diff --git a/README.md b/README.md index fb0d11428..c0fa592c7 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,7 @@ In short, Malcolm provides an easily deployable network analysis tool suite for ## Table of Contents +* [Automated Build Workflows Status](#BuildBadges) * [Quick start](#QuickStart) * [Getting Malcolm](#GetMalcolm) * [User interface](#UserInterfaceURLs) @@ -97,6 +98,28 @@ In short, Malcolm provides an easily deployable network analysis tool suite for * [Copyright](#Footer) * [Contact](#Contact) +## Automated Builds Status + +See [**Building from source**](#Build) to read how you can use GitHub [workflow files](./.github/workflows/) to build Malcolm. + +![arkime-build-and-push-ghcr](https://github.com/cisagov/Malcolm/workflows/arkime-build-and-push-ghcr/badge.svg) +![dashboards-build-and-push-ghcr](https://github.com/cisagov/Malcolm/workflows/dashboards-build-and-push-ghcr/badge.svg) +![dashboards-helper-build-and-push-ghcr](https://github.com/cisagov/Malcolm/workflows/dashboards-helper-build-and-push-ghcr/badge.svg) +![file-monitor-build-and-push-ghcr](https://github.com/cisagov/Malcolm/workflows/file-monitor-build-and-push-ghcr/badge.svg) +![file-upload-build-and-push-ghcr](https://github.com/cisagov/Malcolm/workflows/file-upload-build-and-push-ghcr/badge.svg) +![filebeat-build-and-push-ghcr](https://github.com/cisagov/Malcolm/workflows/filebeat-build-and-push-ghcr/badge.svg) +![freq-build-and-push-ghcr](https://github.com/cisagov/Malcolm/workflows/freq-build-and-push-ghcr/badge.svg) +![htadmin-build-and-push-ghcr](https://github.com/cisagov/Malcolm/workflows/htadmin-build-and-push-ghcr/badge.svg) +![logstash-build-and-push-ghcr](https://github.com/cisagov/Malcolm/workflows/logstash-build-and-push-ghcr/badge.svg) +![name-map-ui-build-and-push-ghcr](https://github.com/cisagov/Malcolm/workflows/name-map-ui-build-and-push-ghcr/badge.svg) +![nginx-build-and-push-ghcr](https://github.com/cisagov/Malcolm/workflows/nginx-build-and-push-ghcr/badge.svg) +![opensearch-build-and-push-ghcr](https://github.com/cisagov/Malcolm/workflows/opensearch-build-and-push-ghcr/badge.svg) +![pcap-capture-build-and-push-ghcr](https://github.com/cisagov/Malcolm/workflows/pcap-capture-build-and-push-ghcr/badge.svg) +![pcap-monitor-build-and-push-ghcr](https://github.com/cisagov/Malcolm/workflows/pcap-monitor-build-and-push-ghcr/badge.svg) +![zeek-build-and-push-ghcr](https://github.com/cisagov/Malcolm/workflows/zeek-build-and-push-ghcr/badge.svg) +![malcolm-iso-build-docker-wrap-push-ghcr](https://github.com/cisagov/Malcolm/workflows/malcolm-iso-build-docker-wrap-push-ghcr/badge.svg) +![sensor-iso-build-docker-wrap-push-ghcr](https://github.com/cisagov/Malcolm/workflows/sensor-iso-build-docker-wrap-push-ghcr/badge.svg) + ## Quick start ### Getting Malcolm @@ -143,21 +166,21 @@ You can then observe that the images have been retrieved by running `docker imag ``` $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE -malcolmnetsec/arkime 5.0.3 xxxxxxxxxxxx 2 days ago 811MB -malcolmnetsec/dashboards 5.0.3 xxxxxxxxxxxx 2 days ago 970MB -malcolmnetsec/dashboards-helper 5.0.3 xxxxxxxxxxxx 2 days ago 154MB -malcolmnetsec/filebeat-oss 5.0.3 xxxxxxxxxxxx 2 days ago 621MB -malcolmnetsec/file-monitor 5.0.3 xxxxxxxxxxxx 2 days ago 586MB -malcolmnetsec/file-upload 5.0.3 xxxxxxxxxxxx 2 days ago 259MB -malcolmnetsec/freq 5.0.3 xxxxxxxxxxxx 2 days ago 132MB -malcolmnetsec/htadmin 5.0.3 xxxxxxxxxxxx 2 days ago 242MB -malcolmnetsec/logstash-oss 5.0.3 xxxxxxxxxxxx 2 days ago 1.27GB -malcolmnetsec/name-map-ui 5.0.3 xxxxxxxxxxxx 2 days ago 142MB -malcolmnetsec/nginx-proxy 5.0.3 xxxxxxxxxxxx 2 days ago 117MB -malcolmnetsec/opensearch 5.0.3 xxxxxxxxxxxx 2 days ago 1.18GB -malcolmnetsec/pcap-capture 5.0.3 xxxxxxxxxxxx 2 days ago 122MB -malcolmnetsec/pcap-monitor 5.0.3 xxxxxxxxxxxx 2 days ago 214MB -malcolmnetsec/zeek 5.0.3 xxxxxxxxxxxx 2 days ago 938MB +malcolmnetsec/arkime 5.0.4 xxxxxxxxxxxx 2 days ago 811MB +malcolmnetsec/dashboards 5.0.4 xxxxxxxxxxxx 2 days ago 970MB +malcolmnetsec/dashboards-helper 5.0.4 xxxxxxxxxxxx 2 days ago 154MB +malcolmnetsec/filebeat-oss 5.0.4 xxxxxxxxxxxx 2 days ago 621MB +malcolmnetsec/file-monitor 5.0.4 xxxxxxxxxxxx 2 days ago 586MB +malcolmnetsec/file-upload 5.0.4 xxxxxxxxxxxx 2 days ago 259MB +malcolmnetsec/freq 5.0.4 xxxxxxxxxxxx 2 days ago 132MB +malcolmnetsec/htadmin 5.0.4 xxxxxxxxxxxx 2 days ago 242MB +malcolmnetsec/logstash-oss 5.0.4 xxxxxxxxxxxx 2 days ago 1.27GB +malcolmnetsec/name-map-ui 5.0.4 xxxxxxxxxxxx 2 days ago 142MB +malcolmnetsec/nginx-proxy 5.0.4 xxxxxxxxxxxx 2 days ago 117MB +malcolmnetsec/opensearch 5.0.4 xxxxxxxxxxxx 2 days ago 1.18GB +malcolmnetsec/pcap-capture 5.0.4 xxxxxxxxxxxx 2 days ago 122MB +malcolmnetsec/pcap-monitor 5.0.4 xxxxxxxxxxxx 2 days ago 214MB +malcolmnetsec/zeek 5.0.4 xxxxxxxxxxxx 2 days ago 938MB ``` #### Import from pre-packaged tarballs @@ -1499,7 +1522,7 @@ Building the ISO may take 30 minutes or more depending on your system. As the bu ``` … -Finished, created "/malcolm-build/malcolm-iso/malcolm-5.0.3.iso" +Finished, created "/malcolm-build/malcolm-iso/malcolm-5.0.4.iso" … ``` @@ -1885,21 +1908,21 @@ Pulling zeek ... done user@host:~/Malcolm$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE -malcolmnetsec/arkime 5.0.3 xxxxxxxxxxxx 2 days ago 811MB -malcolmnetsec/dashboards 5.0.3 xxxxxxxxxxxx 2 days ago 970MB -malcolmnetsec/dashboards-helper 5.0.3 xxxxxxxxxxxx 2 days ago 154MB -malcolmnetsec/filebeat-oss 5.0.3 xxxxxxxxxxxx 2 days ago 621MB -malcolmnetsec/file-monitor 5.0.3 xxxxxxxxxxxx 2 days ago 586MB -malcolmnetsec/file-upload 5.0.3 xxxxxxxxxxxx 2 days ago 259MB -malcolmnetsec/freq 5.0.3 xxxxxxxxxxxx 2 days ago 132MB -malcolmnetsec/htadmin 5.0.3 xxxxxxxxxxxx 2 days ago 242MB -malcolmnetsec/logstash-oss 5.0.3 xxxxxxxxxxxx 2 days ago 1.27GB -malcolmnetsec/name-map-ui 5.0.3 xxxxxxxxxxxx 2 days ago 142MB -malcolmnetsec/nginx-proxy 5.0.3 xxxxxxxxxxxx 2 days ago 117MB -malcolmnetsec/opensearch 5.0.3 xxxxxxxxxxxx 2 days ago 1.18GB -malcolmnetsec/pcap-capture 5.0.3 xxxxxxxxxxxx 2 days ago 122MB -malcolmnetsec/pcap-monitor 5.0.3 xxxxxxxxxxxx 2 days ago 214MB -malcolmnetsec/zeek 5.0.3 xxxxxxxxxxxx 2 days ago 938MB +malcolmnetsec/arkime 5.0.4 xxxxxxxxxxxx 2 days ago 811MB +malcolmnetsec/dashboards 5.0.4 xxxxxxxxxxxx 2 days ago 970MB +malcolmnetsec/dashboards-helper 5.0.4 xxxxxxxxxxxx 2 days ago 154MB +malcolmnetsec/filebeat-oss 5.0.4 xxxxxxxxxxxx 2 days ago 621MB +malcolmnetsec/file-monitor 5.0.4 xxxxxxxxxxxx 2 days ago 586MB +malcolmnetsec/file-upload 5.0.4 xxxxxxxxxxxx 2 days ago 259MB +malcolmnetsec/freq 5.0.4 xxxxxxxxxxxx 2 days ago 132MB +malcolmnetsec/htadmin 5.0.4 xxxxxxxxxxxx 2 days ago 242MB +malcolmnetsec/logstash-oss 5.0.4 xxxxxxxxxxxx 2 days ago 1.27GB +malcolmnetsec/name-map-ui 5.0.4 xxxxxxxxxxxx 2 days ago 142MB +malcolmnetsec/nginx-proxy 5.0.4 xxxxxxxxxxxx 2 days ago 117MB +malcolmnetsec/opensearch 5.0.4 xxxxxxxxxxxx 2 days ago 1.18GB +malcolmnetsec/pcap-capture 5.0.4 xxxxxxxxxxxx 2 days ago 122MB +malcolmnetsec/pcap-monitor 5.0.4 xxxxxxxxxxxx 2 days ago 214MB +malcolmnetsec/zeek 5.0.4 xxxxxxxxxxxx 2 days ago 938MB ``` Finally, we can start Malcolm. When Malcolm starts it will stream informational and debug messages to the console. If you wish, you can safely close the console or use `Ctrl+C` to stop these messages; Malcolm will continue running in the background. diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml index 4b17732d7..d189095f0 100644 --- a/docker-compose-standalone.yml +++ b/docker-compose-standalone.yml @@ -127,7 +127,7 @@ x-pcap-capture-variables: &pcap-capture-variables services: opensearch: - image: malcolmnetsec/opensearch:5.0.3 + image: malcolmnetsec/opensearch:5.0.4 restart: "no" stdin_open: false tty: true @@ -164,7 +164,7 @@ services: retries: 3 start_period: 180s dashboards-helper: - image: malcolmnetsec/dashboards-helper:5.0.3 + image: malcolmnetsec/dashboards-helper:5.0.4 restart: "no" stdin_open: false tty: true @@ -192,7 +192,7 @@ services: retries: 3 start_period: 30s dashboards: - image: malcolmnetsec/dashboards:5.0.3 + image: malcolmnetsec/dashboards:5.0.4 restart: "no" stdin_open: false tty: true @@ -213,7 +213,7 @@ services: retries: 3 start_period: 210s logstash: - image: malcolmnetsec/logstash-oss:5.0.3 + image: malcolmnetsec/logstash-oss:5.0.4 restart: "no" stdin_open: false tty: true @@ -248,7 +248,7 @@ services: retries: 3 start_period: 600s filebeat: - image: malcolmnetsec/filebeat-oss:5.0.3 + image: malcolmnetsec/filebeat-oss:5.0.4 restart: "no" stdin_open: false tty: true @@ -285,7 +285,7 @@ services: retries: 3 start_period: 60s arkime: - image: malcolmnetsec/arkime:5.0.3 + image: malcolmnetsec/arkime:5.0.4 restart: "no" stdin_open: false tty: true @@ -323,7 +323,7 @@ services: retries: 3 start_period: 210s zeek: - image: malcolmnetsec/zeek:5.0.3 + image: malcolmnetsec/zeek:5.0.4 restart: "no" stdin_open: false tty: true @@ -349,7 +349,7 @@ services: retries: 3 start_period: 60s file-monitor: - image: malcolmnetsec/file-monitor:5.0.3 + image: malcolmnetsec/file-monitor:5.0.4 restart: "no" stdin_open: false tty: true @@ -372,7 +372,7 @@ services: retries: 3 start_period: 60s pcap-capture: - image: malcolmnetsec/pcap-capture:5.0.3 + image: malcolmnetsec/pcap-capture:5.0.4 restart: "no" stdin_open: false tty: true @@ -392,7 +392,7 @@ services: volumes: - ./pcap/upload:/pcap pcap-monitor: - image: malcolmnetsec/pcap-monitor:5.0.3 + image: malcolmnetsec/pcap-monitor:5.0.4 restart: "no" stdin_open: false tty: true @@ -415,7 +415,7 @@ services: retries: 3 start_period: 90s upload: - image: malcolmnetsec/file-upload:5.0.3 + image: malcolmnetsec/file-upload:5.0.4 restart: "no" stdin_open: false tty: true @@ -441,7 +441,7 @@ services: retries: 3 start_period: 60s htadmin: - image: malcolmnetsec/htadmin:5.0.3 + image: malcolmnetsec/htadmin:5.0.4 restart: "no" stdin_open: false tty: true @@ -463,7 +463,7 @@ services: retries: 3 start_period: 60s freq: - image: malcolmnetsec/freq:5.0.3 + image: malcolmnetsec/freq:5.0.4 restart: "no" stdin_open: false tty: true @@ -481,7 +481,7 @@ services: retries: 3 start_period: 60s name-map-ui: - image: malcolmnetsec/name-map-ui:5.0.3 + image: malcolmnetsec/name-map-ui:5.0.4 restart: "no" stdin_open: false tty: true @@ -502,7 +502,7 @@ services: retries: 3 start_period: 60s nginx-proxy: - image: malcolmnetsec/nginx-proxy:5.0.3 + image: malcolmnetsec/nginx-proxy:5.0.4 restart: "no" stdin_open: false tty: true diff --git a/docker-compose.yml b/docker-compose.yml index bfa106533..737bd6306 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -130,7 +130,7 @@ services: build: context: . dockerfile: Dockerfiles/opensearch.Dockerfile - image: malcolmnetsec/opensearch:5.0.3 + image: malcolmnetsec/opensearch:5.0.4 restart: "no" stdin_open: false tty: true @@ -170,7 +170,7 @@ services: build: context: . dockerfile: Dockerfiles/dashboards-helper.Dockerfile - image: malcolmnetsec/dashboards-helper:5.0.3 + image: malcolmnetsec/dashboards-helper:5.0.4 restart: "no" stdin_open: false tty: true @@ -201,7 +201,7 @@ services: build: context: . dockerfile: Dockerfiles/dashboards.Dockerfile - image: malcolmnetsec/dashboards:5.0.3 + image: malcolmnetsec/dashboards:5.0.4 restart: "no" stdin_open: false tty: true @@ -225,7 +225,7 @@ services: build: context: . dockerfile: Dockerfiles/logstash.Dockerfile - image: malcolmnetsec/logstash-oss:5.0.3 + image: malcolmnetsec/logstash-oss:5.0.4 restart: "no" stdin_open: false tty: true @@ -265,7 +265,7 @@ services: build: context: . dockerfile: Dockerfiles/filebeat.Dockerfile - image: malcolmnetsec/filebeat-oss:5.0.3 + image: malcolmnetsec/filebeat-oss:5.0.4 restart: "no" stdin_open: false tty: true @@ -306,7 +306,7 @@ services: build: context: . dockerfile: Dockerfiles/arkime.Dockerfile - image: malcolmnetsec/arkime:5.0.3 + image: malcolmnetsec/arkime:5.0.4 restart: "no" stdin_open: false tty: true @@ -350,7 +350,7 @@ services: build: context: . dockerfile: Dockerfiles/zeek.Dockerfile - image: malcolmnetsec/zeek:5.0.3 + image: malcolmnetsec/zeek:5.0.4 restart: "no" stdin_open: false tty: true @@ -380,7 +380,7 @@ services: build: context: . dockerfile: Dockerfiles/file-monitor.Dockerfile - image: malcolmnetsec/file-monitor:5.0.3 + image: malcolmnetsec/file-monitor:5.0.4 restart: "no" stdin_open: false tty: true @@ -406,7 +406,7 @@ services: build: context: . dockerfile: Dockerfiles/pcap-capture.Dockerfile - image: malcolmnetsec/pcap-capture:5.0.3 + image: malcolmnetsec/pcap-capture:5.0.4 restart: "no" stdin_open: false tty: true @@ -429,7 +429,7 @@ services: build: context: . dockerfile: Dockerfiles/pcap-monitor.Dockerfile - image: malcolmnetsec/pcap-monitor:5.0.3 + image: malcolmnetsec/pcap-monitor:5.0.4 restart: "no" stdin_open: false tty: true @@ -455,7 +455,7 @@ services: build: context: . dockerfile: Dockerfiles/file-upload.Dockerfile - image: malcolmnetsec/file-upload:5.0.3 + image: malcolmnetsec/file-upload:5.0.4 restart: "no" stdin_open: false tty: true @@ -481,7 +481,7 @@ services: retries: 3 start_period: 60s htadmin: - image: malcolmnetsec/htadmin:5.0.3 + image: malcolmnetsec/htadmin:5.0.4 build: context: . dockerfile: Dockerfiles/htadmin.Dockerfile @@ -506,7 +506,7 @@ services: retries: 3 start_period: 60s freq: - image: malcolmnetsec/freq:5.0.3 + image: malcolmnetsec/freq:5.0.4 build: context: . dockerfile: Dockerfiles/freq.Dockerfile @@ -527,7 +527,7 @@ services: retries: 3 start_period: 60s name-map-ui: - image: malcolmnetsec/name-map-ui:5.0.3 + image: malcolmnetsec/name-map-ui:5.0.4 build: context: . dockerfile: Dockerfiles/name-map-ui.Dockerfile @@ -554,7 +554,7 @@ services: build: context: . dockerfile: Dockerfiles/nginx.Dockerfile - image: malcolmnetsec/nginx-proxy:5.0.3 + image: malcolmnetsec/nginx-proxy:5.0.4 restart: "no" stdin_open: false tty: true diff --git a/sensor-iso/README.md b/sensor-iso/README.md index b3b9e41d1..f0574ed68 100644 --- a/sensor-iso/README.md +++ b/sensor-iso/README.md @@ -10,6 +10,8 @@ Hedgehog Linux is a Debian-based operating system built to * detect file transfers in network traffic and extract and scan those files for threats * generate and forward Zeek logs, Arkime sessions and other information to [Malcolm](https://github.com/cisagov/Malcolm) +![sensor-iso-build-docker-wrap-push-ghcr](https://github.com/cisagov/Malcolm/workflows/sensor-iso-build-docker-wrap-push-ghcr/badge.svg) + ### Table of Contents * [Sensor installation](#Installation) @@ -416,7 +418,7 @@ Building the ISO may take 90 minutes or more depending on your system. As the bu ``` … -Finished, created "/sensor-build/hedgehog-5.0.3.iso" +Finished, created "/sensor-build/hedgehog-5.0.4.iso" … ```