🐛 fix v2 policies (#193)

Signed-off-by: Ivan Milchev <[email protected]>
mondoohq · Mar 27, 2023 · 5bde3fd · 5bde3fd
1 parent e4faaff
commit 5bde3fd
Show file tree

Hide file tree

Showing 14 changed files with 15 additions and 0 deletions.
diff --git a/community/mondoo-phoenix-plcnext-security.mql.yaml b/community/mondoo-phoenix-plcnext-security.mql.yaml
@@ -40,6 +40,7 @@ policies:
           - uid: phoenix-plcnext-20
           - uid: phoenix-plcnext-21
           - uid: phoenix-plcnext-22
+    scoring_system: 2
 props:
   - uid: PLCKexAlgos
     title: Define the hardened key exchange algorithms for all SSH configurations

diff --git a/core/mondoo-aws-security.mql.yaml b/core/mondoo-aws-security.mql.yaml
@@ -122,6 +122,7 @@ policies:
           platform.name == "aws-cloudtrail-trail"
         checks:
           - uid: mondoo-aws-security-cloud-trail-encryption-enabled
+    scoring_system: 2
 props:
   - uid: maxAccessKeyAge
     title: Define the maximum number of days an IAM key is allowed to exist before rotation

diff --git a/core/mondoo-azure-security.mql.yaml b/core/mondoo-azure-security.mql.yaml
@@ -50,6 +50,7 @@ policies:
           - uid: mondoo-azure-security-sql-server-tde-on
           - uid: mondoo-azure-security-ssh-access-restricted-from-internet
           - uid: mondoo-azure-security-trusted-microsoft-services-enabled-for-storage-account-access
+    scoring_system: 2
 queries:
   - uid: mondoo-azure-security-ensure-multifactor-authentication-is-enabled-for-all-users-in-all-roles
     title: Ensure that multi-factor authentication has been enabled for all users

diff --git a/core/mondoo-gcp-security.mql.yaml b/core/mondoo-gcp-security.mql.yaml
@@ -22,6 +22,7 @@ policies:
           - uid: mondoo-gcp-security-instances-are-not-configured-use-default-service-account
           - uid: mondoo-gcp-security-instances-not-configured-with-default-service-account-full-access-cloud-api
           - uid: mondoo-gcp-security-oslogin-enabled-project
+    scoring_system: 2
 queries:
   - uid: mondoo-gcp-security-instances-are-not-configured-use-default-service-account
     title: Ensure that instances are not configured to use the default service account

diff --git a/core/mondoo-github-best-practices.mql.yaml b/core/mondoo-github-best-practices.mql.yaml
@@ -16,6 +16,7 @@ policies:
           - uid: mondoo-github-repository-best-practices-license
           - uid: mondoo-github-repository-best-practices-readme-getting-started
           - uid: mondoo-github-repository-best-practices-support-resources
+    scoring_system: 2
 queries:
   - uid: mondoo-github-repository-best-practices-support-resources
     title: Ensure repository has a support policy

diff --git a/core/mondoo-github-security.mql.yaml b/core/mondoo-github-security.mql.yaml
@@ -17,6 +17,7 @@ policies:
           - uid: mondoo-github-organization-security-default-permission-level
           - uid: mondoo-github-organization-security-two-factor-auth
           - uid: mondoo-github-organization-security-verified-domain
+    scoring_system: 2
   - uid: mondoo-github-repository-security
     name: GitHub Repository Security by Mondoo
     version: 1.4.0
@@ -40,6 +41,7 @@ policies:
           - uid: mondoo-github-repository-security-require-status-checks-before-merging
           - uid: mondoo-github-repository-security-required-signed-commits
           - uid: mondoo-github-repository-security-security-policy
+    scoring_system: 2
 props:
   - uid: requiredPullRequestReviews
     title: Define the required number of reviewers on pull requests

diff --git a/core/mondoo-kubernetes-best-practices.mql.yaml b/core/mondoo-kubernetes-best-practices.mql.yaml
@@ -75,6 +75,7 @@ policies:
       - filters: platform.name == "k8s-ingress"
         checks:
           - uid: mondoo-kubernetes-best-practices-ingress-cert-expiration
+    scoring_system: 2
 queries:
   - uid: mondoo-kubernetes-best-practices-pod-no-owner
     title: Pods should have an owner

diff --git a/core/mondoo-kubernetes-security.mql.yaml b/core/mondoo-kubernetes-security.mql.yaml
@@ -192,6 +192,7 @@ policies:
           - uid: mondoo-kubernetes-security-pod-runasnonroot
           - uid: mondoo-kubernetes-security-pod-serviceaccount
           - uid: mondoo-kubernetes-security-pod-tiller
+    scoring_system: 2
 props:
   - uid: allowedCiphers
     title: Define the hardened SSL/ TLS ciphers

diff --git a/core/mondoo-linux-security.mql.yaml b/core/mondoo-linux-security.mql.yaml
@@ -191,6 +191,7 @@ policies:
           - uid: mondoo-linux-security-shadow-group-is-empty
           - uid: mondoo-linux-security-system-accounts-are-non-login
           - uid: mondoo-linux-security-uid-min-is-set-to-1000
+    scoring_system: 2
 props:
   - uid: MondooKexAlgos
     title: Define the hardened key exchange algorithms for all SSH configurations

diff --git a/core/mondoo-linux-workstation-security.mql.yaml b/core/mondoo-linux-workstation-security.mql.yaml
@@ -84,6 +84,7 @@ policies:
           - uid: mondoo-linux-workstation-security-bios-uptodate
         queries:
           - uid: mondoo-linux-workstation-security-bios-data
+    scoring_system: 2
 props:
   - uid: kexAlgos
     title: Define the hardened key exchange algorithms for all SSH configurations

diff --git a/core/mondoo-ms365-security.mql.yaml b/core/mondoo-ms365-security.mql.yaml
@@ -28,6 +28,7 @@ policies:
           - uid: mondoo-m365-security-ensure-that-office-365-passwords-are-not-set-to-expire
           - uid: mondoo-m365-security-ensure-that-spf-records-are-published-for-all-exchange-domains
           - uid: mondoo-m365-security-ensure-third-party-integrated-applications-are-not-allowed
+    scoring_system: 2
 queries:
   - uid: mondoo-m365-security-ensure-multifactor-authentication-is-enabled-for-all-users-in-all-roles
     title: Ensure that multi-factor authentication has been enabled for all users

diff --git a/core/mondoo-okta-security.mql.yaml b/core/mondoo-okta-security.mql.yaml
@@ -25,6 +25,7 @@ policies:
           - uid: mondoo-okta-security-okta-mfa-sign-in
           - uid: mondoo-okta-security-okta-mfa-strong-factor
           - uid: mondoo-okta-security-okta-users-unlock
+    scoring_system: 2
 queries:
   - uid: mondoo-okta-security-okta-mfa-access
     title: Ensure MFA is active for everybody accessing Okta platform

diff --git a/core/mondoo-tls-security.mql.yaml b/core/mondoo-tls-security.mql.yaml
@@ -37,6 +37,7 @@ policies:
           - uid: mondoo-tls-security-cert-no-weak-signature
           - uid: mondoo-tls-security-cert-not-revoked
           - uid: mondoo-tls-security-cert-not-self-signed
+    scoring_system: 2
 queries:
   - uid: mondoo-tls-security-cert-domain-name-match
     title: The certificate's domain name must match

diff --git a/core/mondoo-windows-workstation-security.mql.yaml b/core/mondoo-windows-workstation-security.mql.yaml
@@ -70,6 +70,7 @@ policies:
           - uid: mondoo-windows-workstation-security-installed-security-center-health-data
           - uid: mondoo-windows-workstation-security-installed-security-products-data
           - uid: mondoo-windows-workstation-security-windows-computer-info-data
+    scoring_system: 2
 queries:
   - uid: mondoo-windows-workstation-security-bitlocker-enabled
     title: Ensure Bitlocker Encryption is Enabled