-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathmondoo-linux-operational-policy.mql.yaml
95 lines (69 loc) · 5.38 KB
/
mondoo-linux-operational-policy.mql.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# Copyright (c) Mondoo, Inc.
# SPDX-License-Identifier: BUSL-1.1
policies:
- uid: linux-operational-policy
name: Linux Server Operational Policy
version: 1.1.0
license: BUSL-1.1
tags:
mondoo.com/category: best-practices
mondoo.com/platform: linux
authors:
- name: Mondoo, Inc
email: [email protected]
docs:
desc: |-
Linux Server Operational Policy by Mondoo provides guidance for operational best practices on Linux hosts.
## Local scan
Local scan refer to scans of files and operating systems where cnspec is installed.
To scan the `localhost` against this policy:
```bash
cnspec scan local
```
## Remote scan
Remote scans use cnspec providers to retrieve on-demand scan results without having to install any agents.
For a complete list of providers run:
```bash
cnspec scan --help
```
### Prerequisites
Remote scans of Linux hosts requires authentication such as SSH keys.
### Scan a remote Linux host (SSH authentication)
```bash
cnspec scan ssh <user>@<IP_ADDRESS> -i /path/to/ssh_key
```
## Join the community!
Our goal is to build policies that are simple to deploy, accurate, and actionable.
If you have any suggestions for how to improve this policy, or if you need support, [join the community](https://github.com/orgs/mondoohq/discussions) in GitHub Discussions.
groups:
- filters: asset.family.contains("linux")
checks:
- uid: linux-operational-policy-disk-usage
- uid: linux-operational-policy-memory-usage
queries:
- uid: linux-operational-policy-disk-usage
title: Ensure disk usage is under 80%
mql: |
command('df --output=source,pcent | grep -vE "^Filesystem|tmpfs|cdrom|loop|udev"').stdout.trim.split("\n").all(trim("%").split(" ").last < 80 )
docs:
desc: |
Monitoring disk usage is important for several reasons:
Avoiding data loss: When a disk becomes full, there may not be enough space to save new data. This can result in data loss, which can be catastrophic if the lost data is important. Monitoring disk usage helps prevent this by alerting you when a disk is close to capacity, giving you time to either delete unnecessary files or add more storage capacity.
Maintaining system performance: When a disk is close to full, it can slow down the performance of your computer or server. This is because the operating system may have to work harder to find space to write new data. By monitoring disk usage and freeing up space when necessary, you can help maintain system performance.
Planning for future storage needs: Monitoring disk usage over time can help you identify trends in how much data your organization is storing and how quickly you're running out of space. This can help you plan for future storage needs and ensure that you have enough storage capacity to meet your organization's needs.
Complying with regulations: In some industries, there are regulations that require organizations to retain data for a certain period of time. By monitoring disk usage, you can ensure that you have enough storage capacity to meet these requirements.
Overall, monitoring disk usage is important for ensuring data availability, maintaining system performance, planning for future storage needs, and complying with regulations.
remediation: ""
- uid: linux-operational-policy-memory-usage
title: Ensure memory usage is under 80%
mql: |
command("free | grep Mem | awk '{print $3/$2 * 100.0}'").stdout.trim < 80.0
docs:
desc: |
Monitoring memory usage is important for several reasons:
Maintaining system performance: Memory (also known as RAM) is a crucial resource for your computer or server. If your system runs out of available memory, it may have to resort to using slower storage devices (such as a hard disk) as virtual memory, which can result in significant performance slowdowns. Monitoring memory usage can help you identify when your system is running low on memory and take corrective action to maintain performance.
Avoiding crashes and freezes: When your system runs out of memory, it may crash or freeze, causing you to lose unsaved work and potentially damaging the system itself. Monitoring memory usage can help you identify potential memory-related issues before they cause a crash or freeze.
Identifying memory leaks: A memory leak occurs when a program or process doesn't release memory that it no longer needs, causing memory usage to increase over time. If left unchecked, memory leaks can lead to a system running out of memory and crashing. Monitoring memory usage can help you identify which programs or processes are causing memory usage to increase over time, allowing you to take corrective action.
Optimizing system resources: By monitoring memory usage, you can identify which programs or processes are using the most memory and make decisions about how to allocate system resources. For example, you might decide to close a memory-intensive program to free up memory for other programs that you're currently using.
Overall, monitoring memory usage is important for maintaining system performance, avoiding crashes and freezes, identifying memory leaks, and optimizing system resources.
remediation: ""