Releases: mondoohq/cnspec-policies
Releases · mondoohq/cnspec-policies
v2.21.0
What's Changed
- More improvements to the Mondoo Linux Security policy by @tas50 in #451
- fix dmarc checks in mail policy by @atomic111 in #456
Full Changelog: v2.20.0...v2.21.0
v2.20.0
What's Changed
- 🧹 Improving azure policies - Blob storage by @HRouhani in #440
- 🧹 Improving azure policies by @HRouhani in #441
- Azure version Update by @HRouhani in #442
- Sync over the latest and greatest spellcheck config by @tas50 in #443
- Bump check-spelling/check-spelling from 0.0.23 to 0.0.24 by @dependabot in #444
- 🧹 Fix a couple
auditd
-related checks by @mm-weber in #445 - Improve formatting + checks in Mondoo Linux policy by @tas50 in #446
- More updates to the Linux policy by @tas50 in #447
- Fix aide setup instruction + SSH v2 check by @tas50 in #448
- Improve formatting of remediation steps by @tas50 in #449
Full Changelog: v2.19.0...v2.20.0
v2.19.0
What's Changed
- Bump contributor-assistant/github-action from 2.5.1 to 2.6.0 by @dependabot in #435
- 🧹 fix: Ensure root group is empty by @mm-weber in #437
- 🧹 Update github policies to use new resource fields by @jaym in #436
- Bump contributor-assistant/github-action from 2.6.0 to 2.6.1 by @dependabot in #438
- fix sentinelone check in edr policy by @atomic111 in #439
Full Changelog: v2.18.0...v2.19.0
v2.18.0
What's Changed
- add Cortex XDR check by @atomic111 in #430
- fix double quote in Cortex check by @atomic111 in #431
- 🧹 Make titles consistently use Mondoo and not policy by @misterpantz in #432
- Rename the TLS/SSL policy to match our names by @tas50 in #433
- Update AWS policy to not use deprecated field by @tas50 in #434
Full Changelog: v2.17.0...v2.18.0
v2.17.0
What's Changed
- 🧹 Fix:
Container image pull should be consistent
by @mm-weber in #406 - 🧹 Fix
pq: unsupported Unicode escape sequence
in Kubernetes Cluster and Workload Security by @mm-weber in #408 - fix powershell remediation script by @atomic111 in #410
- 🧹 Minor windows improvements by @HRouhani in #411
- 🧹 K8s: Update checks related to workload and securityContext by @mm-weber in #412
- Adds support for Wazuh to EDR policy by @scottford-io in #413
- 🧹 Fixes double mql issues: Mondoo Linux Policy by @mm-weber in #415
- 🧹 quick fix
props:
by @mm-weber in #417 - 🧹 Improving windows policies by @HRouhani in #418
- Discretionary access control permission regex rule not consistent with remediation by @ceso in #404
- add titles for each edr variant by @atomic111 in #419
- Removed check for running sentineld-shell by @marcelhuth in #422
- 🧹 Mondoo Linux Policy - Fix: Don't run
kernel.parameters
checks from inside containers by @mm-weber in #424 - ⭐️ introduce property for gh release branches by @chris-rock in #423
- ⭐️ Add Sophos Endpoint Defense to EDR Policy by @tomtrix in #421
- ⭐️ Adding Dockerfile best Security practices by @HRouhani in #426
- Bump contributor-assistant/github-action from 2.4.0 to 2.5.1 by @dependabot in #428
- 🧹 update aws policy asset filter by @chris-rock in #429
- ⭐️ add recommendations from OWASP HTTP Security Response Headers by @chris-rock in #427
New Contributors
- @ceso made their first contribution in #404
- @marcelhuth made their first contribution in #422
Full Changelog: v2.16.0...v2.17.0
v2.16.0
What's Changed
- Running ESET under MacOS: Modified ESET-service by @marlin-ortner-verkehrsbuero in #390
- Update spelling config + copyright dates by @tas50 in #389
- Add expected words to spelling by @tas50 in #391
- slack policy with domain validation for users of channels by @chris-rock in #371
- 🧹 Improving Linux policies to fit for Container images as well by @HRouhani in #392
- 🧹 Improving openssl policy by @HRouhani in #393
- Bump hashicorp/setup-copywrite from 1.1.2 to 1.1.3 by @dependabot in #395
- Bump contributor-assistant/github-action from 2.3.2 to 2.4.0 by @dependabot in #394
- remove senitnelone updater service from macos check by @atomic111 in #399
- ✨ Mondoo Azure Security : Adding
flexible
SQL Server checks by @mm-weber in #400 - Don't apply http security to anything with a cert by @tas50 in #402
- Updates numbered scoring system to named by @scottford-io in #401
- ⭐️ Add Support for Microsoft Defender in EDR Policy by @HRouhani in #405
New Contributors
- @marlin-ortner-verkehrsbuero made their first contribution in #390
Full Changelog: v2.15.0...v2.16.0
v2.15.0
What's Changed
- 🧹 migrate deprecated github fields by @mm-weber in #384
- 🧹 removed old k8s data queries by @mm-weber in #386
- 🧹 Updating AWS Policies to Align with Recent Developments by @HRouhani in #385
- 🧹 Fix issue in aws - compile by @HRouhani in #387
- 🧹 Fixing the Pipeline Lint Issue by @HRouhani in #383
Full Changelog: v2.14.0...v2.15.0
v2.14.0
What's Changed
- ✨ Mondoo Email Security- added: Ensure Reverse IP Lookup PTR record is set by @mm-weber in #346
- Bump peter-evans/repository-dispatch from 2 to 3 by @dependabot in #343
- ✨ Update to
v9/variants:
Google Cloud (GCP) Security by @mm-weber in #347 - Update platform metadata for the registry by @tas50 in #350
- ⭐️ update macos policy by @atomic111 in #349
- added subject alternate name support by @schnipschnap in #351
- ⭐ Update Mondoo Azure Policy to
variants:
by @mm-weber in #348 - 🧹 Increasing the min password length by @HRouhani in #353
- add check to test if macOS is up to date by @atomic111 in #356
- Fix docs link + update spellcheck by @tas50 in #357
- guid for powershell commands by @schnipschnap in #358
- adding discrimination between DC and MS by @schnipschnap in #355
- update the macOS up to date query, get actionable output by @atomic111 in #360
- New policy to check if the EDR solution is running by @atomic111 in #359
- Add more forbidden patterns to spellcheck by @tas50 in #354
- Updates to the spellcheck patterns by @tas50 in #362
- Be more specific in the EDR filter by @tas50 in #361
- improve asset filter for email security policy by @atomic111 in #363
- Bump softprops/action-gh-release from 1 to 2 by @dependabot in #364
- Simplify asset check filters by @tas50 in #365
- 🧹 Azure NSG checks - Fix bug by @mm-weber in #367
- Bump contributor-assistant/github-action from 2.3.1 to 2.3.2 by @dependabot in #368
- 🧹 Windows : change from OsLocale to OsLanguage by @HRouhani in #369
- Remove dead link to open registry + spellcheck updates by @tas50 in #370
- add ESET solution to edr policy by @atomic111 in #372
- add policy to identify xz backdoor by @atomic111 in #373
- fix title of the check in xz vuln policy by @atomic111 in #376
- ignore deactivated users in Slack 2FA check by @jaybrueder in #375
- 🧹 Fix MacOS issues: Ensure Bluetooth Sharing Is Disabled && more by @mm-weber in #377
- 🧹 macOS: Improve
desc:
Enable FileVault by @mm-weber in #379 - fix http policy to produce better output by @atomic111 in #380
- add policy to check the if the hardware is windows 11 compatible by @atomic111 in #374
- Fix name of policy file by @tas50 in #381
- 🧹 Updating Azure Policies to Align with Recent Azure Ecosystem Developments by @HRouhani in #378
- 🧹 Fixing Azure Lint issue - extra mql by @HRouhani in #382
New Contributors
- @jaybrueder made their first contribution in #375
Full Changelog: v2.13.0...v2.14.0
v2.13.0
What's Changed
- Update links in policies to avoid 301s by @tas50 in #318
- ⭐️ add powershell scripts for remediation by @atomic111 in #309
- Use ensure for titles in SNMP policy by @tas50 in #315
- Fix capitalization of PowerShell by @tas50 in #319
- Fix the GitHub ref by @tas50 in #320
- Use HCL syntax highlighting for TF examples by @tas50 in #316
- remove data queries from policy by @atomic111 in #322
- update the windows workstation policy by @atomic111 in #321
- rebuild the mail security policy by @atomic111 in #323
- 🧹 fix two powershell remediation by @atomic111 in #324
- 🧹 Fix:
Ensure sudo logging is enabled
by @mm-weber in #325 - 🧹 Fixes: Ensure sudo logging is enabled by @mm-weber in #326
- add german language to windows auditpol checks by @atomic111 in #328
- 🎉 update ms365 policy by @atomic111 in #329
- 🧹 remove slack query that is not useful by @chris-rock in #332
- 🧹 replace deprecated k8s.kubelet with kubelet by @chris-rock in #331
- Support the v10 platform of aws-ebs-snapshot by @tas50 in #330
- ⭐ More AWS Variants by @mm-weber in #327
- GUID + FMT + Version number by @schnipschnap in #335
- Update text in the email policy by @tas50 in #338
- 🧹 Fix: Several Linux Checks by @mm-weber in #334
- Backport a fix to prevent failures in the aws policy by @tas50 in #339
- Improving azure policy by @HRouhani in #341
- 🧹 Changing Azure version to 1.4 by @HRouhani in #345
New Contributors
- @schnipschnap made their first contribution in #335
Full Changelog: v2.12.0...v2.13.0
v2.12.0
What's Changed
- 🎉 introduce props for Windows RDP max idle time check by @atomic111 in #307
- Fix remediation for sshd ClientAliveInterval by @tomtrix in #308
- Improve the titles of AWS checks by @tas50 in #311
- Update more titles for consistency by @tas50 in #312
- Capitalize Terraform in policies by @tas50 in #313
- Add spaces to headers by @tas50 in #314
- Improve codeblocks in the k8s policy by @tas50 in #317
- Update impact scores for Chef policies by @tas50 in #310
New Contributors
Full Changelog: v2.11.0...v2.12.0