⭐️ add vulnerability policy for Mondoo vCloud

mondoohq · Feb 7, 2023 · f3d12f2 · f3d12f2
1 parent 8f479b2
commit f3d12f2
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 3 deletions.
diff --git a/core/mondoo-terraform-gcp-security.mql.yaml b/core/mondoo-terraform-gcp-security.mql.yaml
@@ -1,6 +1,6 @@
 policies:
   - uid: mondoo-terraform-gcp-security
-    name: Terraform HCL Security Static Analysis for Google Cloud 
+    name: Terraform HCL Security Static Analysis for Google Cloud by Mondoo
     version: 1.0.0
     authors:
       - name: Mondoo, Inc

diff --git a/core/mondoo-tls-security.mql.yaml b/core/mondoo-tls-security.mql.yaml
@@ -1,6 +1,6 @@
 policies:
   - uid: mondoo-tls-security
-    name: Mondoo TLS/SSL Security Baseline
+    name: TLS/SSL Security Baseline by Mondoo
     version: 1.2.0
     authors:
       - name: Mondoo, Inc
@@ -12,7 +12,7 @@ policies:
       desc: |
         The Transport Layer Security (TLS) protocol is the primary means of protecting network communications. 
 
-        The Mondoo TLS/SSL Security Baseline includes controls for ensuring the security and configuration of TLS/SSL connections and certificates.
+        The TLS/SSL Security Baseline by Mondoo includes controls for ensuring the security and configuration of TLS/SSL connections and certificates.
 
         ## Remote scan
 

diff --git a/core/mondoo-vmware-vulnerability.mql.yaml b/core/mondoo-vmware-vulnerability.mql.yaml
@@ -0,0 +1,48 @@
+policies:
+  - uid: mondoo-vmware-vulnerability
+    name: VMware vCenter Vulnerability Policy by Mondoo
+    version: "1.0.0"
+    authors:
+      - name: Mondoo, Inc
+        email: hello@mondoo.com
+    tags:
+      mondoo.com/platform: vmware,vmware-vsphere
+      mondoo.com/category: security
+    docs:
+      desc: |
+        ## Overview
+
+        Mondoo OpenSSL VMware vCenter Policy checks for vulnerable vCenter/ESXi configuration. It should be used in combination with Mondoo's Platform Vulnerability Management to identify missing patches.
+
+        ### Run policy
+
+        To run this policy against VMware vCenter:
+
+        ```bash
+        cnspec scan vsphere user@domain.local@192.168.5.24 --ask-pass -f core/mondoo-vmware-vulnerability.mql.yaml
+        ```
+
+        ## Join the community!
+
+        Our goal is to build policies that are simple to deploy, accurate, and actionable. 
+        
+        If you have any suggestions on how to improve this policy, or if you need support, [join the community](https://github.com/orgs/mondoohq/discussions) in GitHub Discussions.
+    specs:
+      - asset_filter:
+          query: asset.platform == "vmware-esxi"
+        scoring_queries:
+          mondoo-vmware-vulnerability-slpd-not-running:
+queries:
+  - uid: mondoo-vmware-vulnerability-slpd-not-running
+    title: Ensure the slpd service is not running
+    query: vsphere.host.services.none(key == "slpd" && running == true)
+    docs:
+      desc: |
+        In 2021, ESXi 7.0 U2c and ESXi 8.0 GA began shipping with the service disabled by default. 
+    refs:
+      - title: VMware Security Response Center (vSRC) Response to 'ESXiArgs' Ransomware Attacks
+        url: https://blogs.vmware.com/security/2023/02/83330.html
+      - title: VMSA-2021-0002
+        url: https://www.vmware.com/security/advisories/VMSA-2021-0002.html
+      - title: How to Disable/Enable the SLP Service on VMware ESXi (76372)
+        url: https://kb.vmware.com/s/article/76372