Skip to content

Commit

Permalink
Spelling fixes
Browse files Browse the repository at this point in the history
Signed-off-by: Tim Smith <[email protected]>
  • Loading branch information
tas50 committed Jan 29, 2024
1 parent f6d3e55 commit f7d4014
Show file tree
Hide file tree
Showing 18 changed files with 133 additions and 76 deletions.
35 changes: 35 additions & 0 deletions .github/actions/spelling/expect.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
baf
cgrp
cpe
dvwa
eecdfd
fzvkw
Gci
hostpid
hushlogin
icanhazip
Ikp
JFUz
Jhb
kalilinux
kbcxs
kvct
lhost
linux
lport
meterpreter
msfconsole
nch
NCIs
nginx
noproxy
pmuench
procs
rhel
rkd
secops
upperdir
vmss
webserver
xdsp
XVCJ
3 changes: 3 additions & 0 deletions .github/actions/spelling/patterns.txt
Original file line number Diff line number Diff line change
Expand Up @@ -89,3 +89,6 @@ aws_secret_access_key\s+\=(\s+)?.+

# score score is valid in MQL docs
score score

# long cert lines
\bcluster_certificate_authority_data = .*
14 changes: 7 additions & 7 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,19 +3,19 @@
![samples light-mode illustration](.github/social/preview_light.jpg#gh-light-mode-only)
![samples dark-mode illustration](.github/social/preview_dark.jpg#gh-dark-mode-only)

Welcome to our comprehensive security scanning repository! In our ongoing effort to empower the highest standards of security, we've gathered a variety of examples and guides to help you conduct thorough security audits on your resources using `cnspec`, `cnquery`, and the Mondoo Platform. Our examples, ranging from AWS services to GitHub repositories, are structured with a clear overview, prerequisites, step-by-step instructions, expected results, and troubleshooting tips. We trust these will serve as a beneficial starting point for your own security scanning needs.
Welcome to our comprehensive security scanning repository! In our ongoing effort to empower the highest standards of security, we've gathered a variety of examples and guides to help you conduct thorough security audits on your resources using `cnspec`, `cnquery`, and Mondoo Platform. Our examples, ranging from AWS services to GitHub repositories, are structured with a clear overview, prerequisites, step-by-step instructions, expected results, and troubleshooting tips. We trust these will serve as a beneficial starting point for your own security scanning needs.

- [What are cnspec, cnquery, and Mondoo Platform?](#what-are-cnspec-cnquery-and-mondoo-platform)
- [AWS](#aws)
- [Performing CIS AWS Foundations Benchmark with cnspec](#performing-cis-aws-foundations-benchmark-with-cnspec)
- [Checking Public Exposure of AWS S3 Buckets with cnspec](#checking-public-exposure-of-aws-s3-buckets-with-cnspec)
- [Verifying MFA Status for AWS IAM Users](#verifying-mfa-status-for-aws-iam-users)
- [Scanning an AWS EC2 Instance with cnspec using EC2 Instance Connect](#scanning-an-aws-ec2-instance-with-cnspec-using-ec2-instance-connect)
- [Playing with AWS EC2 Instances](#playing-with-aws-ec2-instances)
- [GitHub](#github)
- [Performing CIS GitHub Supply Chain Benchmark with cnspec](#performing-cis-github-supply-chain-benchmark-with-cnspec)
- [Hack Lab](#hack-lab)
- [Demonstrating Container Escape in Kubernetes](#demonstrating-container-escape-in-kubernetes)
- [Playing with AWS EC2 Instances](#playing-with-aws-ec2-instances)
- [Contributing](#contributing)

## What are cnspec, cnquery, and Mondoo Platform?
Expand All @@ -24,7 +24,7 @@ Welcome to our comprehensive security scanning repository! In our ongoing effort

`cnquery` is another versatile command-line tool that facilitates advanced querying against your infrastructure data, allowing you to understand and manage your infrastructure more effectively.

The Mondoo Platform is a cloud-native, security and compliance automation platform that enables businesses to secure their infrastructure continuously and at scale.
Mondoo Platform is a cloud-native, security and compliance automation platform that enables businesses to secure their infrastructure continuously and at scale.

Together, these provide a comprehensive approach to managing and maintaining the security posture of your systems.

Expand Down Expand Up @@ -66,7 +66,7 @@ This guide walks you through conducting a security scan on an AWS EC2 instance u

### Performing CIS GitHub Supply Chain Benchmark with cnspec

This guide provides an example on how to execute the CIS (Center for Internet Security) GitHub Benchmark on GitHub repositories and organizations using the `cnspec` and Mondoo platform. These benchmarks offer a standardized set of procedures to assess the security posture of GitHub repositories and organizations, helping to identify vulnerabilities or potential areas for security enhancements.
This guide provides an example on how to execute the CIS (Center for Internet Security) GitHub Benchmark on GitHub repositories and organizations using the `cnspec` and Mondoo Platform. These benchmarks offer a standardized set of procedures to assess the security posture of GitHub repositories and organizations, helping to identify vulnerabilities or potential areas for security enhancements.

![cnspec running a GitHub organization scan](./github/cis-supply-chain/github-supply-chain.gif)

Expand All @@ -78,16 +78,16 @@ The Hack Lab is a collection of vulnerable systems that can be used to learn and

### Demonstrating Container Escape in Kubernetes

This houses demonstration scenarios showcasing container escapes in Kubernetes environments, particularly in AKS (Azure Kubernetes Service), EKS (Amazon Elastic Kubernetes Service) and GKE (Google Kontainer Engine). These scenarios can serve as engaging demonstrations using Mondoo.
This houses demonstration scenarios showcasing container escapes in Kubernetes environments, particularly in AKS (Azure Kubernetes Service), EKS (Amazon Elastic Kubernetes Service) and GKE (Google Container Engine). These scenarios can serve as engaging demonstrations using Mondoo.

- [Instructions](./hacklab/container-escape/)

## Playing with AWS EC2 Instances

The AWS EC2 Instances is a terraform to deploy hardend and not hardend Windows as well as Linux systems.
The AWS EC2 Instances is a terraform to deploy hardened and not hardened Windows as well as Linux systems.

- [Instructions](./aws/ec2-instance/)

## Contributing

We welcome contributions! Feel free to submit pull requests for new examples or improvements to existing ones. If you encounter any issues or have questions, please open an issue in this repository or join our [Github discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!
We welcome contributions! Feel free to submit pull requests for new examples or improvements to existing ones. If you encounter any issues or have questions, please open an issue in this repository or join our [GitHub discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!
2 changes: 1 addition & 1 deletion aws/cis-benchmark/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,4 +32,4 @@ This command instructs `cnspec` to scan your AWS environment using the CIS Amazo
- **AWS CLI**: Ensure that AWS CLI is installed and configured correctly. Verify that you are using the correct AWS credentials. If you encounter permission errors, check your AWS IAM role and permissions.
- **Benchmark execution issues**: If the benchmark does not execute as expected, ensure that you have the necessary permissions to access all resources in your AWS account.

If you encounter a problem that is not addressed in this guide, feel free to raise an issue in this GitHub repository. For more complex or ongoing issues, consider participating in our [Github discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!
If you encounter a problem that is not addressed in this guide, feel free to raise an issue in this GitHub repository. For more complex or ongoing issues, consider participating in our [GitHub discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!
2 changes: 1 addition & 1 deletion aws/ec2-instance-connect/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,4 +44,4 @@ This command executes a security scan on your EC2 instance.
- **AWS CLI and EC2 Instance Connect**: Ensure the latest AWS CLI is installed and configured correctly. Verify that you are using the correct region, availability zone, and instance ID. If you encounter permission errors, check your AWS IAM role and permissions.
- **SSH connection issues**: If you cannot connect to your EC2 instance, make sure you are using the correct username (usually "ec2-user" for Amazon Linux instances).

For more complex or ongoing issues, feel free to participate in our [Github discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!
For more complex or ongoing issues, feel free to participate in our [GitHub discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!
4 changes: 2 additions & 2 deletions aws/ec2-instances/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,8 @@ This repository contains Terraform code for provisioning AWS EC2 instances for t
| Oracle 8 cnspec | Latest Oracle 8 image with latest cnspec | `create_oracle8_cnspec` | |
| Oracle 8 CIS | CIS Oracle Linux 8 Benchmark - Level 1 | `create_oracle8_cis` | [CIS Oracle Linux 8 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-qohiqfju7iecs?sr=0-1&ref_=beagle&applicationId=AWSMPContessa) |
| Oracle 8 CIS cnspec | CIS Oracle Linux 8 Benchmark - Level 1 with latest cnspec | `create_oracle8_cis_cnspec` | [CIS Oracle Linux 8 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-qohiqfju7iecs?sr=0-1&ref_=beagle&applicationId=AWSMPContessa) |
| RHEL 8 | Latest RedHat Enterprise Linux 8 | `create_rhel8` | |
| RHEL 8 cnspec | Latest RedHat Enterprise Linux 8 with latest cnspec | `create_rhel8_cnspec` | |
| RHEL 8 | Latest Red Hat Enterprise Linux 8 | `create_rhel8` | |
| RHEL 8 cnspec | Latest Red Hat Enterprise Linux 8 with latest cnspec | `create_rhel8_cnspec` | |
| RHEL 8 CIS | CIS Red Hat Enterprise Linux 8 STIG Benchmark | `create_rhel8_cis` | [CIS Red Hat Enterprise Linux 8 STIG Benchmark](https://aws.amazon.com/marketplace/pp/prodview-ia2nfuoig3jmu?sr=0-3&ref_=beagle&applicationId=AWSMPContessa) |
| RHEL 8 CIS cnspec | CIS Red Hat Enterprise Linux 8 STIG Benchmark with latest cnspec | `create_rhel8_cis_cnspec` | [CIS Red Hat Enterprise Linux 8 STIG Benchmark](https://aws.amazon.com/marketplace/pp/prodview-ia2nfuoig3jmu?sr=0-3&ref_=beagle&applicationId=AWSMPContessa) |
| RHEL 9 | Latest RHEL 9 image | `create_rhel9` | |
Expand Down
2 changes: 1 addition & 1 deletion aws/iam-mfa/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,4 +32,4 @@ The output will be a list of IAM usernames with a check on whether MFA is enable
- **AWS CLI**: Ensure that AWS CLI is installed and configured correctly. Verify that you are using the correct AWS credentials. If you encounter permission errors, check your AWS IAM role and permissions.
- **Policy execution issues**: If the policy does not execute as expected, ensure that you have the necessary permissions to access all resources in your AWS account.

Should you encounter a problem that is not addressed in this guide, feel free to open an issue in this Github repository. For ongoing issues or broader discussions, we invite you to join us over at our [Github discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!
Should you encounter a problem that is not addressed in this guide, feel free to open an issue in this GitHub repository. For ongoing issues or broader discussions, we invite you to join us over at our [GitHub discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!
4 changes: 2 additions & 2 deletions aws/public-s3/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ This example uses `cnspec` to check for publicly exposed AWS S3 buckets within y
## Pre-requisites

- You should have an AWS account and the necessary credentials (Access Key ID and Secret Access Key) available.
- Install cnspec following the instructions provided at the installation page of the cnspec Github repository.
- Install cnspec following the instructions provided at the installation page of the cnspec GitHub repository.

## Instructions

Expand Down Expand Up @@ -35,4 +35,4 @@ If you encounter any issues while running the scan:

- **`cnspec` Installation Issues:** If you have trouble installing cnspec, ensure you're following the instructions on the installation page correctly.

Should you encounter a problem that is not addressed in this guide, feel free to open an issue in this Github repository. For ongoing issues or broader discussions, we invite you to join us over at our [Github discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!
Should you encounter a problem that is not addressed in this guide, feel free to open an issue in this GitHub repository. For ongoing issues or broader discussions, we invite you to join us over at our [GitHub discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!
2 changes: 1 addition & 1 deletion azure/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ terraform apply -auto-approve plan.out

### Connect to VM using `xfreerdp` from Ubuntu

Run the following command to see the the connection details (including sensitive values)
Run the following command to see the connection details (including sensitive values)

```bash
terraform output -raw summary
Expand Down
4 changes: 2 additions & 2 deletions gcp/cis-benchmark/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ This guide provides an example on how to scan a GCP project against the CIS Goog
## Pre-requisites

- You should have the `cnspec` installed. You can follow the [installation instructions](https://github.com/mondoohq/cnspec#installation) to set it up.
- You need an Google Cloud service account account and the necessary permissions.
- You need an Google Cloud service account and the necessary permissions.
- The Google Cloud SDK installed and configured with access to the project you wish to scan.

## Instructions
Expand All @@ -32,4 +32,4 @@ This command instructs `cnspec` to scan a Google Cloud project using the CIS Goo
- **gcloud SDK CLI**: Ensure that `gcloud` CLI is [installed and configured](https://cloud.google.com/sdk/docs/install-sdk) correctly. Verify that you are using the correct account or service account credentials. If you encounter permission errors, check your IAM role and permissions.
- **Benchmark execution issues**: If the benchmark does not execute as expected, ensure that you have the necessary permissions to access all resources in your Google Cloud project.

If you encounter a problem that is not addressed in this guide, feel free to raise an issue in this GitHub repository. For more complex or ongoing issues, consider participating in our [Github discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!
If you encounter a problem that is not addressed in this guide, feel free to raise an issue in this GitHub repository. For more complex or ongoing issues, consider participating in our [GitHub discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!
6 changes: 3 additions & 3 deletions github/cis-supply-chain/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@
## Overview

This guide provides an example on how to execute the CIS (Center for Internet Security) GitHub Benchmark on GitHub repositories and organizations using the `cnspec` and Mondoo platform. These benchmarks offer a standardized set of procedures to assess the security posture of GitHub repositories and organizations, helping to identify vulnerabilities or potential areas for security enhancements.
This guide provides an example on how to execute the CIS (Center for Internet Security) GitHub Benchmark on GitHub repositories and organizations using the `cnspec` and Mondoo Platform. These benchmarks offer a standardized set of procedures to assess the security posture of GitHub repositories and organizations, helping to identify vulnerabilities or potential areas for security enhancements.

## Pre-requisites

- Mondoo Space: Create a new space on the Mondoo platform and activate the 'CIS GitHub Benchmark - Level 1' benchmark in the Security Registry.
- Mondoo Space: Create a new space on Mondoo Platform and activate the 'CIS GitHub Benchmark - Level 1' benchmark in the Security Registry.
- `cnspec` Login: Authenticate with your newly created Mondoo space using `cnspec login -t <yourtoken>` .
- Organization Access: Ensure you have access to the target GitHub organization, for example https://github.com/lunalectric.
- GitHub Token: Generate a GitHub token with Resource owner set to lunalectric and all permissions set to read.
Expand Down Expand Up @@ -57,4 +57,4 @@ If you encounter any issues while performing these steps:
- Permission Issues: Verify that you have the necessary permissions to access and scan the GitHub organization or repositories. This may involve checking the settings of your GitHub token and your role within the organization.
- Command Execution Issues: If the `cnspec`` commands are not executing as expected, ensure that cnspec is installed and updated to the latest version.

Should you encounter a problem that is not addressed in this guide, feel free to open an issue in this Github repository. For ongoing issues or broader discussions, we invite you to join us over at our [Github discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!
Should you encounter a problem that is not addressed in this guide, feel free to open an issue in this GitHub repository. For ongoing issues or broader discussions, we invite you to join us over at our [GitHub discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!
Loading

0 comments on commit f7d4014

Please sign in to comment.