With cnspec, you can use the checks included in the CIS Benchmark for your host to get your initial assessment, and then customize the checks to suit your specific infrastructure needs. And because it's open-source, you can add resources to cover your business needs without waiting for others to prioritize them. This level of customization and control is one of the key benefits of using an open-source solution.
But cnspec isn't just customizable - it's also highly effective. It includes more than 4,000 checks for Windows, Mac, and Linux hosts, cloud environment configurations, GitHub orgs, Terraform, containers, kube clusters, DNS configuration, and more. And with new resources being added all the time, you can be sure that cnspec will always be up-to-date.
One of the best parts of cnspec is that it's agentless, which means there's no need to worry about a long-running process you forget about or special approval to install. Just download the package or binary and assess as needed.
Take, for example, the CIS recommendations for key exchange algorithms. According to their rules, the following algorithms are acceptable:
With cnspec, testing your hosts for compliance with this rule is as simple as this one line:
You can install the tool by running:
Scan with the default checks Mondoo has provided:
Run a single check:
Check the vulnerabilities for your host:
Use the shell to explore more:
And if you need to run these checks at scale, across everything, you can sign up for a free (forever) account on our SaaS to get the visualizations you need to make your life easy.
It's important to remember that assessing and remediating host misconfigurations is key to reducing risk in your infrastructure. With cnspec, you can easily and effectively do just that.
