Skip to content

Malcolm v2.0.5
Compare
Choose a tag to compare
@mmguero mmguero released this 28 May 20:00
v2.0.5
8062b49

This release includes the following minor fixes and improvements:

idaholab/Malcolm@v2.0.4...v2.0.5

  • bump Curator from 5.7.6 to 5.8.1
  • build Docker images in a way that should result in smaller images by downloading artifacts inside the build process of the container with RUN rather than with ADD or with git clone
  • bump Moloch from 2.2.3 to 2.3.0
  • bump nginx (main nginx-proxy container) from 1.17.9 to 1.19.0
  • bump Zeek from 3.0.5 to 3.0.6
  • build Zeek with clang/llvm (instead of gcc)
  • build Spicy plugin with Zeek
  • added zeek-sniffpass Zeek plugin
  • added zeek-httpattacks Zeek plugin
  • documentation fixes
  • bump indices.query.bool.max_clause_count to 2048 for elasticsearch
  • fix #134, wait until Elasticsearch has log data before starting ElastAlert
  • fix some Kibana dashboards' "Notice" visualizations to include zeek_notice.msg
  • fix some Kibana dashboards where a timezone was hard-coded in the dashboard JSON
  • remove _dateparsefailure tag in finalization of Logstash enrichment filters
  • merge in fixes from development branch dealing with logs from corelight/bro-xor-exe-plugin to make files.log entries searchable and notice.log entries more meaningful
  • populate zeek.action from SNMP logs where possible
  • various fixes/tweaks to WISE data source for Moloch
  • reduce debug log verbosity when being fed by a Hedgehog
  • minor tweaks to setting up template file for LDAP login information
  • bump netsniff-ng from 0.6.6 to 0.6.7 in Hedgehog
  • remove recommendation to install haveged, include random.trust_cpu=on CPU flag in ISO kernel boot parameters
  • handle dhcp.log client_software and server_software fields
  • preprocessing of Zeek log files prior to sending them to filebeat was affected: ordered-set broke compatibility with python 2.7 either with this commit (rspeer/ordered-set@a412f22) or earlier; rather than using the latest release, use 3.1.1 which is the last one that worked; see also rspeer/ordered-set#59
  • cut verbosity of stuff from hedgehog (POST) requests

Malcolm and Hedgehog Linux may be obtained by pulling or building the Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on Github, but may be downloaded from https://malcolm.fyi/download/.

Assets 7
Loading