Releases: mondoohq/cnspec-policies
Releases · mondoohq/cnspec-policies
v1.5.1
What's Changed
- 🐛 fix auditd query for suse linux by @atomic111 in #138
- change tls expiration time, fix #137 by @atomic111 in #139
- ⭐️ Microsoft 365 Security Policy by @HRouhani in #136
- Align extra policy names with our others by @tas50 in #140
- Add a description to Linux Server Operational Policy by @tas50 in #142
- Remove incorrect SSM instructions by @tas50 in #143
- 🧹 Complete instructions for configuring MS365 by @benr in #144
Full Changelog: v1.5.0...v1.5.1
Contributors
benr, tas50, and 2 other contributors
Assets 29
v1.5.0
What's Changed
- ⭐️ create a small Linux operational policy by @atomic111 in #129
- 🧹 add missing tags to chef client and server policies by @chris-rock in #128
- Update MS urls from docs to learn by @tas50 in #131
- ⭐ check file permissions for loader.conf (systemd-boot) by @atomic111 in #130
- ⭐️ add windows 10/11 workstation policy by @atomic111 in #133
- 🧹 update linux query uids by @chris-rock in #134
- 🧹 update macOS query uids by @chris-rock in #135
- 🧹 update how to use for google workspace by @chris-rock in #132
Full Changelog: v1.4.0...v1.5.0
Contributors
tas50, chris-rock, and atomic111
Assets 28
v1.4.0
What's Changed
- ✨ Preparing and improving asset filters for future root asset changes by @mm-weber in #117
- Adds GitHub best practices and dependabot check to GitHub security by @scottford-io in #115
- Fixes queries for branch protection and dependabot checks by @scottford-io in #118
- ⭐️ Updates Google Workspace and Slack. Adds Okta Org security by @scottford-io in #120
- 🧹 make okta policy backwards-compatible by @chris-rock in #121
- ⭐ updates to aws policy for resources-as-assets change by @vjeffrey in #109
- Fix case of macOS by @tas50 in #123
- add security policy for SPS/PLC phoenix PLCnext by @atomic111 in #122
- ⭐️ add vulnerability policy for VMware vCloud by @chris-rock in #119
- Bump contributor-assistant/github-action from 2.2.1 to 2.3.0 by @dependabot in #125
- Extend spellchecking to the policies by @tas50 in #124
- More pattern updates for spellcheck by @tas50 in #127
New Contributors
Full Changelog: v1.3.0...v1.4.0
Contributors
tas50, chris-rock, and 5 other contributors
Assets 26
v1.3.0
What's Changed
- quick fix to solve the alias problem which makes the time-out problem… by @HRouhani in #112
- Updates asset_filter for terraform policies to include terraform-hcl by @scottford-io in #113
New Contributors
Full Changelog: v1.2.0...v1.3.0
Contributors
scottford-io and HRouhani
Assets 22
v1.2.0
What's Changed
- Update SSL cert check title to better match query by @tas50 in #107
- ⭐️ ✨ Refactors github org and repo policies by @scottford-io in #108
Full Changelog: v1.1.0...v1.2.0
Contributors
tas50 and scottford-io
Assets 22
v1.1.0
What's Changed
- 🐛 fix typos in linux workstation policy by @atomic111 in #101
- 🐛 fix typo in policy spec by @chris-rock in #102
- deal with empty list handling for k8s-ingress query by @joelddiaz in #103
- ⭐️ add policy bundle lint action by @chris-rock in #104
- only check SSH server settings if installed by @stdevel in #105
- Updating GCP queries to use .all() by @scottford-io in #106
New Contributors
Full Changelog: v1.0.0...v1.1.0
Contributors
chris-rock, joelddiaz, and 3 other contributors
Assets 22
v1.0.0
What's Changed
- Adds initial commit of core policies by @scottford-io in #1
- Add policies for securing Chef products by @tas50 in #2
- Updates AWS baseline with new controls, docs, and metadata by @scottford-io in #3
- Adds new core policies for various default targets by @scottford-io in #4
- Remove use of --token in GH policy by @tas50 in #5
- Update mondoo cli -> cnspec cli by @tas50 in #6
- updates scoring system and severity for github baseline by @scottford-io in #7
- Sync policy updates from the Mondoo repo by @tas50 in #8
- ⭐️ Add more k8s controls to Mondoo policies by @imilchev in #9
- Standardize cnspec default policy naming by @scottford-io in #12
- Don't error checking /etc/shadow if it's not there by @tas50 in #10
- ⭐️ add extra queries to mondoo k8s security policy by @joelddiaz in #11
- ⭐️ add linux workstation policy by @chris-rock in #15
- 🧹 update linux policy with new properties by @chris-rock in #14
- 🧹 merge TLS and TLS certificate policies into one policy by @chris-rock in #18
- 🧹 simplify uid for the macos policy by @chris-rock in #16
- Adds Mondoo GCP security policy and gitignore by @scottford-io in #19
- 🐛 fix property specs in linux policy by @chris-rock in #20
- 🧹 change policies with severity to worst scoring by @chris-rock in #21
- 🧹 harmonize policy uids by @chris-rock in #22
- re-titling kubernetes-security policy by @joelddiaz in #17
- Improve wording in AWS policy by @tas50 in #24
- 🧹 simplify windows policy uid by @chris-rock in #23
- More wording improvements to AWS Policy by @tas50 in #25
- More improvements to wording in policies by @tas50 in #27
- Fix more typos by @tas50 in #28
- 🐛 remove duplicated query by @chris-rock in #30
- Adds initial commit of Microsoft Azure Security by Mondoo by @scottford-io in #32
- update readme, and community links & improve wording for extra policies by @chris-rock in #26
- Add CLA Action by @benr in #33
- 🐛 Fail when auditd config file not present by @czunker in #35
- Update CLA message and allow list by @benr in #37
- Point to what we mean in yaml in more places by @tas50 in #36
- 🐛 Fixes PKI/SSL check for minikube by @czunker in #34
- 🧹 owner mrn is not required anymore therefore we can simply remove it by @chris-rock in #40
- 🧹 improve query ids for dns policy by @chris-rock in #39
- Adds updated overview for AWS Security by Mondoo by @scottford-io in #41
- Updates header tags in README for consistency by @scottford-io in #42
- 🧹 improve query ids for tls policy by @chris-rock in #38
- Updates policy overviews by @scottford-io in #43
- 🧹 update windows policy by @chris-rock in #45
- 🐛 Fix flaky gcp terraform query. by @preslavgerchev in #44
- 🧹 update uids for linux policy by @chris-rock in #46
- allow setting annnotation (per-UID) by @joelddiaz in #47
- Improve /etc/ file docs on Linux by @tas50 in #54
- 🐛 Fix application of probe controls by @czunker in #56
- 🐛 Add remediation to some controls by @czunker in #57
- Validate policies in a GitHub action by @tas50 in #29
- correct the remediation for the ssh private host key it must 600 by @atomic111 in #58
- adjust severity for and ssh-permituserenvironment and ssh-x11-forwarding by @atomic111 in #59
- fixes aws.iam check to ensure only one key is active by @scottford-io in #55
- 📄 Add 'why' and refs to k8s best practices by @czunker in #62
- fix remediation shell script for system accounts are non login by @atomic111 in #60
- Fixes asset filtering on Terraform policies by @scottford-io in #63
- add openssl vuln policy by @atomic111 in #65
- 🧹 align openssl vulnerability policy file name to policy name by @chris-rock in #66
- 🧹 add mql file extension by @chris-rock in #67
- Adds new controls for software updates by @scottford-io in #64
- add CVE numbers to openssl policy by @atomic111 in #68
- 🐛 Fix kubelet config control by @imilchev in #69
- 🧹 Updated queries in Kubernetes Policies regarding 'ephemeralContainers' by @mm-weber in #73
- introduce impact and smaller fixes by @atomic111 in #75
- 🧹 #49 fixed remediation: Ensure that strong Key Exchange algorithms are… by @mm-weber in #74
- ⭐️ slack security policy by @chris-rock in #76
- ⭐️ google workspace security policy by @chris-rock in #77
- Improve format of descriptions + titles in new policies by @tas50 in #79
- Aide in Ubuntu 22.04 had a new setting for cronjob by @tschuchort in #78
- Fix spacing and typos in policies by @tas50 in #80
- 🧹 remove unused flag is_public by @chris-rock in #81
- Add spellcheck github action + dependabot our actions by @tas50 in #82
- Bump actions/checkout from 2 to 3 by @dependabot in #83
- 🧹 improve slack policy by @chris-rock in #84
- Ignore SLACKBOT by @frozen425 in #85
- 🧹 improve slack policy by @chris-rock in #86
- 🧹 Rework of Linux related queries focusing on robustness and using native resources by @mm-weber in #88
- fix remediation for mac nfs test by @atomic111 in #91
- 🧹 Update the file extension of chef policies by @tas50 in #93
- ⭐️ add additional tags to policies by @chris-rock in #95
- 🐛 update tags for gcp policy by @chris-rock in #96
- 🧹 use cnspec for bundle validate by @chris-rock in #94
- Add certificate expiration check for k8s-ingress by @joelddiaz in #97
- Fix typos in policies by @tas50 in #98
- 🐛 fix yaml issues detected by new linter by @chris-rock in #99
- 🧹 release policies workflow by @chris-rock in #100
New Contributors
- @scottford-io made their first contribution in #1
- @tas50 made their first contribution in #2
- @imilchev made their first contribution in #9
- @joelddiaz made their first contribution in #11
- @chris-rock made their first contribution in #15
- @benr made their ...
Contributors
benr, czunker, and 11 other contributors