Malcolm v3.0.1 contains some important version updates for several of its components and fixes a few bugs. Please continue reading for more details.
List of changes in Malcolm v3.0.1:
- Version bumps
- Open Distro for Elastic (v1.13.0), which adds the following functionality over the previous release
- ODFE v1.13.0 is based on the Elastic components 7.10.2 (elasticsearch, kibana, logstash, beats)
- Zeek 3.0.13
- NGINX 1.19.7
- Alpine Linux 3.13 Docker base layer
- docker-compose 1.28.5 in Malcolm installable ISO version
- Restored the sankey visualization which was temporarily removed in Malcolm v3.0.0 (although there are still a few minor cosmetic issues with it)
- Removed port 8443 for upload (now just use /upload over the regular HTTPS port)
- Fixed issue with ODFE email alerts not being able to use self-signed SMTP certificates by importing CA certs in
nginx/ca-trustinto the JDK trust store for Elasticsearch and Logstash (see idaholab#37) - Don't expose the Elasticsearch 9200 by default, it must now be explicitly be enabled during
install.py -c(see idaholab#38) - For ISO-installed versions of Malcolm and Hedgehog Linux, populate
/etc/os-releasewith information about the build/release version - Populate user-agent for a few clients (Arkime's moloch-capture, some hedgehog test connection processes) so they're not just sent as blank when communicating with Malcolm
- Added Arkime link to Kibana dashboards' navigation pane
- Fix some issues in control script with older python3 versions (3.6.x) with
contextlib.nullcontextnot being available - Fix suggestion for yum-based distributions to install python 3 requests via pip
Malcolm and Hedgehog Linux may be obtained by pulling or building the Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on GitHub, but may be downloaded from https://malcolm.fyi/download/.