Skip to content

Commit

Permalink
Malcolm v2.5.0
Browse files Browse the repository at this point in the history 
- version bumps
  - Zeek 3.0.12
  - updates to latest cmake, llvm/clang tools, and bison for building
- updated Yara rules to include those for detecting SUNBURST malware
  • Loading branch information
@mmguero
mmguero committed Dec 16, 2020
1 parent a69164f commit 7c18748
Show file tree
Hide file tree
Showing 11 changed files with 92 additions and 92 deletions.
10 changes: 5 additions & 5 deletions Dockerfiles/zeek.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,20 +6,20 @@ ENV DEBIAN_FRONTEND noninteractive

# build zeek and plugins (spicy, additional protocol parsers, etc.)

ENV BISON_VERSION "3.7.2"
ENV BISON_VERSION "3.7.4"
ENV CCACHE_DIR "/var/spool/ccache"
ENV CCACHE_COMPRESS 1
ENV CMAKE_DIR "/opt/cmake"
ENV CMAKE_VERSION "3.18.4"
ENV CMAKE_VERSION "3.19.1"
ENV SPICY_DIR "/opt/spicy"
ENV SRC_BASE_DIR "/usr/local/src"
ENV ZEEK_DIR "/opt/zeek"
ENV ZEEK_PATCH_DIR "${SRC_BASE_DIR}/zeek-patches"
ENV ZEEK_SRC_DIR "${SRC_BASE_DIR}/zeek-${ZEEK_VERSION}"
ENV ZEEK_VERSION "3.0.11"
ENV ZEEK_VERSION "3.0.12"

# using clang now instead of gcc because Spicy depends on it
ENV LLVM_VERSION "10"
ENV LLVM_VERSION "11"
ENV CC "clang-${LLVM_VERSION}"
ENV CXX "clang++-${LLVM_VERSION}"
ENV ASM "clang-${LLVM_VERSION}"
Expand Down Expand Up @@ -109,7 +109,7 @@ ENV PUSER_PRIV_DROP true
ENV DEBIAN_FRONTEND noninteractive
ENV TERM xterm

ENV LLVM_VERSION "10"
ENV LLVM_VERSION "11"
ENV ZEEK_DIR "/opt/zeek"
ENV SPICY_DIR "/opt/spicy"

Expand Down
66 changes: 33 additions & 33 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,22 +160,22 @@ You can then observe that the images have been retrieved by running `docker imag
```
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
malcolmnetsec/curator 2.4.2 xxxxxxxxxxxx 40 hours ago 256MB
malcolmnetsec/elastalert 2.4.2 xxxxxxxxxxxx 40 hours ago 410MB
malcolmnetsec/elasticsearch-oss 2.4.2 xxxxxxxxxxxx 40 hours ago 690MB
malcolmnetsec/file-monitor 2.4.2 xxxxxxxxxxxx 39 hours ago 470MB
malcolmnetsec/file-upload 2.4.2 xxxxxxxxxxxx 39 hours ago 199MB
malcolmnetsec/filebeat-oss 2.4.2 xxxxxxxxxxxx 39 hours ago 555MB
malcolmnetsec/freq 2.4.2 xxxxxxxxxxxx 39 hours ago 390MB
malcolmnetsec/htadmin 2.4.2 xxxxxxxxxxxx 39 hours ago 180MB
malcolmnetsec/kibana-oss 2.4.2 xxxxxxxxxxxx 40 hours ago 1.16GB
malcolmnetsec/logstash-oss 2.4.2 xxxxxxxxxxxx 39 hours ago 1.41GB
malcolmnetsec/arkime 2.4.2 xxxxxxxxxxxx 17 hours ago 683MB
malcolmnetsec/name-map-ui 2.4.2 xxxxxxxxxxxx 39 hours ago 137MB
malcolmnetsec/nginx-proxy 2.4.2 xxxxxxxxxxxx 39 hours ago 120MB
malcolmnetsec/pcap-capture 2.4.2 xxxxxxxxxxxx 39 hours ago 111MB
malcolmnetsec/pcap-monitor 2.4.2 xxxxxxxxxxxx 39 hours ago 157MB
malcolmnetsec/zeek 2.4.2 xxxxxxxxxxxx 39 hours ago 887MB
malcolmnetsec/curator 2.5.0 xxxxxxxxxxxx 40 hours ago 256MB
malcolmnetsec/elastalert 2.5.0 xxxxxxxxxxxx 40 hours ago 410MB
malcolmnetsec/elasticsearch-oss 2.5.0 xxxxxxxxxxxx 40 hours ago 690MB
malcolmnetsec/file-monitor 2.5.0 xxxxxxxxxxxx 39 hours ago 470MB
malcolmnetsec/file-upload 2.5.0 xxxxxxxxxxxx 39 hours ago 199MB
malcolmnetsec/filebeat-oss 2.5.0 xxxxxxxxxxxx 39 hours ago 555MB
malcolmnetsec/freq 2.5.0 xxxxxxxxxxxx 39 hours ago 390MB
malcolmnetsec/htadmin 2.5.0 xxxxxxxxxxxx 39 hours ago 180MB
malcolmnetsec/kibana-oss 2.5.0 xxxxxxxxxxxx 40 hours ago 1.16GB
malcolmnetsec/logstash-oss 2.5.0 xxxxxxxxxxxx 39 hours ago 1.41GB
malcolmnetsec/arkime 2.5.0 xxxxxxxxxxxx 17 hours ago 683MB
malcolmnetsec/name-map-ui 2.5.0 xxxxxxxxxxxx 39 hours ago 137MB
malcolmnetsec/nginx-proxy 2.5.0 xxxxxxxxxxxx 39 hours ago 120MB
malcolmnetsec/pcap-capture 2.5.0 xxxxxxxxxxxx 39 hours ago 111MB
malcolmnetsec/pcap-monitor 2.5.0 xxxxxxxxxxxx 39 hours ago 157MB
malcolmnetsec/zeek 2.5.0 xxxxxxxxxxxx 39 hours ago 887MB
```

#### Import from pre-packaged tarballs
Expand Down Expand Up @@ -1434,7 +1434,7 @@ Building the ISO may take 30 minutes or more depending on your system. As the bu

```
Finished, created "/malcolm-build/malcolm-iso/malcolm-2.4.2.iso"
Finished, created "/malcolm-build/malcolm-iso/malcolm-2.5.0.iso"
```

Expand Down Expand Up @@ -1835,22 +1835,22 @@ Pulling zeek ... done
user@host:~/Malcolm$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
malcolmnetsec/curator 2.4.2 xxxxxxxxxxxx 40 hours ago 256MB
malcolmnetsec/elastalert 2.4.2 xxxxxxxxxxxx 40 hours ago 410MB
malcolmnetsec/elasticsearch-oss 2.4.2 xxxxxxxxxxxx 40 hours ago 690MB
malcolmnetsec/file-monitor 2.4.2 xxxxxxxxxxxx 39 hours ago 470MB
malcolmnetsec/file-upload 2.4.2 xxxxxxxxxxxx 39 hours ago 199MB
malcolmnetsec/filebeat-oss 2.4.2 xxxxxxxxxxxx 39 hours ago 555MB
malcolmnetsec/freq 2.4.2 xxxxxxxxxxxx 39 hours ago 390MB
malcolmnetsec/htadmin 2.4.2 xxxxxxxxxxxx 39 hours ago 180MB
malcolmnetsec/kibana-oss 2.4.2 xxxxxxxxxxxx 40 hours ago 1.16GB
malcolmnetsec/logstash-oss 2.4.2 xxxxxxxxxxxx 39 hours ago 1.41GB
malcolmnetsec/arkime 2.4.2 xxxxxxxxxxxx 17 hours ago 683MB
malcolmnetsec/name-map-ui 2.4.2 xxxxxxxxxxxx 39 hours ago 137MB
malcolmnetsec/nginx-proxy 2.4.2 xxxxxxxxxxxx 39 hours ago 120MB
malcolmnetsec/pcap-capture 2.4.2 xxxxxxxxxxxx 39 hours ago 111MB
malcolmnetsec/pcap-monitor 2.4.2 xxxxxxxxxxxx 39 hours ago 157MB
malcolmnetsec/zeek 2.4.2 xxxxxxxxxxxx 39 hours ago 887MB
malcolmnetsec/curator 2.5.0 xxxxxxxxxxxx 40 hours ago 256MB
malcolmnetsec/elastalert 2.5.0 xxxxxxxxxxxx 40 hours ago 410MB
malcolmnetsec/elasticsearch-oss 2.5.0 xxxxxxxxxxxx 40 hours ago 690MB
malcolmnetsec/file-monitor 2.5.0 xxxxxxxxxxxx 39 hours ago 470MB
malcolmnetsec/file-upload 2.5.0 xxxxxxxxxxxx 39 hours ago 199MB
malcolmnetsec/filebeat-oss 2.5.0 xxxxxxxxxxxx 39 hours ago 555MB
malcolmnetsec/freq 2.5.0 xxxxxxxxxxxx 39 hours ago 390MB
malcolmnetsec/htadmin 2.5.0 xxxxxxxxxxxx 39 hours ago 180MB
malcolmnetsec/kibana-oss 2.5.0 xxxxxxxxxxxx 40 hours ago 1.16GB
malcolmnetsec/logstash-oss 2.5.0 xxxxxxxxxxxx 39 hours ago 1.41GB
malcolmnetsec/arkime 2.5.0 xxxxxxxxxxxx 17 hours ago 683MB
malcolmnetsec/name-map-ui 2.5.0 xxxxxxxxxxxx 39 hours ago 137MB
malcolmnetsec/nginx-proxy 2.5.0 xxxxxxxxxxxx 39 hours ago 120MB
malcolmnetsec/pcap-capture 2.5.0 xxxxxxxxxxxx 39 hours ago 111MB
malcolmnetsec/pcap-monitor 2.5.0 xxxxxxxxxxxx 39 hours ago 157MB
malcolmnetsec/zeek 2.5.0 xxxxxxxxxxxx 39 hours ago 887MB
```

Finally, we can start Malcolm. When Malcolm starts it will stream informational and debug messages to the console. If you wish, you can safely close the console or use `Ctrl+C` to stop these messages; Malcolm will continue running in the background.
Expand Down
32 changes: 16 additions & 16 deletions docker-compose-standalone.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ x-pcap-capture-variables: &pcap-capture-variables

services:
elasticsearch:
image: malcolmnetsec/elasticsearch-oss:2.4.2
image: malcolmnetsec/elasticsearch-oss:2.5.0
restart: "no"
stdin_open: false
tty: true
Expand Down Expand Up @@ -161,7 +161,7 @@ services:
retries: 3
start_period: 180s
kibana:
image: malcolmnetsec/kibana-oss:2.4.2
image: malcolmnetsec/kibana-oss:2.5.0
restart: "no"
stdin_open: false
tty: true
Expand All @@ -187,7 +187,7 @@ services:
retries: 3
start_period: 210s
elastalert:
image: malcolmnetsec/elastalert:2.4.2
image: malcolmnetsec/elastalert:2.5.0
restart: "no"
stdin_open: false
tty: true
Expand Down Expand Up @@ -215,7 +215,7 @@ services:
retries: 3
start_period: 210s
curator:
image: malcolmnetsec/curator:2.4.2
image: malcolmnetsec/curator:2.5.0
restart: "no"
stdin_open: false
tty: true
Expand All @@ -234,7 +234,7 @@ services:
retries: 3
start_period: 30s
logstash:
image: malcolmnetsec/logstash-oss:2.4.2
image: malcolmnetsec/logstash-oss:2.5.0
restart: "no"
stdin_open: false
tty: true
Expand Down Expand Up @@ -267,7 +267,7 @@ services:
retries: 3
start_period: 600s
filebeat:
image: malcolmnetsec/filebeat-oss:2.4.2
image: malcolmnetsec/filebeat-oss:2.5.0
restart: "no"
stdin_open: false
tty: true
Expand Down Expand Up @@ -304,7 +304,7 @@ services:
retries: 3
start_period: 60s
arkime:
image: malcolmnetsec/arkime:2.4.2
image: malcolmnetsec/arkime:2.5.0
restart: "no"
stdin_open: false
tty: true
Expand Down Expand Up @@ -343,7 +343,7 @@ services:
retries: 3
start_period: 210s
zeek:
image: malcolmnetsec/zeek:2.4.2
image: malcolmnetsec/zeek:2.5.0
restart: "no"
stdin_open: false
tty: true
Expand All @@ -369,7 +369,7 @@ services:
retries: 3
start_period: 60s
file-monitor:
image: malcolmnetsec/file-monitor:2.4.2
image: malcolmnetsec/file-monitor:2.5.0
restart: "no"
stdin_open: false
tty: true
Expand All @@ -390,7 +390,7 @@ services:
retries: 3
start_period: 60s
pcap-capture:
image: malcolmnetsec/pcap-capture:2.4.2
image: malcolmnetsec/pcap-capture:2.5.0
restart: "no"
stdin_open: false
tty: true
Expand All @@ -416,7 +416,7 @@ services:
retries: 3
start_period: 60s
pcap-monitor:
image: malcolmnetsec/pcap-monitor:2.4.2
image: malcolmnetsec/pcap-monitor:2.5.0
restart: "no"
stdin_open: false
tty: true
Expand All @@ -439,7 +439,7 @@ services:
retries: 3
start_period: 90s
upload:
image: malcolmnetsec/file-upload:2.4.2
image: malcolmnetsec/file-upload:2.5.0
restart: "no"
stdin_open: false
tty: true
Expand All @@ -465,7 +465,7 @@ services:
retries: 3
start_period: 60s
htadmin:
image: malcolmnetsec/htadmin:2.4.2
image: malcolmnetsec/htadmin:2.5.0
restart: "no"
stdin_open: false
tty: true
Expand All @@ -487,7 +487,7 @@ services:
retries: 3
start_period: 60s
freq:
image: malcolmnetsec/freq:2.4.2
image: malcolmnetsec/freq:2.5.0
restart: "no"
stdin_open: false
tty: true
Expand All @@ -505,7 +505,7 @@ services:
retries: 3
start_period: 60s
name-map-ui:
image: malcolmnetsec/name-map-ui:2.4.2
image: malcolmnetsec/name-map-ui:2.5.0
restart: "no"
stdin_open: false
tty: true
Expand All @@ -526,7 +526,7 @@ services:
retries: 3
start_period: 60s
nginx-proxy:
image: malcolmnetsec/nginx-proxy:2.4.2
image: malcolmnetsec/nginx-proxy:2.5.0
restart: "no"
stdin_open: false
tty: true
Expand Down
Loading

0 comments on commit 7c18748

Please sign in to comment.