cisagov/Malcolm v23.03.0

Malcolm v23.03.0

on GitHub

Malcolm v23.03.0 is a release with enhancements, component version updates and bug fixes.

v23.02.0...v23.03.0

• Enhancements

  • Replace Zeek's misc/scan.zeek with ncsa/bro-simple-scan
  • terminate start and restart scripts once Malcolm has started properly (#240 and #241, thanks @Njinx)
  • minor usability improvements for ISO-installed Malcolm and Hedgehog (idaholab#155)
    • Added a "Configure Malcolm" menu item (under the "Internet" GTK menu with the other Malcolm stuff) and launcher on the top panel of icons in Malcolm. This runs ./scripts/install.py --configure in full screen. May look at starting this automatically on first boot in the future. (Malcolm)
    • Added Malcolm shortcut to gtk-3.0/bookmarks so it shows up in Thunar sidebar (Malcolm)
    • Added /opt/sensor/sensor_ctl shortcut to gtk-3.0/bookmarks so it shows up in Thunar sidebar (Hedgehog)
    • Have tilix from launcher panel start in /opt/sensor/sensor_ctl (Hedgehog)
  • minor tweaks to defaults for install.py --configure (enable offline-capable file scanners by default)
  • interrupt NetBox startup import script when netbox-restore is run
  • added NetBox restore logic to reset_and_auto_populate.sh script (used mostly for demos and presentations)

• Component version updates

  • Arkime to v4.2.0
  • OpenSearch and OpenSearch Dashboards to 2.6.0
  • Logstash from v8.4.0 to v8.6.1
  • Beats to v8.6.2
  • Zeek to v5.0.7
  • OpenSearch-Py to v2.2.0 (and remove opensearch-dsl which is now part of opensearch-py)
  • Supercronic to v0.2.2
  • Capa to v5.0.0
  • Fluent Bit to v2.0.9
  • Version updates to various Python package dependencies

• Fixes

  • last few seconds' Zeek logs prior to log rotation may be lost (idaholab#151)
  • in ISO-packaged Malcolm installation scripts directory, symlink netbox-backup and netbox-restore to control.py
  • improve opensearchpy connect/health check logig in pcap_watcher.py in pcap-monitor container

Malcolm and Hedgehog Linux may be obtained by pulling or building the Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on GitHub, but may be downloaded from https://malcolm.fyi/.