Hack Tools

Mondoo v0.6 releases: Cloud-Native Security & Vulnerability Risk Management

Posted on

Mondoo

Mondoo is a natural language query system for scanning, deploying and remediating your cloud-native applications.

Feature

Insights into your fleet

Ask questions about your deployments and get answers. Simple questions are answered using AI for recognition and a fast search. Developers use queries based on GraphQL with added JS extensions. Stop searching across multiple tools, parsing and aggregating information.

Find Vulnerabilities

Mondoo helps find vulnerabilities across all deployments. It works with cloud workloads, containers, kubernetes, VMs, and bare-metal servers. Quickly assess and monitor your assets continuously. Use it as a developer, in your CI/CD, or in your production fleet.

Scorecards

Gain quick understanding into your deployments with our scoring system. Mondoo provides reports for security, and operational efficiency. This helps to prioritize and tackle the problems that have the largest impact. Score are incredibly effective in communicating what needs work and where you shine.

Cloud native and flexible

Mondoo easily integrates with all major cloud providers (AWS, Azure, GCP) and the leading container runtime, Kubernetes. It also supports on-prem deployments. This mix makes it especially well suited for hybrid or multi-cloud use-cases.

Live and uncut

Once set up, Mondoo will watch for changes and update your queries. No need to refresh. Provide IDS functionality with assertions across your fleet. Integrate custom actions and cloud functions whenever a query changes you care about.

The Mondoo agent is a small & cross-platform binary that makes it easy to assess system vulnerabilities. Its main responsibility is to determine installed packages and send the package list including their versions for further analysis to Mondoo’s vulnerability database.


How it works

The agent works by continuously assessing the installed packages and submitting the package metadata to Mondoo API over HTTPS. After the registration with your Mondoo Space, the agent is ready for vulnerability assessments.

The CLI is designed for two use cases:

  • run as service for continuous vulnerability assessment
  • run on a workstation to assess vulnerabilities for remote systems or docker images
  • run docker image scan as part of a CI/CD

Use case: Service

You want to see the vulnerability assessment of your server continuously. The agent runs in the background and submits changes of the installed packages for vulnerability analysis. By using this approach, you always have the latest view of your infrastructure.

Use case: Workstation or CI/CD

You want to assess the vulnerabilities of a system that is accessible via SSH.

[pastacode lang=”markup” message=”” highlight=”” provider=”manual”]

mondoo vuln -t ssh://[email protected] Start vulnerability scan: → verify platform access to ssh://[email protected] → gather platform details → detected amzn 2 → gather platform packages for vulnerability scan → found 433 packages → analyse packages for vulnerabilities Advisory Report: → ■ found no advisories → report is available at https://mondoo.app/v/goofy-hofstadter-187738/gallant-payne-155889/reports/1NmpiPcVfQZLT2GDylRjOc1wSMh

[/pastacode]

 

 

 

 

Another option is to quickly scan a docker image stored in a docker registry:

[pastacode lang=”markup” message=”” highlight=”” provider=”manual”]

mondoo vuln -t docker://centos:7 Start vulnerability scan: → verify platform access to docker://centos:7 → gather platform details → detected centos 7.6.1810 → gather platform packages for vulnerability scan → found 146 packages → analyse packages for vulnerabilities Advisory Report: ■ PACKAGE INSTALLED VULNERABLE (<) ADVISORY ■ 9.8 python 2.7.5-76.el7 0:2.7.5-77.el7_6 https://mondoo.app/advisories/RHSA-2019%3A0710 ╰─ 9.8 python 2.7.5-76.el7 0:2.7.5-80.el7_6 https://mondoo.app/advisories/RHSA-2019%3A1587 ■ 9.8 python-libs 2.7.5-76.el7 0:2.7.5-77.el7_6 https://mondoo.app/advisories/RHSA-2019%3A0710 ╰─ 9.8 python-libs 2.7.5-76.el7 0:2.7.5-80.el7_6 https://mondoo.app/advisories/RHSA-2019%3A1587 ■ 8.8 libssh2 1.4.3-12.el7 0:1.4.3-12.el7_6.2 https://mondoo.app/advisories/RHSA-2019%3A0679 ■ 8.6 bind-license 32:9.9.4-73.el7_6 32:9.9.4-74.el7_6.1 https://mondoo.app/advisories/RHSA-2019%3A1294 ■ 4.7 openssl-libs 1:1.0.2k-16.el7 1:1.0.2k-16.el7_6.1 https://mondoo.app/advisories/RHSA-2019%3A0483 → ■ found 5 advisories: 2 critical, 2 high, 1 medium, 0 low, 0 none, 0 unknown → report is available at https://mondoo.app/v/goofy-hofstadter-187738/gallant-payne-155889/reports/1NmZsWAQUmlXGtf5dqt083hfRJx exit status 104

[/pastacode]

 

 

 

 

The agent can scan the following assets:

  • Local Operating System
  • Remote Operating System via SSH
  • Docker images (local or remote)
  • Docker containers (running or stopped)

Changelog v0.6

  • 0bf25a2 update terraform dependencies & use new mondoo interface
  • de57220 update packer dependencies & use new mondoo interface
  • 8fed924 update documentation for vagrant example
  • 0dd4308 add documentation for msi
  • 85b2c56 remove unused diagnose documentation
  • 6ee8b80 update cli documentation

Install && Use

© Copyright 2019 Mondoo.



The post Mondoo v0.6 releases: Cloud-Native Security & Vulnerability Risk Management appeared first on Penetration Testing.

Related Items:
To Top

Pin It on Pinterest

Share This