What is Mondoo and why should you use it?

by Paul Strebenitzer

Protecting your digital assets isn't just about safeguarding data; it's about safeguarding your business's reputation, integrity, and longevity. With cyber threats evolving constantly, the stakes have never been higher. Amidst these challenges, there is a simple yet effective solution for assessing and securing resources.

Mondoo is a comprehensive security tool designed to continuously assess the security of your IT infrastructure, both during development and in production. It operates by employing policy-as-code automation, allowing you to identify risks, CVEs (Common Vulnerabilities and Exposures), and misconfigurations, thereby enhancing your overall security posture.

One of Mondoo's key features is its use of high-level code for creating policies, and streamlining security compliance and best practices. Users can select from a range of pre-configured policies certified by Mondoo and the Center for Internet Security, or tailor requirements to suit their organisation's specific needs. Mitigation recommendations for every single test case provide users with actionable insights for remediation, ensuring a proactive approach to addressing vulnerabilities and maintaining a robust security posture across their entire infrastructure.

Integration with CI/CD pipelines is seamless with Mondoo, enabling automatic scans to detect vulnerabilities and misconfigurations early in the development process, preventing issues from reaching production without disrupting builds.

Here's why you should consider using Mondoo:

1. Assess: Quickly adopt security standards by selecting from ready-made policies and scanning your resources.
2. Discover: Identify vulnerabilities and misconfigurations in real time.
3. Build: Embed security into every phase of the development lifecycle.
4. Collaborate: Facilitate collaboration between DevOps and Security teams with a shared objective.

Mondoo isn't limited to specific types of infrastructure; it covers a broad spectrum, including:

• Public cloud platforms like AWS, Microsoft Azure, and Google Cloud.
• Private cloud environments such as VMware (vCenter / ESXi).
• Kubernetes clusters, whether managed (EKS, GKE, AKS) or self-managed, along with Kubernetes manifests.
• Containers and container registries like ECR, ACR, GCR, Harbor, and Docker Hub.
• Various server or endpoint types including Linux, IBM AIX, Windows, FreeBSD, and macOS.
• SaaS services like Microsoft 365, Google Workspace, Okta, GitHub, GitLab, and Slack.
• Software supply chain tools including Azure Pipelines, CircleCI, GitHub Actions, GitLab CI/CD, and more.
• SSL and TLS certificates.

Moreover, you have the option to receive notifications in case of changes in asset scores or configurations, keeping you informed and proactive in maintaining the security of your infrastructure.

By integrating security into every stage of the change process, Mondoo helps you identify and rectify security vulnerabilities and misconfigurations proactively. Whether you're testing infrastructure during development or automating checks within your CI/CD pipeline, Mondoo ensures continuous compliance and security across all your environments.

cnspec amp; cnquery

cnspec is an invaluable open source CLI tool designed to assess the security of your entire infrastructure. In today's digital landscape, where attackers are relentlessly looking for vulnerabilities to exploit, cnspec is a simple yet critical tool for quickly scanning assets.

At the heart of cnspec are its robust security policies, which consist of high-level code. Each policy represents a set of checks that verify compliance with standards set by industry best practices. These checks range from ensuring secure SSL/TLS configurations, to mandating multi-factor authentication, to protecting against inadvertent disclosure of sensitive data.

But what really sets cnspec apart is its flexibility. While it comes with a wide range of pre-configured policies, it allows you to customise and extend these policies to meet your organisation's unique security requirements.

cnspec doesn't stop at discovering vulnerabilities - it provides you with actionable intelligence to drive remediation efforts. With options to export scan results in human-readable formats or machine-friendly formats such as Junit or JSON, cnspec integrates seamlessly into your automation workflows, whether it's within your development pipeline or production monitoring setup.

With seamless integration with over 600 resources, cnquery is your companion for unravelling the intricacies of your systems. Whether you're aggregating package information across containers, identifying cloud instances exposed to the internet, or uncovering outdated certificates lurking in Kubernetes clusters, cnquery puts actionable intelligence at your fingertips.

What sets cnquery apart is its intuitive query language, MQL. Combining the efficiency of a graph database approach with powerful filtering capabilities, MQL allows you to effortlessly formulate complex queries and extract the exact information you need in record time.

The results of cnspec can be viewed directly from the CLI where it was run, or within the Mondoo Dashboard UI.

mondoohq/cnspec

What Is cnspec? | Mondoo Docs

mondoohq/cnquery

What Is cnquery? | Mondoo Docs

Example Scan for local workstation

1cnspec scan local        

Output:

1Checks:2? Pass:  Disable Media Sharing3? Pass:  Do not enable the "root" account4? Pass:  Disable Bluetooth Sharing5? Fail:  Enable security auditing6? Pass:  Enable Firewall7...8? Fail:  Ensure Firewall is configured to log9? Pass:  Ensure nfs server is not running.10? Pass:  Disable Content Caching11? Fail:  Ensure AirDrop Is Disabled12? Pass:  Control access to audit records13Summary14========================15Target:     user-macbook-pro16Score:      A    80/100     (100% completed)17? Passed:   ███████████ 70% (21)18? Failed:   ███ 17% (5)19! Errors:   ██ 13% (4)20? Skipped:  0% (0)21Policies:22A  80  macOS Security by Mondoo23Scanned 1 assets24macOS25B Stella.home26For detailed output, run this scan with "-o full".        

Example Query using cnquery shell

1cnquery shell2users { * }        

Output:

1users.list: [20: {3sid: ""4enabled: false5gid: 2426shell: "/usr/bin/false"7uid: 2428authorizedkeys.list: stat /var/db/nsurlsessiond/.ssh/authorized_keys: permission denied9home: "/var/db/nsurlsessiond"10name: "_nsurlsessiond"11group: group name="_nsurlsessiond" gid=24212sshkeys: stat /var/db/nsurlsessiond/.ssh: permission denied13}141: {15sid: ""16enabled: false17gid: 27218shell: "/usr/bin/false"19uid: 27220authorizedkeys.list: []21home: "/var/db/diagnostics"22name: "_logd"23group: group name="_logd" gid=27224sshkeys: []25}262: {27sid: ""28enabled: false29gid: 7830shell: "/usr/bin/false"31uid: 7832authorizedkeys.list: []33home: "/var/empty"34name: "_mailman"35group: group name="_mailman" gid=7836sshkeys: []37}38...39]        

Conclusion

In conclusion, Mondoo is a trusted partner in the ongoing effort to protect digital assets, offering comprehensive security solutions that adapt and evolve with evolving cyber threats, providing peace of mind and resilience in an increasingly complex digital landscape.

Integrating your assets is easy, and with Mondoo's GitHub Actions and Terraform Provider plugin, you can automate the process effortlessly. Our comprehensive guide to the Mondoo Terraform plugin provides step-by-step instructions to ensure seamless integration and continuous security monitoring of your infrastructure: How to use Mondoo with Terraform.