Mondoo 5.18.0 is out!

Back to releases

🥳 mondoo 5.18.0 is out!

🎉 NEW FEATURES

** Use Mondoo to verify certificate chains **

You can now use the isVerified field on the certificate resource to check whether or not a certificate chain is valid:

JavaScriptCopy
tls("mondoo.com").certificates {
  subject.commonName
  isVerified
}

JavaScriptCopy
tls.certificates: [
  0: {
    isVerified: true
    subject.commonName: "mondoo.com"
  }
  1: {
    isVerified: true
    subject.commonName: "R3"
  }
  2: {
    isVerified: true
    subject.commonName: "ISRG Root X1"
  }
]

** Use Mondoo to query CloudWatch metrics on AWS resources **

Mondoo can now pull CloudWatch statistics for AWS resources. For instance, you can use Mondoo to query the number of invocations and errors for a Lambda function. This can be used to assess error rates, or to detect un-used resources.

Note: Mondoo queries CloudWatch Statistics for the last 24h of data, in 1h intervals.

JavaScriptCopy
aws.cloudwatch.metricstatistics(namespace: "AWS/EBS", region: "us-east-1", name: "VolumeTotalReadTime") {
  label
  datapoints {
    maximum
    average
    sum
  }
}

JavaScriptCopy
aws.cloudwatch.metricstatistics: {
  datapoints: [
    0: {
      average: 0.0004509803921568627
      maximum: 0
      sum: 0.22999999999999998
    }
  ]
  label: "VolumeTotalReadTime"

or

JavaScriptCopy
aws.cloudwatch.metrics {
  name
  namespace
  statistics {
    label
    datapoints
  }
}

JavaScriptCopy
1512: {
    statistics: {
      datapoints: []
      label: "CallCount"
    }
    namespace: "AWS/Logs"
    name: "CallCount"
  }
  1513: {
    statistics: {
      datapoints: []
      label: "CallCount"
    }
    namespace: "AWS/Usage"
    name: "CallCount"
  }
  1514: {
    statistics: {
      datapoints: []
      label: "ThrottleCount"
    }
    namespace: "AWS/Usage"
    name: "ThrottleCount"
  }
  1515: {
    statistics: {
      datapoints: []
      label: "CallCount"
    }
    namespace: "AWS/Usage"
    name: "CallCount"
  }

** Enhanced assessment of yum repo file contents through file field **

Prior to this release, Mondoo could display a list of all configured yum repos. With this new improvement, Mondoo can now not only list all the configured repositories, but inspect the file for each yum repo definition in /etc/yum.repos.d.

With the new file field, the contents are also now available to Mondoo:

JavaScriptCopy
yum.repos {
  name
  file {
    path
    content
  }
}

JavaScriptCopy
yum.repos: [
  0: {
    name: "AlmaLinux 8 - AppStream"
    file: {
      path: "/etc/yum.repos.d/almalinux.repo"
      content: "# almalinux.repo

[baseos]
name=AlmaLinux $releasever - BaseOS
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/baseos
# baseurl=https://repo.almalinux.org/almalinux/$releasever/BaseOS/$basearch/os/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

[appstream]
name=AlmaLinux $releasever - AppStream
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/appstream
# baseurl=https://repo.almalinux.org/almalinux/$releasever/AppStream/$basearch/os/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

[extras]
name=AlmaLinux $releasever - Extras
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/extras
# baseurl=https://repo.almalinux.org/almalinux/$releasever/extras/$basearch/os/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

## Sources
[baseos-source]
name=AlmaLinux $releasever - BaseOS Source
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/baseos-source
# baseurl=https://repo.almalinux.org/almalinux/$releasever/BaseOS/Source/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

[appstream-source]
name=AlmaLinux $releasever - AppStream Source
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/appstream-source
# baseurl=https://repo.almalinux.org/almalinux/$releasever/AppStream/Source/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

[extras-source]
name=AlmaLinux $releasever - Extras Source
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/extras-source
# baseurl=https://repo.almalinux.org/almalinux/$releasever/extras/Source/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

## Debuginfo
[baseos-debuginfo]
name=AlmaLinux $releasever - BaseOS debuginfo
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/baseos-debuginfo
# baseurl=https://repo.almalinux.org/almalinux/$releasever/BaseOS/debug/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

[appstream-debuginfo]
name=AlmaLinux $releasever - AppStream debuginfo
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/appstream-debuginfo
# baseurl=https://repo.almalinux.org/almalinux/$releasever/AppStream/debug/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

[extras-debuginfo]
name=AlmaLinux $releasever - Extras debuginfo
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/extras-debuginfo
# baseurl=https://repo.almalinux.org/almalinux/$releasever/extras/debug/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
"
    }
  }
  ...
}

** Use Mondoo to test that files exist, but have no content **

Mondoo can now detect that an empty file exists at an expected location. One common use case for this test is to detect files written in error to a location that would otherwise be a filesystem or chroot mount point.

We've added a new field to the file resource to query if the file or directory is empty:

JavaScriptCopy
file('/my/empty/file').empty;

JavaScriptCopy
file.empty: true

🧹 IMPROVEMENTS

• The AWS integration reports long-failing CloudFormation update
• Save more information to improve assessments
• Add support for Rocky Linux
• Add support for AlmaLinux

🐛 BUG FIXES AND UPDATES

• Fix bug where AWS Lambda environment would get too big and fail to update
• Fix queries that were not working in the Mondoo AWS Baseline policy