Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

✨ Update to cnspec v9 #132

Merged
merged 4 commits into from
Oct 18, 2023
Merged

✨ Update to cnspec v9 #132

merged 4 commits into from
Oct 18, 2023

Conversation

czunker
Copy link
Contributor

@czunker czunker commented Oct 10, 2023

No description provided.

@czunker
Copy link
Contributor Author

czunker commented Oct 10, 2023

I tried different setups.

Building a GCP VM image with upstream config from my home dir:

    mondoo-gcp-ubuntu-2004-secure-base.googlecompute.ubuntu2004: ✕ Fail:  C  50  Ensure events that modify user/group information are collected
    mondoo-gcp-ubuntu-2004-secure-base.googlecompute.ubuntu2004: 
    mondoo-gcp-ubuntu-2004-secure-base.googlecompute.ubuntu2004: 
    mondoo-gcp-ubuntu-2004-secure-base.googlecompute.ubuntu2004: Scanned 1 assets
    mondoo-gcp-ubuntu-2004-secure-base.googlecompute.ubuntu2004: 
    mondoo-gcp-ubuntu-2004-secure-base.googlecompute.ubuntu2004: Ubuntu 20.04.4 LTS
    mondoo-gcp-ubuntu-2004-secure-base.googlecompute.ubuntu2004:     C mondoo-gcp-ubuntu-2004-secure-base-20231010101357
    mondoo-gcp-ubuntu-2004-secure-base.googlecompute.ubuntu2004: 
    mondoo-gcp-ubuntu-2004-secure-base.googlecompute.ubuntu2004: See more scan results and asset relationships on the Mondoo Console: https://console.mondoo.com/space/fleet/2WZGv2eZzsPytYo2wlqHJFtzAK3?spaceId=charming-almeida-134558
    mondoo-gcp-ubuntu-2004-secure-base.googlecompute.ubuntu2004:

Building docker image with upstream config from my home dir:

    mondoo-docker-ubuntu-2204-secure-base.docker.ubuntu: ✓ Pass:  A 100  Ensure secure permissions on /etc/group are set
    mondoo-docker-ubuntu-2204-secure-base.docker.ubuntu: 
    mondoo-docker-ubuntu-2204-secure-base.docker.ubuntu: 
    mondoo-docker-ubuntu-2204-secure-base.docker.ubuntu: Scanned 1 assets
    mondoo-docker-ubuntu-2204-secure-base.docker.ubuntu: 
    mondoo-docker-ubuntu-2204-secure-base.docker.ubuntu: Ubuntu 22.04.3 LTS
    mondoo-docker-ubuntu-2204-secure-base.docker.ubuntu:     C determined_agnesi
    mondoo-docker-ubuntu-2204-secure-base.docker.ubuntu: 
    mondoo-docker-ubuntu-2204-secure-base.docker.ubuntu: See more scan results and asset relationships on the Mondoo Console: https://console.mondoo.com/space/fleet/2WZLaoRGueAGftdDIV9KZXZeJL5?spaceId=charming-almeida-134558
    mondoo-docker-ubuntu-2204-secure-base.docker.ubuntu:

Building a docker image with incognito mode:

==> mondoo-docker-ubuntu-2204-secure-base.docker.ubuntu: Running cnspec packer provisioner by Mondoo (Version: 9.0.2, Build: dev)
    mondoo-docker-ubuntu-2204-secure-base.docker.ubuntu: detected packer container image build
    mondoo-docker-ubuntu-2204-secure-base.docker.ubuntu: no configuration provided
    mondoo-docker-ubuntu-2204-secure-base.docker.ubuntu: scan packer build in incognito mode
    mondoo-docker-ubuntu-2204-secure-base.docker.ubuntu: scan completed successfully
    mondoo-docker-ubuntu-2204-secure-base.docker.ubuntu: Asset: keen_knuth
    mondoo-docker-ubuntu-2204-secure-base.docker.ubuntu: -----------------

@czunker czunker force-pushed the christian/cnspec_v9 branch from 6af84ae to 56637e3 Compare October 10, 2023 11:17
@czunker
✨ Update to cnspec v9
ef780f4 
Signed-off-by: Christian Zunker <[email protected]>
@czunker czunker force-pushed the christian/cnspec_v9 branch from 56637e3 to ef780f4 Compare October 10, 2023 11:22
@czunker
Copy link
Contributor Author

czunker commented Oct 10, 2023

@scottford-io / @chris-rock Could you please give this a try?

@czunker
Copy link
Contributor Author

czunker commented Oct 10, 2023

Fixes #129

@vjeffrey vjeffrey mentioned this pull request Oct 16, 2023
Closed
chris-rock
chris-rock approved these changes Oct 17, 2023
View reviewed changes
Copy link
Member

@chris-rock chris-rock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This worked great. I tested it with GCP and Docker.

.github/workflows/pr-test-lint.yaml Outdated Show resolved Hide resolved
examples/packer-docker/docker-ubuntu.pkr.hcl Show resolved Hide resolved
go.mod Outdated Show resolved Hide resolved
provisioner/provisioner.go
@@ -528,7 +524,7 @@ func (p *Provisioner) executeCnspec(ui packer.Ui, comm packer.Communicator) erro
var err error
if p.config.Incognito {
ui.Message("scan packer build in incognito mode")
scanService := scan.NewLocalScanner()
scanService := scan.NewLocalScanner(scan.WithRecording(providers.NullRecording{}))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need to set those? By default this should not record

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Before this, I got a panic because of a nil reference.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@chris-rock The discussed follow-up #143

go.mod Outdated Show resolved Hide resolved
@czunker czunker merged commit 7883f00 into main Oct 18, 2023
5 checks passed
@czunker czunker deleted the christian/cnspec_v9 branch October 18, 2023 04:29
@github-actions github-actions bot locked and limited conversation to collaborators Oct 18, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@scottford-io scottford-io scottford-io left review comments

@chris-rock chris-rock chris-rock approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@czunker @chris-rock @scottford-io