Blog home
Vulnerabilities

Patching Made Easy: Introducing Guided Remediation in Mondoo

Chip Johnson
April 10, 2024
2 min read

We’re thrilled to announce the launch of guided remediation in the Mondoo Platform, which makes patching fast and efficient for your DevOps teams.

Mondoo is great for helping you find and prioritize vulnerabilities in your infrastructure. But until now, mitigating those findings required researching fixes, navigating vendor documentation, and manually applying patches across your systems.

Guided remediation streamlines this process by providing patching scripts directly within Mondoo. Here’s how we empower your team:

  • Targeted remediation advice: Update only the packages needed to mitigate each vulnerability.
  • Easy, automated scripts: Copy and paste scripts in bash or Ansible directly from the Mondoo console.
  • Reduced risk: By expediting the patching process, you minimize the window of vulnerability.

Monitor your infrastructure for security misconfigurations and maps those checks automatically to top compliance frameworks.

Get started

See an example of guided remediation in action:

The automatic remediation scripts are focused on stability and always scope to minimize the increase in version number. They will automatically select the version needed to mitigate the advisory rather than attempting to float on latest.

- name: Install specific versions of packages on Debian systems
  hosts: debian_hosts
  become: yes
  vars:
    latest_packages:
    versioned_packages:
      - name: "libgssapi-krb5-2"
        version: "1.12+dfsg-2ubuntu5.4+esm3"
      - name: "krb5-admin-server"
        version: "1.12+dfsg-2ubuntu5.4+esm3"
      - name: "krb5-user"
        version: "1.12+dfsg-2ubuntu5.4+esm3"
      - name: "libkdb5-7"
        version: "1.12+dfsg-2ubuntu5.4+esm3"
      - name: "krb5-kdc"
        version: "1.12+dfsg-2ubuntu5.4+esm3"

  tasks:
    - name: Update apt cache
      ansible.builtin.apt:
        update_cache: yes
        cache_valid_time: 3600 # Cache valid for 1 hour

    - name: Install specific package versions
      ansible.builtin.apt:
        name: "{{ item.name }}={{ item.version }}"
        state: present
      loop: "{{ versioned_packages }}"

    - name: Install latest versions of packages
      ansible.builtin.apt:
        name: "{{ item.name }}
        state: latest
      loop: "{{ latest_packages }}"

Empower your security team

Guided remediation is a powerful addition to your vulnerability management toolkit. It simplifies patching, reduces risk, and frees up your DevSecOps team to focus on what matters most – securing your organization. Take control and secure your systems with guided remediation in Mondoo Platform!

Chip Johnson

Chip Johnson is a Product Manager at Mondoo, focused on making tools you'll love. He's been a part of the DevOps community since 2010. He most recently held positions at Auth0, Sonatype, and Chef Software. He's been making and breaking things on the internet since 1993

You might also like

Releases
Mondoo April 2024 Release Highlights
Letha Dunn
Tim Smith
May 3, 2024
Linux
Exploring the Latest Security Features in Ubuntu 24.04
Tim Smith
April 19, 2024
Releases
Mondoo Firewatch
Dominik Richter
April 17, 2024

Stay informed with our news and new articles

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.