Open mariuskimmina opened 11 months ago
Ah, it started to work if we add www
./cnspec scan host www.bit-summit.com ✔ 4s 11:57:49
→ no Mondoo configuration file provided, using defaults
! No credentials provided. Switching to --incognito mode.
→ discover related assets for 1 asset(s)
www.bit-summit.com ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% score
Asset: www.bit-summit.com
-------------------------
Checks:
✓ Pass: The certificate is valid
✓ Pass: Do not use a self-signed certificate
✓ Pass: Certificate is not near expiration or expired
✓ Pass: Avoid NULL cipher suites
✕ Fail: Avoid cipher suites with RSA key exchange
✕ Fail: Mitigate BEAST attacks on the server-side
✓ Pass: None of the certificates (intermediate, root) have expired
✕ Fail: Avoid old cipher suites
✓ Pass: Avoid RC4 ciphers
✓ Pass: Preferred ciphers must include AEAD ciphers
✓ Pass: Do not use weak certificate signatures
✕ Fail: Avoid weak SSL and TLS versions
✕ Fail: Avoid weak block cipher modes
✓ Pass: Avoid weak block ciphers
✓ Pass: Avoid export ciphers suites
✓ Pass: Avoid anonymous Diffie-Hellman suites
✓ Pass: Do not use revoked certificates
✓ Pass: Preferred ciphers must include perfect forward secrecy (PFS)
✓ Pass: The certificate's domain name must match
Scanned 1 asset
Network API
F www.bit-summit.com
Would be neat if we could catch that automatically I guess, makes this more of an enhancement request than a bug report tho.
The same error shows up when trying to scan http://mondoo.com
(note the explicit http not https)
./cnspec scan host http://mondoo.com
→ no Mondoo configuration file provided, using defaults
! No credentials provided. Switching to --incognito mode.
→ discover related assets for 1 asset(s)
mondoo.com ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% score
! resolver.db> failed to store data, types don't match asset=//policy.api.mondoo.com/assets/2YU9wulIQP9z4wQc6E3QTucasaB checksum=LydWJ7zhkO5DiirseJv69Xno8XXgJj9dLIh+j60lW1/L5AovumfYjuRrbawPan4dSYgEFLdyf4ws1irKGm5pIQ== data={"type"
:"\u0000"} expected=score received=unset
! resolver.db> failed to store data, types don't match asset=//policy.api.mondoo.com/assets/2YU9wulIQP9z4wQc6E3QTucasaB checksum=J3wPUaXo+YPkc28TNTVsi3GKXjagXheHsqzDkSPG1l3FcA0cTbKEk8viK5v5E3LYhNPNfkH9z34UfAA63m4myA== data={"type"
:"\u0004"} expected=score received=bool
x failed to send datapoints error="2 errors occurred:\n\t* failed to store data for \"LydWJ7zhkO5DiirseJv69Xno8XXgJj9dLIh+j60lW1/L5AovumfYjuRrbawPan4dSYgEFLdyf4ws1irKGm5pIQ==\", types don't match: expected score, got unset\n\t* fa
iled to store data for \"J3wPUaXo+YPkc28TNTVsi3GKXjagXheHsqzDkSPG1l3FcA0cTbKEk8viK5v5E3LYhNPNfkH9z34UfAA63m4myA==\", types don't match: expected score, got bool\n\n"
Asset: mondoo.com
-----------------
Checks:
! Error: Preferred ciphers must include perfect forward secrecy (PFS)
. Skipped: Do not use a self-signed certificate
✕ Fail: Avoid weak SSL and TLS versions
. Skipped: Do not use weak certificate signatures
...
I noticed that
cnspec scan host
fails for some domains.Here is an example