3.3.0 development (#173)

* New features
    * Automatically create some broadly useful anomaly detectors when initializing Kibana
        * connection size
        * file transfer MIME type
        * action and result (by application protocol)
    * Configurable [event severity scoring](https://github.com/cisagov/malcolm/tree/main#Severity) (idaholab#19) and new **Severity** dashboard

* Other changes
    * vagrant-based ISO build can now work with either VirtualBox or libvirt providers
    * change wording of terms such as "master"/"slave" to "client"/"server" as instructed by DHS directive

* Version updates
    * Update base image for Debian-based Docker images from 10 (buster) to 11 (bullseye)
    * Update Yara to 4.1.2
    * Update Capa to 2.0.0
    * Update Spicy to 1.2.1
    * Update remainder of python 2 code to python 3

Dockerfiles/arkime.Dockerfile

@@ -1,4 +1,4 @@
-FROM debian:buster-slim AS build
+FROM debian:bullseye-slim AS build
 
 # Copyright (c) 2021 Battelle Energy Alliance, LLC.  All rights reserved.
 
@@ -16,8 +16,7 @@ ADD README.md $ARKIMEDIR/doc/
 ADD doc.css $ARKIMEDIR/doc/
 ADD docs/images $ARKIMEDIR/doc/images/
 
-RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list && \
-    apt-get -q update && \
+RUN apt-get -q update && \
     apt-get install -q -y --no-install-recommends \
         binutils \
         bison \
@@ -84,10 +83,10 @@ RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list
     npm cache clean --force && \
     bash -c "file ${ARKIMEDIR}/bin/* ${ARKIMEDIR}/node-v*/bin/* | grep 'ELF 64-bit' | sed 's/:.*//' | xargs -l -r strip -v --strip-unneeded"
 
-FROM debian:buster-slim
+FROM debian:bullseye-slim
 
-LABEL maintainer="malcolm[email protected]"
-LABEL org.opencontainers.image.authors='malcolm[email protected]'
+LABEL maintainer="malcolm@inl.gov"
+LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/cisagov/Malcolm'
 LABEL org.opencontainers.image.documentation='https://github.com/cisagov/Malcolm/blob/main/README.md'
 LABEL org.opencontainers.image.source='https://github.com/cisagov/Malcolm'
@@ -142,7 +141,7 @@ ENV PCAP_MONITOR_HOST $PCAP_MONITOR_HOST
 
 COPY --from=build $ARKIMEDIR $ARKIMEDIR
 
-RUN sed -i "s/buster main/buster main contrib non-free/" /etc/apt/sources.list && \
+RUN sed -i "s/bullseye main/bullseye main contrib non-free/g" /etc/apt/sources.list && \
     apt-get -q update && \
     apt-get install -q -y --no-install-recommends \
       curl \
@@ -176,7 +175,7 @@ RUN sed -i "s/buster main/buster main contrib non-free/" /etc/apt/sources.list &
     ln -sfr $ARKIMEDIR/bin/npm /usr/local/bin/npm && \
       ln -sfr $ARKIMEDIR/bin/node /usr/local/bin/node && \
       ln -sfr $ARKIMEDIR/bin/npx /usr/local/bin/npx && \
-    apt-get -q -y --purge remove gcc gcc-8 cpp cpp-8 libssl-dev && \
+    apt-get -q -y --purge remove gcc gcc-10 cpp cpp-10 libssl-dev && \
       apt-get -q -y autoremove && \
       apt-get clean && \
       rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

Dockerfiles/elasticsearch.Dockerfile

@@ -1,8 +1,8 @@
 FROM amazon/opendistro-for-elasticsearch:1.13.2
 
 # Copyright (c) 2021 Battelle Energy Alliance, LLC.  All rights reserved.
-LABEL maintainer="malcolm[email protected]"
-LABEL org.opencontainers.image.authors='malcolm[email protected]'
+LABEL maintainer="malcolm@inl.gov"
+LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/cisagov/Malcolm'
 LABEL org.opencontainers.image.documentation='https://github.com/cisagov/Malcolm/blob/main/README.md'
 LABEL org.opencontainers.image.source='https://github.com/cisagov/Malcolm'

Dockerfiles/file-monitor.Dockerfile

@@ -1,8 +1,8 @@
-FROM debian:buster-slim
+FROM debian:bullseye-slim
 
 # Copyright (c) 2021 Battelle Energy Alliance, LLC.  All rights reserved.
-LABEL maintainer="malcolm[email protected]"
-LABEL org.opencontainers.image.authors='malcolm[email protected]'
+LABEL maintainer="malcolm@inl.gov"
+LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/cisagov/Malcolm'
 LABEL org.opencontainers.image.documentation='https://github.com/cisagov/Malcolm/blob/main/README.md'
 LABEL org.opencontainers.image.source='https://github.com/cisagov/Malcolm'
@@ -81,12 +81,12 @@ ENV EXTRACTED_FILE_ENABLE_CAPA $EXTRACTED_FILE_ENABLE_CAPA
 ENV EXTRACTED_FILE_CAPA_VERBOSE $EXTRACTED_FILE_CAPA_VERBOSE
 ENV SRC_BASE_DIR "/usr/local/src"
 ENV CLAMAV_RULES_DIR "/var/lib/clamav"
-ENV YARA_VERSION "4.1.1"
+ENV YARA_VERSION "4.1.2"
 ENV YARA_URL "https://github.com/VirusTotal/yara/archive/v${YARA_VERSION}.tar.gz"
 ENV YARA_RULES_URL "https://github.com/Neo23x0/signature-base"
 ENV YARA_RULES_DIR "/yara-rules"
 ENV YARA_RULES_SRC_DIR "$SRC_BASE_DIR/signature-base"
-ENV CAPA_VERSION "1.6.3"
+ENV CAPA_VERSION "2.0.0"
 ENV CAPA_URL "https://github.com/fireeye/capa/releases/download/v${CAPA_VERSION}/capa-v${CAPA_VERSION}-linux.zip"
 ENV CAPA_DIR "/opt/capa"
 ENV CAPA_BIN "${CAPA_DIR}/capa"
@@ -102,8 +102,8 @@ ENV SUPERCRONIC "supercronic-linux-amd64"
 ENV SUPERCRONIC_SHA1SUM "048b95b48b708983effb2e5c935a1ef8483d9e3e"
 ENV SUPERCRONIC_CRONTAB "/etc/crontab"
 
-RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list && \
-    apt-get update && \
+RUN sed -i "s/bullseye main/bullseye main contrib non-free/g" /etc/apt/sources.list && \
+    apt-get -q update && \
     apt-get install --no-install-recommends -y -q \
       automake \
       bc \
@@ -183,9 +183,6 @@ RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list
       apt-get clean && \
       rm -rf /var/lib/apt/lists/* /tmp/* && \
     mkdir -p /var/log/clamav "${CLAMAV_RULES_DIR}" && \
-    curl -s -S -L -o "${CLAMAV_RULES_DIR}"/main.cvd http://database.clamav.net/main.cvd && \
-      curl -s -S -L -o "${CLAMAV_RULES_DIR}"/daily.cvd http://database.clamav.net/daily.cvd && \
-      curl -s -S -L -o "${CLAMAV_RULES_DIR}"/bytecode.cvd http://database.clamav.net/bytecode.cvd && \
     groupadd --gid ${DEFAULT_GID} ${PGROUP} && \
       useradd -m --uid ${DEFAULT_UID} --gid ${DEFAULT_GID} ${PUSER} && \
       usermod -a -G tty ${PUSER} && \

Dockerfiles/file-upload.Dockerfile

@@ -1,4 +1,4 @@
-FROM debian:buster-slim AS build
+FROM debian:bullseye-slim AS build
 
 # Copyright (c) 2021 Battelle Energy Alliance, LLC.  All rights reserved.
 
@@ -23,10 +23,10 @@ RUN apt-get update && \
     rm -rf /jQuery-File-Upload/*.html /jQuery-File-Upload/test/ /jQuery-File-Upload/server/gae-go/ \
            /jQuery-File-Upload/server/gae-python/
 
-FROM debian:buster-slim AS runtime
+FROM debian:bullseye-slim AS runtime
 
-LABEL maintainer="malcolm[email protected]"
-LABEL org.opencontainers.image.authors='malcolm[email protected]'
+LABEL maintainer="malcolm@inl.gov"
+LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/cisagov/Malcolm'
 LABEL org.opencontainers.image.documentation='https://github.com/cisagov/Malcolm/blob/main/README.md'
 LABEL org.opencontainers.image.source='https://github.com/cisagov/Malcolm'
@@ -48,6 +48,9 @@ ENV PUSER_PRIV_DROP false
 ENV DEBIAN_FRONTEND noninteractive
 ENV TERM xterm
 
+ARG PHP_VERSION=7.4
+ENV PHP_VERSION $PHP_VERSION
+
 COPY --from=build /jQuery-File-Upload/ /var/www/upload/
 
 RUN apt-get update && \
@@ -58,9 +61,9 @@ RUN apt-get update && \
       supervisor \
       vim-tiny \
       less \
-      php7.3-gd \
-      php7.3-fpm \
-      php7.3-apcu \
+      php$PHP_VERSION \
+      php$PHP_VERSION-fpm \
+      php$PHP_VERSION-apcu \
       nginx-light && \
     apt-get clean -y -q && \
     rm -rf /var/lib/apt/lists/*
@@ -72,7 +75,7 @@ ADD file-upload/jquery-file-upload/bootstrap.min.css /var/www/upload/bower_compo
 ADD file-upload/jquery-file-upload/index.html /var/www/upload/index.html
 ADD file-upload/jquery-file-upload/index.php /var/www/upload/server/php/index.php
 ADD file-upload/nginx/sites-available/default /etc/nginx/sites-available/default
-ADD file-upload/php/php.ini /etc/php/7.3/fpm/php.ini
+ADD file-upload/php/php.ini /etc/php/$PHP_VERSION/fpm/php.ini
 ADD file-upload/sshd_config /tmp/sshd_config
 ADD file-upload/supervisord.conf /supervisord.conf
 

Dockerfiles/filebeat.Dockerfile

@@ -1,8 +1,8 @@
 FROM docker.elastic.co/beats/filebeat-oss:7.10.2
 
 # Copyright (c) 2021 Battelle Energy Alliance, LLC.  All rights reserved.
-LABEL maintainer="malcolm[email protected]"
-LABEL org.opencontainers.image.authors='malcolm[email protected]'
+LABEL maintainer="malcolm@inl.gov"
+LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/cisagov/Malcolm'
 LABEL org.opencontainers.image.documentation='https://github.com/cisagov/Malcolm/blob/main/README.md'
 LABEL org.opencontainers.image.source='https://github.com/cisagov/Malcolm'

Dockerfiles/freq.Dockerfile

@@ -1,8 +1,8 @@
-FROM debian:buster-slim
+FROM debian:bullseye-slim
 
 # Copyright (c) 2021 Battelle Energy Alliance, LLC.  All rights reserved.
-LABEL maintainer="malcolm[email protected]"
-LABEL org.opencontainers.image.authors='malcolm[email protected]'
+LABEL maintainer="malcolm@inl.gov"
+LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/cisagov/Malcolm'
 LABEL org.opencontainers.image.documentation='https://github.com/cisagov/Malcolm/blob/main/README.md'
 LABEL org.opencontainers.image.source='https://github.com/cisagov/Malcolm'
@@ -29,16 +29,15 @@ ENV FREQ_LOOKUP $FREQ_LOOKUP
 
 ENV FREQ_URL "https://codeload.github.com/markbaggett/freq/tar.gz/master"
 
-RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list && \
-    apt-get update && \
+RUN apt-get update && \
     apt-get  -y -q install \
       curl \
       procps \
       psmisc \
       python3 \
       python3-dev \
       python3-pip && \
-    pip3 install supervisor && \
+    pip3 install supervisor six && \
     cd /opt && \
     mkdir -p ./freq_server && \
       curl -sSL "$FREQ_URL" | tar xzvf - -C ./freq_server --strip-components 1 && \

Dockerfiles/htadmin.Dockerfile

@@ -1,8 +1,8 @@
-FROM debian:buster-slim
+FROM debian:bullseye-slim
 
 # Copyright (c) 2021 Battelle Energy Alliance, LLC.  All rights reserved.
-LABEL maintainer="malcolm[email protected]"
-LABEL org.opencontainers.image.authors='malcolm[email protected]'
+LABEL maintainer="malcolm@inl.gov"
+LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/cisagov/Malcolm'
 LABEL org.opencontainers.image.documentation='https://github.com/cisagov/Malcolm/blob/main/README.md'
 LABEL org.opencontainers.image.source='https://github.com/cisagov/Malcolm'
@@ -23,8 +23,8 @@ ENV PUSER_PRIV_DROP false
 ENV DEBIAN_FRONTEND noninteractive
 ENV TERM xterm
 
-ARG PHP_VERSION=7.3
-ARG MCRYPT_VERSION=1.0.2
+ARG PHP_VERSION=7.4
+ARG MCRYPT_VERSION=1.0.4
 ARG BOOTSTRAP_VERSION=3.3.6
 
 ENV PHP_VERSION $PHP_VERSION
@@ -35,7 +35,6 @@ ENV HTADMIN_URL "https://codeload.github.com/mmguero-dev/htadmin/tar.gz/master"
 
 RUN apt-get update && \
     apt-get -y -q --allow-downgrades --allow-remove-essential --allow-change-held-packages --no-install-recommends install \
-      bcrypt \
       ca-certificates \
       curl \
       libmcrypt-dev \

Dockerfiles/kibana-helper.Dockerfile

@@ -1,8 +1,8 @@
 FROM alpine:3.14
 
 # Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
-LABEL maintainer="malcolm[email protected]"
-LABEL org.opencontainers.image.authors='malcolm[email protected]'
+LABEL maintainer="malcolm@inl.gov"
+LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/cisagov/Malcolm'
 LABEL org.opencontainers.image.documentation='https://github.com/cisagov/Malcolm/blob/main/README.md'
 LABEL org.opencontainers.image.source='https://github.com/cisagov/Malcolm'
@@ -48,6 +48,7 @@ ENV SUPERCRONIC_SHA1SUM "048b95b48b708983effb2e5c935a1ef8483d9e3e"
 ENV SUPERCRONIC_CRONTAB "/etc/crontab"
 
 ADD kibana/dashboards /opt/kibana/dashboards
+ADD kibana/anomaly_detectors /opt/kibana/anomaly_detectors
 ADD kibana/maps /opt/maps
 ADD kibana/scripts /data/
 ADD kibana/supervisord.conf /etc/supervisord.conf
@@ -69,7 +70,7 @@ RUN apk --no-cache add bash python3 py3-pip curl procps psmisc npm shadow jq &&
       addgroup ${PUSER} tty ; \
       addgroup ${PUSER} shadow ; \
     mkdir -p /data/init && \
-    chown -R ${PUSER}:${PGROUP} /opt/kibana/dashboards /opt/maps /data/init && \
+    chown -R ${PUSER}:${PGROUP} /opt/kibana/dashboards /opt/maps /data/init /opt/kibana/anomaly_detectors && \
     chmod 755 /data/*.sh /data/*.py /data/init && \
     chmod 400 /opt/maps/* && \
     (echo -e "*/2 * * * * /data/kibana-create-moloch-sessions-index.sh\n0 10 * * * /data/kibana_index_refresh.py --template zeek_template\n*/20 * * * * /data/elastic_index_size_prune.py" > ${SUPERCRONIC_CRONTAB})

Dockerfiles/kibana.Dockerfile

@@ -54,7 +54,7 @@ RUN git clone --single-branch --depth=1 --recurse-submodules --shallow-submodule
 
 RUN eval "$(nodenv init -)" && \
     mkdir -p /usr/share/kibana/plugins && \
-    git clone --depth 1 --recurse-submodules --shallow-submodules --single-branch --branch feature/update_7.10.1 https://github.com/mmguero-dev/kbn_sankey_vis.git /usr/share/kibana/plugins/sankey_vis && \
+    git clone --depth 1 --recurse-submodules --shallow-submodules --single-branch --branch master https://github.com/mmguero-dev/kbn_sankey_vis.git /usr/share/kibana/plugins/sankey_vis && \
     cd /usr/share/kibana/plugins/sankey_vis && \
     yarn kbn bootstrap && \
     yarn install && \
@@ -63,8 +63,8 @@ RUN eval "$(nodenv init -)" && \
 
 FROM amazon/opendistro-for-elasticsearch-kibana:1.13.2
 
-LABEL maintainer="malcolm[email protected]"
-LABEL org.opencontainers.image.authors='malcolm[email protected]'
+LABEL maintainer="malcolm@inl.gov"
+LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/cisagov/Malcolm'
 LABEL org.opencontainers.image.documentation='https://github.com/cisagov/Malcolm/blob/main/README.md'
 LABEL org.opencontainers.image.source='https://github.com/cisagov/Malcolm'
@@ -88,6 +88,7 @@ ARG ARKIME_INDEX_PATTERN="sessions2-*"
 ARG ARKIME_INDEX_PATTERN_ID="sessions2-*"
 ARG ARKIME_INDEX_TIME_FIELD="firstPacket"
 ARG KIBANA_DEFAULT_DASHBOARD="0ad3d7c2-3441-485e-9dfe-dbb22e84e576"
+ARG NODE_OPTIONS="--max_old_space_size=4096"
 
 ENV CREATE_ES_ARKIME_SESSION_INDEX $CREATE_ES_ARKIME_SESSION_INDEX
 ENV ARKIME_INDEX_PATTERN $ARKIME_INDEX_PATTERN
@@ -99,6 +100,7 @@ ENV KIBANA_OFFLINE_REGION_MAPS_PORT $KIBANA_OFFLINE_REGION_MAPS_PORT
 ENV PATH="/data:${PATH}"
 ENV ELASTICSEARCH_URL $ELASTICSEARCH_URL
 ENV KIBANA_DEFAULT_DASHBOARD $KIBANA_DEFAULT_DASHBOARD
+ENV NODE_OPTIONS $NODE_OPTIONS
 
 USER root
 

Dockerfiles/logstash.Dockerfile

@@ -43,8 +43,8 @@ RUN cd /opt && \
 
 FROM docker.elastic.co/logstash/logstash-oss:7.10.2
 
-LABEL maintainer="malcolm[email protected]"
-LABEL org.opencontainers.image.authors='malcolm[email protected]'
+LABEL maintainer="malcolm@inl.gov"
+LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/cisagov/Malcolm'
 LABEL org.opencontainers.image.documentation='https://github.com/cisagov/Malcolm/blob/main/README.md'
 LABEL org.opencontainers.image.source='https://github.com/cisagov/Malcolm'

Dockerfiles/name-map-ui.Dockerfile

@@ -1,8 +1,8 @@
 FROM alpine:3.14
 
 # Copyright (c) 2021 Battelle Energy Alliance, LLC.  All rights reserved.
-LABEL maintainer="malcolm[email protected]"
-LABEL org.opencontainers.image.authors='malcolm[email protected]'
+LABEL maintainer="malcolm@inl.gov"
+LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/cisagov/Malcolm'
 LABEL org.opencontainers.image.documentation='https://github.com/cisagov/Malcolm/blob/main/README.md'
 LABEL org.opencontainers.image.source='https://github.com/cisagov/Malcolm'

Dockerfiles/nginx.Dockerfile

@@ -34,16 +34,17 @@ RUN set -x ; \
     cd /apkbuild ; \
     tar xvf /aports-master.tar.gz aports-master/community/stunnel ; \
     cd /apkbuild/aports-master/community/stunnel ; \
+    sed -i "s@www\.stunnel\.org/downloads/@ftp.osuosl.org/pub/blfs/conglomeration/stunnel/@" APKBUILD ; \
     abuild-keygen -a -i -n ; \
     abuild checksum ; \
-    abuild -R
+    abuild -f -R
 
 ####################################################################################
 
 FROM alpine:3.13
 
-LABEL maintainer="malcolm[email protected]"
-LABEL org.opencontainers.image.authors='malcolm[email protected]'
+LABEL maintainer="malcolm@inl.gov"
+LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/cisagov/Malcolm'
 LABEL org.opencontainers.image.documentation='https://github.com/cisagov/Malcolm/blob/main/README.md'
 LABEL org.opencontainers.image.source='https://github.com/cisagov/Malcolm'

Dockerfiles/pcap-capture.Dockerfile

@@ -1,8 +1,8 @@
-FROM debian:buster-slim
+FROM debian:bullseye-slim
 
 # Copyright (c) 2021 Battelle Energy Alliance, LLC.  All rights reserved.
-LABEL maintainer="malcolm[email protected]"
-LABEL org.opencontainers.image.authors='malcolm[email protected]'
+LABEL maintainer="malcolm@inl.gov"
+LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/cisagov/Malcolm'
 LABEL org.opencontainers.image.documentation='https://github.com/cisagov/Malcolm/blob/main/README.md'
 LABEL org.opencontainers.image.source='https://github.com/cisagov/Malcolm'
@@ -74,8 +74,8 @@ RUN apt-get update && \
       chmod -R 750 /etc/supervisor.d && \
     chown root:${PGROUP} /sbin/ethtool && \
       setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /sbin/ethtool && \
-    chown root:${PGROUP} /usr/sbin/tcpdump && \
-      setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/sbin/tcpdump && \
+    chown root:${PGROUP} /usr/bin/tcpdump && \
+      setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/tcpdump && \
     chown root:${PGROUP} /usr/sbin/netsniff-ng && \
       setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip CAP_IPC_LOCK+eip CAP_SYS_ADMIN+eip' /usr/sbin/netsniff-ng && \
     chmod 755 /usr/local/bin/*.sh

Dockerfiles/pcap-monitor.Dockerfile

@@ -1,8 +1,8 @@
-FROM debian:buster-slim
+FROM debian:bullseye-slim
 
 # Copyright (c) 2021 Battelle Energy Alliance, LLC.  All rights reserved.
-LABEL maintainer="malcolm[email protected]"
-LABEL org.opencontainers.image.authors='malcolm[email protected]'
+LABEL maintainer="malcolm@inl.gov"
+LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/cisagov/Malcolm'
 LABEL org.opencontainers.image.documentation='https://github.com/cisagov/Malcolm/blob/main/README.md'
 LABEL org.opencontainers.image.source='https://github.com/cisagov/Malcolm'
@@ -53,7 +53,7 @@ RUN apt-get update && \
       vim-tiny && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/* && \
-    pip3 install --no-cache-dir elasticsearch elasticsearch_dsl pyzmq pyinotify python-magic && \
+    pip3 install --no-cache-dir elasticsearch==7.10.1 elasticsearch_dsl==7.4.0 pyzmq pyinotify python-magic && \
     groupadd --gid ${DEFAULT_GID} ${PGROUP} && \
       useradd -M --uid ${DEFAULT_UID} --gid ${DEFAULT_GID} ${PUSER}