’s a failure during the scan.
- Fix failures checking file ownership when running under sudo.
- Fix incorrectly formatted output of scan results on Windows.
- Fix an error message that included a typo in the suggested
- Default to
us-east-1in cnquery/mondoo if no AWS region is provided to avoid failures.
- Exit with 1 when cnspec fails to connect to an asset.
- Avoid a crash if asset data cannot be synced to the Mondoo Platform.
- Improve some error messages that included legacy components and client names.
- Set asset name when EBS scanning if it is provided.
- Avoid a crash when working with certain dict values in MQL.
- Avoid a crash when viewing some older service accounts in the console.
This week we made several improvements to Linux and Kubernetes policies with new and updated controls:
- Add new
Ensure the kubelet is not configured with the AlwaysAllow authorization modeand
The default namespace should not be usedcontrols to the NSA Kubernetes Hardening Guide policy.
- Add new
Use clear naming for external channelscontrol to the Slack Security Best Practices policy.
- Add new
Ensure system accounts are non-logincontrol to the BSI SYS.1.3 Linux and Unix Servers policy.
- Update the Slack Security Best Practices policy to collect the names of all Slack workstation admins.
- Update the Slack Security Best Practices policy to ignore the SlackBot users when ensuring users have 2FA enabled.
- Ensure the Linux Security policy’s auditd controls can run when scanning containers, EBS volumes, or Kubernetes nodes.
- Update the
Ensure system accounts are non-logincontrol in CIS policies to treat accounts with a UID < 1000 as non-system accounts instead of < 500.
© Copyright 2019 Mondoo.