Skip to content

Commit

Permalink
Add 10.10 release notes (#87)
Browse files Browse the repository at this point in the history 
* Add 10.10 release notes

Signed-off-by: Tim Smith <[email protected]>

* Update releases/2024-04-02-mondoo-10.10-is-out.md

Co-authored-by: Letha <[email protected]>

* Update releases/2024-04-02-mondoo-10.10-is-out.md

Co-authored-by: Letha <[email protected]>

* Update releases/2024-04-02-mondoo-10.10-is-out.md

Co-authored-by: Letha <[email protected]>

* Update releases/2024-04-02-mondoo-10.10-is-out.md

Co-authored-by: Letha <[email protected]>

* Update releases/2024-04-02-mondoo-10.10-is-out.md

Co-authored-by: Letha <[email protected]>

* Update releases/2024-04-02-mondoo-10.10-is-out.md

Co-authored-by: Letha <[email protected]>

* Update releases/2024-04-02-mondoo-10.10-is-out.md

Co-authored-by: Letha <[email protected]>

* Update releases/2024-04-02-mondoo-10.10-is-out.md

Co-authored-by: Letha <[email protected]>

* Update releases/2024-04-02-mondoo-10.10-is-out.md

Co-authored-by: Letha <[email protected]>

---------

Signed-off-by: Tim Smith <[email protected]>
Co-authored-by: Letha <[email protected]>
  • Loading branch information
@tas50 @misterpantz
tas50 and misterpantz authored Apr 3, 2024
1 parent e4d0dfd commit 4d3305e
Show file tree
Hide file tree
Showing 6 changed files with 216 additions and 119 deletions.
1 change: 1 addition & 0 deletions .github/workflows/cla.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
---
name: "CLA Assistant"
on:
issue_comment:
Expand Down
36 changes: 20 additions & 16 deletions docs/mql/resources/aws-pack/aws.autoscaling.group.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,19 +20,23 @@ The `aws.autoscaling.group` resource provides fields representing an individual

**Fields**

| ID | TYPE | DESCRIPTION |
| ----------------------- | ----------------- | ------------------------------------------------------------------------------------------- |
| arn | string | ARN for the autoscaling group |
| name | string | Name of the group |
| loadBalancerNames | &#91;&#93;string | List of load balancer names associated with the group |
| healthCheckType | string | Health check type used by the group: ELB or EC2 |
| tags | map[string]string | Tags for the asg |
| region | string | The region of the Auto Scaling group |
| minSize | int | The minimum number of instances to scale down to |
| maxSize | int | The maximum number of instances to scale up to |
| defaultCooldown | int | The time to wait after scaling up / down before the next scaling event is started |
| launchConfigurationName | string | The name of the launch configuration |
| healthCheckGracePeriod | int | The grace period in seconds before an instance with a failing health check will be replaced |
| createdAt | time | Time when the autoscaling group was created |
| maxInstanceLifetime | int | The maximum amount of time, in seconds, that an instance can be in service |
| desiredCapacity | int | The desired size of the group |
| ID | TYPE | DESCRIPTION |
| ----------------------- | ------------------------------------------------- | ------------------------------------------------------------------------------------------- |
| arn | string | ARN for the autoscaling group |
| name | string | Name of the group |
| loadBalancerNames | &#91;&#93;string | List of load balancer names associated with the group |
| healthCheckType | string | Health check type used by the group: ELB or EC2 |
| tags | map[string]string | Tags for the asg |
| region | string | The region of the Auto Scaling group |
| minSize | int | The minimum number of instances to scale down to |
| maxSize | int | The maximum number of instances to scale up to |
| defaultCooldown | int | The time to wait after scaling up / down before the next scaling event is started |
| launchConfigurationName | string | The name of the launch configuration |
| healthCheckGracePeriod | int | The grace period in seconds before an instance with a failing health check will be replaced |
| createdAt | time | Time when the autoscaling group was created |
| maxInstanceLifetime | int | The maximum amount of time, in seconds, that an instance can be in service |
| desiredCapacity | int | The desired size of the group |
| availabilityZones | &#91;&#93;string | List of availability zones associated with the group |
| capacityRebalance | bool | Indicates whether Capacity Rebalancing is enabled |
| defaultInstanceWarmup | int | The duration of the default instance warmup, in seconds |
| instances | &#91;&#93;[aws.ec2.instance](aws.ec2.instance.md) | The EC2 instances associated with the group |
80 changes: 80 additions & 0 deletions releases/2024-04-02-mondoo-10.10-is-out.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
---
slug: mondoo-10.10-is-out/
title: Mondoo 10.10 is out!
author: Tim Smith
author_title: Mondoo Core Team
author_url: https://github.com/tas50
tags: [release, mondoo]
---

## 🥳 Mondoo 10.10 is out! This release includes XZ Utils vulnerability detection, expanded AWS asset inventory, and more!

Get this release: [Installation Docs](https://mondoo.com/docs/cnspec/) | [Package Downloads](https://releases.mondoo.com/cnspec/) | [Docker Container](https://hub.docker.com/r/mondoo/cnspec)

---

## 🎉 NEW FEATURES

### XZ Utils Vulnerability policy

The recent XZ supply chain attack in XZ 5.6.0 and 5.6.1 (CVE-2024–3094) thankfully didn't make it into any mainstream enterprise Linux distributions. There's still a significant risk if employees are running rolling distributions or pre-releases of upcoming Linux distros. To quickly evaluate your CVE-2024–3094 exposure, we've created a new XZ Vulnerability (CVE-2024–3094) policy that looks for XZ 5.6.0/5.6.1 on impacted Linux releases:

- Alpine
- Arch
- Debian trixie/sid
- Fedora 40
- Kali 2024.1
- openSUSE Tumbleweed

![XZ Vulnerability Policy affected assets](/img/releases/2024-04-02-mondoo-10.10-is-out/xz_policy.png)

## 🧹 IMPROVEMENTS

### Improved AWS asset overview information

Get the context you need to resolve security findings quickly with expanded overview information on AWS assets:

- Volume size on EBS volumes and snapshots
- Database engine version on RDS instances
- Storage size and type on RDS instances
- Table size on DynamoDB tables
- Retention time on CloudWatch log groups

![RDS instance with expanded asset overview](/img/releases/2024-04-02-mondoo-10.10-is-out/asset_overview.png)

### Expanded Endpoint Detection and Response policy support

Detect the ESET EDR in the Endpoint Detection and Response (EDR) policy.

### New Terraform checks in CIS GCP Foundation policy

Flag critical security misconfigurations before they ever run in your infrastructure with expanded Terraform config checks in the CIS Google Cloud Platform Foundation policy. New checks evaluate Terraform configs for proper [GCP uniform bucket level access](https://cloud.google.com/storage/docs/uniform-bucket-level-access) setup.

### Fedora 40 EOL/CVE detection

The [Fedora 40 beta](https://www.redhat.com/en/blog/fedora-40-beta-now-available) is now available for testing, and Mondoo is ready with CVE and EOL detection for this upcoming Linux release. Keep your test systems safe from critical vulnerabilities such as the compromised XZ release (CVE-2024–3094) that originally shipped in this beta.

### Resource improvements

#### aws.autoscaling.groups

- Improve resource default values
- New `availabilityZones` field
- New `capacityRebalance` field
- New `defaultInstanceWarmup` field
- New `desiredCapacity` field
- New `instances` field
- New `maxInstanceLifetime` field

#### aws.cloudfront.distributions

- New `cnames` field

## 🐛 BUG FIXES AND UPDATES

- Improve performance of AWS cloud detection.
- Fix Windows policies with multi-language support to rely on the system language instead of the locale.
- Simplify the Linux server installation instructions.
- Support vulnerability scanning of RPMs with a `^` symbol in the name.
- Update additional CIS GCP Foundations checks to work against Terraform configs.
- Fix the `CIS VMware ESXi 6.7 Benchmark - Corporate/Enterprise Environment` policy to only apply to VMware 6.
Binary file added static/img/releases/2024-04-02-mondoo-10.10-is-out/asset_overview.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added static/img/releases/2024-04-02-mondoo-10.10-is-out/xz_policy.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading

0 comments on commit 4d3305e

Please sign in to comment.