Search
698 results for “alpinelinux”
-
Adélie Linux.
In ALPHA, already intriguing.
Based on "GNUless" Alpine Linux, but aiming for common desktop use.
Userland instead of GNU Core: BusyBox.
For C standard library, it uses musl, instead of GNU glibc.
Devs state: "We do believe that Linux should be usable by anyone, regardless of income level or past computer experience. We don't believe that Linux has to be hard to use."
Urged to keep an eye on this one!
-
#LinuxPhone e Android #DeGooglizzato:
➡️ @e_mydata - android degooglizzato
➡️ @PINE64 - smartphone basato su Linux
➡️ @volla - Ubuntu Touch, Android de-Googled
➡️ @tuxdevices - news su #Linux phone
➡️ @ubports - #UbuntuTouch
➡️ @plasmamobile - KDE on #smartphone
➡️ @mobian - Debian x telefoni
➡️ @postmarketOS - derivata Alpine Linux
➡️ @calyxos Android improntato alla sicurezza
➡️ @GrapheneOS - OS con app android
➡️ @sailfishosnews - supporta app android
➡️ @droidian - Basata su debian
-
#LinuxPhone e Android #DeGooglizzato:
➡️ @e_mydata - android degooglizzato
➡️ @PINE64 - smartphone basato su Linux
➡️ @volla - Ubuntu Touch, Android de-Googled
➡️ @tuxdevices - news su #Linux phone
➡️ @ubports - #UbuntuTouch
➡️ @plasmamobile - KDE on #smartphone
➡️ @mobian - Debian x telefoni
➡️ @postmarketOS - derivata Alpine Linux
➡️ @calyxos Android improntato alla sicurezza
➡️ @GrapheneOS - OS con app android
➡️ @sailfishosnews - supporta app android
➡️ @droidian - Basata su debian
-
#LinuxPhone e Android #DeGooglizzato:
➡️ @e_mydata - android degooglizzato
➡️ @PINE64 - smartphone basato su Linux
➡️ @volla - Ubuntu Touch, Android de-Googled
➡️ @tuxdevices - news su #Linux phone
➡️ @ubports - #UbuntuTouch
➡️ @plasmamobile - KDE on #smartphone
➡️ @mobian - Debian x telefoni
➡️ @postmarketOS - derivata Alpine Linux
➡️ @calyxos Android improntato alla sicurezza
➡️ @GrapheneOS - OS con app android
➡️ @sailfishosnews - supporta app android
➡️ @droidian - Basata su debian
-
#LinuxPhone e Android #DeGooglizzato:
➡️ @e_mydata - android degooglizzato
➡️ @PINE64 - smartphone basato su Linux
➡️ @volla - Ubuntu Touch, Android de-Googled
➡️ @tuxdevices - news su #Linux phone
➡️ @ubports - #UbuntuTouch
➡️ @plasmamobile - KDE on #smartphone
➡️ @mobian - Debian x telefoni
➡️ @postmarketOS - derivata Alpine Linux
➡️ @calyxos Android improntato alla sicurezza
➡️ @GrapheneOS - OS con app android
➡️ @sailfishosnews - supporta app android
➡️ @droidian - Basata su debian
-
CW: Release notes for v25.04.1 of Malcolm, a powerful, easily deployable network traffic analysis tool suite for network security monitoring
Malcolm v25.04.1 contains new features and improvements, component version updates, bug fixes, and other great stuff.
For these notes, I'm lumping v25.04.0 and v25.04.1 together, as v25.04.1 was released only two days after v25.04.0 in order to update Arkime to v5.6.4 which mitigates newly-discovered remote code execution (RCE) vulnerabilities.
https://github.com/idaholab/Malcolm/compare/v25.03.1...v25.04.1
✨ Features and enhancements
- add option to use external NetBox instance (cisagov/Malcolm#597)
- add
-q/--quietoption forstart/restart(cisagov/Malcolm#656) - handle non-HTTPS arkime case (cisagov/Malcolm#629)
lots of improvements to
control.pyandinstall.pyfor Kubernetes deployment- improved
start/stop/wipecontrol script behavior - allow providing resource requests in manifests via YML file and command-line argument
...
Kubernetes:
-n, --namespace <string>
Kubernetes namespace
--skip-persistent-volume-checks [SKIPPERVOLCHECKS]
Skip checks for PersistentVolumes/PersistentVolumeClaims in manifests (only for "start" operation with Kubernetes)
--no-capture-pods [NOCAPTUREPODSSTART]
Do not deploy pods for traffic live capture/analysis (only for "start" operation with Kubernetes)
--no-capabilities [NOCAPABILITIES]
Do not specify modifications to container capabilities (only for "start" operation with Kubernetes)
--inject-resources [INJECTRESOURCES]
Inject container resources from kubernetes-container-resources.yml (only for "start" operation with Kubernetes)
--image-source <string>
Source for container images (e.g., "ghcr.io/idaholab/malcolm"; only for "start" operation with Kubernetes)
--image-tag <string> Tag for container images (e.g., "25.04.0"; only for "start" operation with Kubernetes)
--delete-namespace [DELETENAMESPACE]
Delete Kubernetes namespace (only for "wipe" operation with Kubernetes)
...- improved
improvements to Malcolm's vanilla Kubernetes manifests
- lowered the amount of storage for the persistent volumes in the AWS EFS example
- replaced
namelabel withapplabel for deployments in accordance with best practices
improve links on landing page for NetBox and auth to accurately reflect what Malcolm is using
added more smarts to the NGINX startup script to dynamically set up upstreams that may or may not exist based on enabled or disabled Malcolm features
fixed a minor issue in the script setting up Zeek intelligence updates where it would remove its own lockfile
✅ Component version updates
- Alpine Linux v3.21
- Arkime v5.6.4 to resolve RCE vulnerabilities, as described below in the #announcements channel on the Arkime slack: * possible to bypass forced expressions for some API calls * direct access to OpenSearch/Elasticsearch could be used to create session documents that hang viewer or have viewer execute code * since Arkime 5.1.0 any arkimeUser user could create OpenSearch/Elasticsearch documents in any index that viewer had access to
- Keycloak v26.2
- NetBox v4.2.8
- netbox-initializers v4.2.0
- netbox-topology v4.2.1
- Fluent Bit to v4.0.1
🐛 Bug fixes
- API tokens created in NetBox still require authentication through NGINX reverse proxy (cisagov/Malcolm#383)
- adjust Logstash health check so K8s liveness probe doesn't kill it (cisagov/Malcolm#630)
- be more resilient in
zeekctlstatus checks inzeekdeploy.sh(cisagov/Malcolm#652) - in deployments with multiple zeek-live containers, each container's restarting causes the others to restart zeek (cisagov/Malcolm#651)
🧹 Code and project maintenance
- document customizing Malcolm with an additional output pipeline (cisagov/Malcolm#643)
- overhaul "deploying Malcolm on AWS" documentation (cisagov/Malcolm#655)
Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻♀️.
Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.
Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (
release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.
#Malcolm #HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov
-
Entdecke Linux-Distributionen ohne Installation! 💻 DistroSea ermöglicht es, verschiedene Systeme wie Ubuntu, Fedora & Co. direkt im Browser zu testen. Perfekt für alle, die ein neues OS suchen! Von A bis Alpine Linux bis Z wie ZorinOS ist alles dabei! ✨ #Linux #DistroSea #OpenSource #TestDrive
-
hey so. looking for a job (NZ or fully remote willing to hire a kiwi) in SRE, security, or linux/Unix system administration. 15 years experience administering Linux and Unix boxes, intermediate level of experience working with docker compose and containerisation and container security. No prior job experience unfortunately, all those 15 years were mostly personal projects and small-scale stuff for friends. I'm also 26, so I started when I was 11, explaining the no jobs so far. Currently running an entire multi-machine personal cloud infrastructure with a demonstration of all the services I have running at https://status.highenergymagic.net. Three machines, 72 docker containers. One running most of them, one running Mastodon+glitchsocial, one running the uptime monitor. encrypted root on ZFS, alpine linux, gVisor on supported containers, plan to move to Kata. Entirely willing to accept entry-level job placements, no expectation of being paid a lot or anything, just want to be doing something and move the needle a little on my current "being broke" status. Currently using gVisor, docker compose, and kata containers in production, experience with Linux, docker, Net/Open/FreeBSD, Cisco IOS, Juniper Junos, Mikrotik and UniFi, configuring and administering Asterisk, plus extensive experience with IBM AIX and Sun Solaris. #fedihired #infosec #cybersecurity #linux #unix #docker #sre #DevOps #GetFediHired
Please boost for reach, any job offers please DM me.
-
hey so. looking for a job (NZ or fully remote willing to hire a kiwi) in SRE, security, or linux/Unix system administration. 15 years experience administering Linux and Unix boxes, intermediate level of experience working with docker compose and containerisation and container security. No prior job experience unfortunately, all those 15 years were mostly personal projects and small-scale stuff for friends. I'm also 26, so I started when I was 11, explaining the no jobs so far. Currently running an entire multi-machine personal cloud infrastructure with a demonstration of all the services I have running at https://status.highenergymagic.net. Three machines, 72 docker containers. One running most of them, one running Mastodon+glitchsocial, one running the uptime monitor. encrypted root on ZFS, alpine linux, gVisor on supported containers, plan to move to Kata. Entirely willing to accept entry-level job placements, no expectation of being paid a lot or anything, just want to be doing something and move the needle a little on my current "being broke" status. Currently using gVisor, docker compose, and kata containers in production, experience with Linux, docker, Net/Open/FreeBSD, Cisco IOS, Juniper Junos, Mikrotik and UniFi, configuring and administering Asterisk, plus extensive experience with IBM AIX and Sun Solaris. #fedihired #infosec #cybersecurity #linux #unix #docker #sre #DevOps #GetFediHired
Please boost for reach, any job offers please DM me.
-
#ZorinOS #Linux with #Gnome has been tested on https://everybytecounts.org. It appears that #GDM the #DisplayManager, which is always running, is more than 2 years old. The memory, disk, and load are running high. So if you want to run Gnome, running it on Alpine Linux is a better performer.
-
Freebsd virtualization is easy with the correct tools
Of course one can use the basic jail command but to make life easier: I prefer a tool around it.I use now BastilleBSD to create Freebsd jails, Bhyve for VMs.
I was looking for a combination tool with more options for export / clone easy backup and linux virtual machines/instances--> I tried CBSD: good command set, relatively easy to use, no good documentation. The Freebsd system install was a bit more invasive then I wanted. Too bad, a nice tool.
--> Then the (I hope) final solution which is a perfect match: appjail
1: The comparison table: https://appjail.readthedocs.io/en/latest/compare/
2: The documentation is sold, supported by a good repository of samples and jail templates
3: Easy to create a "native" freebsd jail, and linux in various flavours.
4: Vnets are auto created and maintained during start and stopExample for Freebsd:
appjail quick hello \
virtualnet=":ajnet" \
overwrite
done ;)Example for Alpine:
appjail makejail \
-j alpine \
-f gh+AppJail-makejails/alpine-linux \
-o template=/usr/local/share/examples/appjail/templates/linux.conf \
-o alias \
-o virtualnet=":ajnet address:192.168.X.XXX default" \
-o natappjail login alpine
Welcome to Alpine!
alpine:~#And for Debian Bookworm,:
appjail makejail \
-j debian \
-f gh+AppJail-makejails/debian \
-o template=/usr/local/share/examples/appjail/templates/linux.conf \
-o alias -o linuxfs -o osversion=bookworm -o type=linux+debootstrap \
-o virtualnet=":ajnet address:192.168.X.XXX default" \
-o nat -o devfs_ruleset=11appjail login debian
Linux debian.appjail 5.15.0 FreeBSD 14.1-RELEASE-p3 GENERIC x86_64
root@debian:~# -
A video on #AlmaLinux 9.4 with #Gnome 40.10 #performance has been #benchmarked and #ranked in the #tierlist #comparison https://youtu.be/pQKnuexImmw. Unfortunately the AlmaLinux #Linux distrubtion appears to be using very old #software versions of Gnome that are more than 2 years old. The performance also seems to be pretty horrible using twice the memory and disk usage than Alpine Linux with Gnome 46. There was more invested in this video than usual. So curious if anyone might notice the difference.
-
Recent privilege escalation vulnerabilities in GNU C Library #glibc widely used in many #Linux distributions such as #Debian, #Ubuntu, #Fedora and others.
CVE-2023-6246 #privesc #vuln can be triggered via #syslog by using long program name or ident parameter in openlog().
Another vulnerability is in #qsort function. While real-world affected programs are currently not known, this vulnerability is pretty old - since 1992 until now.
This is just another reason to consider using Linux distribution without glibc, for example #Alpine Linux with #musl
-
6) Interfaces are now identified by a dedicated `identify` setting. While it was already possible to identify interfaces unambiguously by their permanent MAC or bus address, it is now also possible to use their distributed switch architecture (DSA) attributes or path in the firmware devicetree! https://ifstate.net/2.0/examples/dsa/
IfState 2.x is expected to be shipped with Alpine Linux 3.23 and NixOS 25.11. 💪
4/4
-
#Linux Weekly Roundup for July 6th, 2025: #Thunderbird 140, #KDE Plasma 6.4.2, KDE Gear 25.04.3, #DXVK 2.7, new #Steam Client update, #Libreboot 25.06, #Geany 2.1, #digiKam 8.7, second #Debian 13 installer Release Candidate, new #ArchLinux ISO snapshot, Alpine Linux working on Wayback, and more https://9to5linux.com/9to5linux-weekly-roundup-july-6th-2025
-
Recent privilege escalation vulnerabilities in GNU C Library #glibc widely used in many #Linux distributions such as #Debian, #Ubuntu, #Fedora and others.
CVE-2023-6246 #privesc #vuln can be triggered via #syslog by using long program name or ident parameter in openlog().
Another vulnerability is in #qsort function. While real-world affected programs are currently not known, this vulnerability is pretty old - since 1992 until now.
This is just another reason to consider using Linux distribution without glibc, for example #Alpine Linux with #musl
-
Recent privilege escalation vulnerabilities in GNU C Library #glibc widely used in many #Linux distributions such as #Debian, #Ubuntu, #Fedora and others.
CVE-2023-6246 #privesc #vuln can be triggered via #syslog by using long program name or ident parameter in openlog().
Another vulnerability is in #qsort function. While real-world affected programs are currently not known, this vulnerability is pretty old - since 1992 until now.
This is just another reason to consider using Linux distribution without glibc, for example #Alpine Linux with #musl
-
Recent privilege escalation vulnerabilities in GNU C Library #glibc widely used in many #Linux distributions such as #Debian, #Ubuntu, #Fedora and others.
CVE-2023-6246 #privesc #vuln can be triggered via #syslog by using long program name or ident parameter in openlog().
Another vulnerability is in #qsort function. While real-world affected programs are currently not known, this vulnerability is pretty old - since 1992 until now.
This is just another reason to consider using Linux distribution without glibc, for example #Alpine Linux with #musl
-
CW: Release notes for Malcolm v6.4.3 (network traffic analysis tool suite)
#Malcolm v6.4.3 is a minor #release containing enhancements, component version updates and bug fixes.
Enhancements
- Import the NetBox Device Type Library on NetBox first run to populate manufacturers, device types, models and modules
- idaholab/Malcolm#127 have
install.py --configureask about other storage locations for PCAP, Zeek logs and OpenSearch indices - idaholab/Malcolm#128 have
install.py --configureprompt for Arkime to manage uploaded PCAP files or not
Component version updates
Fixes
- Fix some bad links in the documentation and other minor documentation improvements
- Fix idaholab/Malcolm#126, suricata logs show up in Arkime as "notip" for the protocol
- Fix idaholab/Malcolm#129, filtering by rootId in Arkime returns no results
- Fix Docker health checks for NetBox and supporting containers
- Fix "read-only" version of nginx.conf
- Tweaks to
install.pymemory recommendations
#Malcolm and #HedgehogLinux may be obtained by pulling or building the #Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on #GitHub, but may be downloaded from https://malcolm.fyi/.
#cybersecurity #pcap #networktrafficanalysis #zeek #arkime #ICS #INL #CISAgov
-
A video on #AlmaLinux 9.4 with #Gnome 40.10 #performance has been #benchmarked and #ranked in the #tierlist #comparison https://youtu.be/pQKnuexImmw. Unfortunately the AlmaLinux #Linux distrubtion appears to be using very old #software versions of Gnome that are more than 2 years old. The performance also seems to be pretty horrible using twice the memory and disk usage than Alpine Linux with Gnome 46. There was more invested in this video than usual. So curious if anyone might notice the difference.
-
A video on #AlmaLinux 9.4 with #Gnome 40.10 #performance has been #benchmarked and #ranked in the #tierlist #comparison https://youtu.be/pQKnuexImmw. Unfortunately the AlmaLinux #Linux distrubtion appears to be using very old #software versions of Gnome that are more than 2 years old. The performance also seems to be pretty horrible using twice the memory and disk usage than Alpine Linux with Gnome 46. There was more invested in this video than usual. So curious if anyone might notice the difference.
-
A video on #AlmaLinux 9.4 with #Gnome 40.10 #performance has been #benchmarked and #ranked in the #tierlist #comparison https://youtu.be/pQKnuexImmw. Unfortunately the AlmaLinux #Linux distrubtion appears to be using very old #software versions of Gnome that are more than 2 years old. The performance also seems to be pretty horrible using twice the memory and disk usage than Alpine Linux with Gnome 46. There was more invested in this video than usual. So curious if anyone might notice the difference.
-
A video on #AlmaLinux 9.4 with #Gnome 40.10 #performance has been #benchmarked and #ranked in the #tierlist #comparison https://youtu.be/pQKnuexImmw. Unfortunately the AlmaLinux #Linux distrubtion appears to be using very old #software versions of Gnome that are more than 2 years old. The performance also seems to be pretty horrible using twice the memory and disk usage than Alpine Linux with Gnome 46. There was more invested in this video than usual. So curious if anyone might notice the difference.
-
CW: Release notes for v25.04.1 of Malcolm, a powerful, easily deployable network traffic analysis tool suite for network security monitoring
Malcolm v25.04.1 contains new features and improvements, component version updates, bug fixes, and other great stuff.
For these notes, I'm lumping v25.04.0 and v25.04.1 together, as v25.04.1 was released only two days after v25.04.0 in order to update Arkime to v5.6.4 which mitigates newly-discovered remote code execution (RCE) vulnerabilities.
https://github.com/idaholab/Malcolm/compare/v25.03.1...v25.04.1
✨ Features and enhancements
- add option to use external NetBox instance (cisagov/Malcolm#597)
- add
-q/--quietoption forstart/restart(cisagov/Malcolm#656) - handle non-HTTPS arkime case (cisagov/Malcolm#629)
lots of improvements to
control.pyandinstall.pyfor Kubernetes deployment- improved
start/stop/wipecontrol script behavior - allow providing resource requests in manifests via YML file and command-line argument
...
Kubernetes:
-n, --namespace <string>
Kubernetes namespace
--skip-persistent-volume-checks [SKIPPERVOLCHECKS]
Skip checks for PersistentVolumes/PersistentVolumeClaims in manifests (only for "start" operation with Kubernetes)
--no-capture-pods [NOCAPTUREPODSSTART]
Do not deploy pods for traffic live capture/analysis (only for "start" operation with Kubernetes)
--no-capabilities [NOCAPABILITIES]
Do not specify modifications to container capabilities (only for "start" operation with Kubernetes)
--inject-resources [INJECTRESOURCES]
Inject container resources from kubernetes-container-resources.yml (only for "start" operation with Kubernetes)
--image-source <string>
Source for container images (e.g., "ghcr.io/idaholab/malcolm"; only for "start" operation with Kubernetes)
--image-tag <string> Tag for container images (e.g., "25.04.0"; only for "start" operation with Kubernetes)
--delete-namespace [DELETENAMESPACE]
Delete Kubernetes namespace (only for "wipe" operation with Kubernetes)
...- improved
improvements to Malcolm's vanilla Kubernetes manifests
- lowered the amount of storage for the persistent volumes in the AWS EFS example
- replaced
namelabel withapplabel for deployments in accordance with best practices
improve links on landing page for NetBox and auth to accurately reflect what Malcolm is using
added more smarts to the NGINX startup script to dynamically set up upstreams that may or may not exist based on enabled or disabled Malcolm features
fixed a minor issue in the script setting up Zeek intelligence updates where it would remove its own lockfile
✅ Component version updates
- Alpine Linux v3.21
- Arkime v5.6.4 to resolve RCE vulnerabilities, as described below in the #announcements channel on the Arkime slack: * possible to bypass forced expressions for some API calls * direct access to OpenSearch/Elasticsearch could be used to create session documents that hang viewer or have viewer execute code * since Arkime 5.1.0 any arkimeUser user could create OpenSearch/Elasticsearch documents in any index that viewer had access to
- Keycloak v26.2
- NetBox v4.2.8
- netbox-initializers v4.2.0
- netbox-topology v4.2.1
- Fluent Bit to v4.0.1
🐛 Bug fixes
- API tokens created in NetBox still require authentication through NGINX reverse proxy (cisagov/Malcolm#383)
- adjust Logstash health check so K8s liveness probe doesn't kill it (cisagov/Malcolm#630)
- be more resilient in
zeekctlstatus checks inzeekdeploy.sh(cisagov/Malcolm#652) - in deployments with multiple zeek-live containers, each container's restarting causes the others to restart zeek (cisagov/Malcolm#651)
🧹 Code and project maintenance
- document customizing Malcolm with an additional output pipeline (cisagov/Malcolm#643)
- overhaul "deploying Malcolm on AWS" documentation (cisagov/Malcolm#655)
Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻♀️.
Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.
Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (
release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.
#Malcolm #HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov
-
CW: Release notes for v25.04.1 of Malcolm, a powerful, easily deployable network traffic analysis tool suite for network security monitoring
Malcolm v25.04.1 contains new features and improvements, component version updates, bug fixes, and other great stuff.
For these notes, I'm lumping v25.04.0 and v25.04.1 together, as v25.04.1 was released only two days after v25.04.0 in order to update Arkime to v5.6.4 which mitigates newly-discovered remote code execution (RCE) vulnerabilities.
https://github.com/idaholab/Malcolm/compare/v25.03.1...v25.04.1
✨ Features and enhancements
- add option to use external NetBox instance (cisagov/Malcolm#597)
- add
-q/--quietoption forstart/restart(cisagov/Malcolm#656) - handle non-HTTPS arkime case (cisagov/Malcolm#629)
lots of improvements to
control.pyandinstall.pyfor Kubernetes deployment- improved
start/stop/wipecontrol script behavior - allow providing resource requests in manifests via YML file and command-line argument
...
Kubernetes:
-n, --namespace <string>
Kubernetes namespace
--skip-persistent-volume-checks [SKIPPERVOLCHECKS]
Skip checks for PersistentVolumes/PersistentVolumeClaims in manifests (only for "start" operation with Kubernetes)
--no-capture-pods [NOCAPTUREPODSSTART]
Do not deploy pods for traffic live capture/analysis (only for "start" operation with Kubernetes)
--no-capabilities [NOCAPABILITIES]
Do not specify modifications to container capabilities (only for "start" operation with Kubernetes)
--inject-resources [INJECTRESOURCES]
Inject container resources from kubernetes-container-resources.yml (only for "start" operation with Kubernetes)
--image-source <string>
Source for container images (e.g., "ghcr.io/idaholab/malcolm"; only for "start" operation with Kubernetes)
--image-tag <string> Tag for container images (e.g., "25.04.0"; only for "start" operation with Kubernetes)
--delete-namespace [DELETENAMESPACE]
Delete Kubernetes namespace (only for "wipe" operation with Kubernetes)
...- improved
improvements to Malcolm's vanilla Kubernetes manifests
- lowered the amount of storage for the persistent volumes in the AWS EFS example
- replaced
namelabel withapplabel for deployments in accordance with best practices
improve links on landing page for NetBox and auth to accurately reflect what Malcolm is using
added more smarts to the NGINX startup script to dynamically set up upstreams that may or may not exist based on enabled or disabled Malcolm features
fixed a minor issue in the script setting up Zeek intelligence updates where it would remove its own lockfile
✅ Component version updates
- Alpine Linux v3.21
- Arkime v5.6.4 to resolve RCE vulnerabilities, as described below in the #announcements channel on the Arkime slack: * possible to bypass forced expressions for some API calls * direct access to OpenSearch/Elasticsearch could be used to create session documents that hang viewer or have viewer execute code * since Arkime 5.1.0 any arkimeUser user could create OpenSearch/Elasticsearch documents in any index that viewer had access to
- Keycloak v26.2
- NetBox v4.2.8
- netbox-initializers v4.2.0
- netbox-topology v4.2.1
- Fluent Bit to v4.0.1
🐛 Bug fixes
- API tokens created in NetBox still require authentication through NGINX reverse proxy (cisagov/Malcolm#383)
- adjust Logstash health check so K8s liveness probe doesn't kill it (cisagov/Malcolm#630)
- be more resilient in
zeekctlstatus checks inzeekdeploy.sh(cisagov/Malcolm#652) - in deployments with multiple zeek-live containers, each container's restarting causes the others to restart zeek (cisagov/Malcolm#651)
🧹 Code and project maintenance
- document customizing Malcolm with an additional output pipeline (cisagov/Malcolm#643)
- overhaul "deploying Malcolm on AWS" documentation (cisagov/Malcolm#655)
Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻♀️.
Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.
Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (
release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.
#Malcolm #HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov
-
CW: Release notes for v25.04.1 of Malcolm, a powerful, easily deployable network traffic analysis tool suite for network security monitoring
Malcolm v25.04.1 contains new features and improvements, component version updates, bug fixes, and other great stuff.
For these notes, I'm lumping v25.04.0 and v25.04.1 together, as v25.04.1 was released only two days after v25.04.0 in order to update Arkime to v5.6.4 which mitigates newly-discovered remote code execution (RCE) vulnerabilities.
https://github.com/idaholab/Malcolm/compare/v25.03.1...v25.04.1
✨ Features and enhancements
- add option to use external NetBox instance (cisagov/Malcolm#597)
- add
-q/--quietoption forstart/restart(cisagov/Malcolm#656) - handle non-HTTPS arkime case (cisagov/Malcolm#629)
lots of improvements to
control.pyandinstall.pyfor Kubernetes deployment- improved
start/stop/wipecontrol script behavior - allow providing resource requests in manifests via YML file and command-line argument
...
Kubernetes:
-n, --namespace <string>
Kubernetes namespace
--skip-persistent-volume-checks [SKIPPERVOLCHECKS]
Skip checks for PersistentVolumes/PersistentVolumeClaims in manifests (only for "start" operation with Kubernetes)
--no-capture-pods [NOCAPTUREPODSSTART]
Do not deploy pods for traffic live capture/analysis (only for "start" operation with Kubernetes)
--no-capabilities [NOCAPABILITIES]
Do not specify modifications to container capabilities (only for "start" operation with Kubernetes)
--inject-resources [INJECTRESOURCES]
Inject container resources from kubernetes-container-resources.yml (only for "start" operation with Kubernetes)
--image-source <string>
Source for container images (e.g., "ghcr.io/idaholab/malcolm"; only for "start" operation with Kubernetes)
--image-tag <string> Tag for container images (e.g., "25.04.0"; only for "start" operation with Kubernetes)
--delete-namespace [DELETENAMESPACE]
Delete Kubernetes namespace (only for "wipe" operation with Kubernetes)
...- improved
improvements to Malcolm's vanilla Kubernetes manifests
- lowered the amount of storage for the persistent volumes in the AWS EFS example
- replaced
namelabel withapplabel for deployments in accordance with best practices
improve links on landing page for NetBox and auth to accurately reflect what Malcolm is using
added more smarts to the NGINX startup script to dynamically set up upstreams that may or may not exist based on enabled or disabled Malcolm features
fixed a minor issue in the script setting up Zeek intelligence updates where it would remove its own lockfile
✅ Component version updates
- Alpine Linux v3.21
- Arkime v5.6.4 to resolve RCE vulnerabilities, as described below in the #announcements channel on the Arkime slack: * possible to bypass forced expressions for some API calls * direct access to OpenSearch/Elasticsearch could be used to create session documents that hang viewer or have viewer execute code * since Arkime 5.1.0 any arkimeUser user could create OpenSearch/Elasticsearch documents in any index that viewer had access to
- Keycloak v26.2
- NetBox v4.2.8
- netbox-initializers v4.2.0
- netbox-topology v4.2.1
- Fluent Bit to v4.0.1
🐛 Bug fixes
- API tokens created in NetBox still require authentication through NGINX reverse proxy (cisagov/Malcolm#383)
- adjust Logstash health check so K8s liveness probe doesn't kill it (cisagov/Malcolm#630)
- be more resilient in
zeekctlstatus checks inzeekdeploy.sh(cisagov/Malcolm#652) - in deployments with multiple zeek-live containers, each container's restarting causes the others to restart zeek (cisagov/Malcolm#651)
🧹 Code and project maintenance
- document customizing Malcolm with an additional output pipeline (cisagov/Malcolm#643)
- overhaul "deploying Malcolm on AWS" documentation (cisagov/Malcolm#655)
Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻♀️.
Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.
Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (
release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.
#Malcolm #HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov
-
CW: Release notes for v25.04.1 of Malcolm, a powerful, easily deployable network traffic analysis tool suite for network security monitoring
Malcolm v25.04.1 contains new features and improvements, component version updates, bug fixes, and other great stuff.
For these notes, I'm lumping v25.04.0 and v25.04.1 together, as v25.04.1 was released only two days after v25.04.0 in order to update Arkime to v5.6.4 which mitigates newly-discovered remote code execution (RCE) vulnerabilities.
https://github.com/idaholab/Malcolm/compare/v25.03.1...v25.04.1
✨ Features and enhancements
- add option to use external NetBox instance (cisagov/Malcolm#597)
- add
-q/--quietoption forstart/restart(cisagov/Malcolm#656) - handle non-HTTPS arkime case (cisagov/Malcolm#629)
lots of improvements to
control.pyandinstall.pyfor Kubernetes deployment- improved
start/stop/wipecontrol script behavior - allow providing resource requests in manifests via YML file and command-line argument
...
Kubernetes:
-n, --namespace <string>
Kubernetes namespace
--skip-persistent-volume-checks [SKIPPERVOLCHECKS]
Skip checks for PersistentVolumes/PersistentVolumeClaims in manifests (only for "start" operation with Kubernetes)
--no-capture-pods [NOCAPTUREPODSSTART]
Do not deploy pods for traffic live capture/analysis (only for "start" operation with Kubernetes)
--no-capabilities [NOCAPABILITIES]
Do not specify modifications to container capabilities (only for "start" operation with Kubernetes)
--inject-resources [INJECTRESOURCES]
Inject container resources from kubernetes-container-resources.yml (only for "start" operation with Kubernetes)
--image-source <string>
Source for container images (e.g., "ghcr.io/idaholab/malcolm"; only for "start" operation with Kubernetes)
--image-tag <string> Tag for container images (e.g., "25.04.0"; only for "start" operation with Kubernetes)
--delete-namespace [DELETENAMESPACE]
Delete Kubernetes namespace (only for "wipe" operation with Kubernetes)
...- improved
improvements to Malcolm's vanilla Kubernetes manifests
- lowered the amount of storage for the persistent volumes in the AWS EFS example
- replaced
namelabel withapplabel for deployments in accordance with best practices
improve links on landing page for NetBox and auth to accurately reflect what Malcolm is using
added more smarts to the NGINX startup script to dynamically set up upstreams that may or may not exist based on enabled or disabled Malcolm features
fixed a minor issue in the script setting up Zeek intelligence updates where it would remove its own lockfile
✅ Component version updates
- Alpine Linux v3.21
- Arkime v5.6.4 to resolve RCE vulnerabilities, as described below in the #announcements channel on the Arkime slack: * possible to bypass forced expressions for some API calls * direct access to OpenSearch/Elasticsearch could be used to create session documents that hang viewer or have viewer execute code * since Arkime 5.1.0 any arkimeUser user could create OpenSearch/Elasticsearch documents in any index that viewer had access to
- Keycloak v26.2
- NetBox v4.2.8
- netbox-initializers v4.2.0
- netbox-topology v4.2.1
- Fluent Bit to v4.0.1
🐛 Bug fixes
- API tokens created in NetBox still require authentication through NGINX reverse proxy (cisagov/Malcolm#383)
- adjust Logstash health check so K8s liveness probe doesn't kill it (cisagov/Malcolm#630)
- be more resilient in
zeekctlstatus checks inzeekdeploy.sh(cisagov/Malcolm#652) - in deployments with multiple zeek-live containers, each container's restarting causes the others to restart zeek (cisagov/Malcolm#651)
🧹 Code and project maintenance
- document customizing Malcolm with an additional output pipeline (cisagov/Malcolm#643)
- overhaul "deploying Malcolm on AWS" documentation (cisagov/Malcolm#655)
Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻♀️.
Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.
Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (
release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.
#Malcolm #HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov
-
Реинсталл-0624 | Расширение инфры
События от 27.06.2024[Пост с большим опозданием, но всё равно лучше, чем ничего.]
- Селфхостед сервисов на dc09.ru много, все нужны, не все хорошо оптимизированы.
- Изредка появлялись ошибки "No file descriptors available", сервер не вывозил количество соединений — видимо, больше 8192; правда, в этом частично виноват я, не знавший о настройке keepalive в реверс-прокси nginx, об этом напишу в следующем посте.
- Из-за пайпеда пару раз IPv6-адрес блокировался ютубом, приходилось менять, ставить заново PTR-запись, ибо почта на том же сервере, ставить новый адрес в DNS-е.
Прямо напрашивается аренда второго вирутального сервера исключительно под проксирующий софт вроде Piped, SearXNG, txtdot. А первый — для критически важных и/или личных сервисов.
Расписал на листочке план-схему новой инфраструктуры (от которого слегка пришлось отойти), на нём же для каждого сервиса указано его потребление ОЗУ и открытые TCP/UDP-порты.
27 июня начал расширять инфру: создал qcow2-образ и установил туда Alpine Linux через QEMU, загрузил образ через панельку хостера, создал два виртуальных сервера (сначала один) из образа с альпином.
Даунтайм номер раз: 9:30 по МСК, это была попытка объединить действующий сервер dc09 и новый в одну сеть (услуга у хостера называется VPC или "личная сеть"). Тут и нелучший UX раздела "личные сети" в панельке, и почему-то не заработавший DHCP-сервер… Отключил VPC в 10:18, сетевой доступ был восстановлен.
Позже разобрался-таки в VPC, создал два сервера "по-правильному" (в той же зоне, что и личная сеть, и с привязкой к сети сразу при заказе VPS), начал переносить сервисы. И у меня это получилось на удивление довольно быстро, до конца дня почти всё было на новых впсках.
Могли быть недоступны отдельные сервисы, прошу меня простить. Вот точно помню, что криво сконфигурировал SearXNG в Nginx Unit, заметил не сразу, часик метасёрч точно пролежал… В целом всё хорошо было :)
Итак, новые сервисы:
- rl.dc09.ru — Redlib (форк Libreddit)
- ly.dc09.ru — LibreY (ещё один метасёрч), возможно заменю на 4get потом
- Piped снова сделал публичным: фронтенд pv.dc09.ru, апишка pa.dc09.ru, прокси на pp.dc09.ru
С плеромы sc.dc09.ru перешёл на легковесный GoToSocial — gts.dc09.ru
Что ещё из публичных сервисов у меня было и есть:
- searx.dc09.ru — SearXNG (метасёрч)
- txt.dc09.ru — txtdot (прокси со сжатием/очисткой страницы, без JS)
- git.dc09.ru — Forgejo (гит-хостинг с веб-интерфейсом, форк Gitea)
- RustDesk hbbr/hbbs на
s1.dc09.ru - Syncthing discosrv на
s1.dc09.ru
По просьбе могу дать аккаунт на GTS, на Piped, на почтовом сервере maddy, на матрикс-сервере Dendrite или на штуке для синхронизации контактов и календаря Radicale.
-
So much for '#SystemD is not a monolith' guilt tripping. It's modular in theory alone. #Flatpak is the next critical software to introduce a hard dependency on systemd, after #Gnome. Those of us using #Runit, #OpenRC, #GNUShepherd etc are looking at a situation similar to #elogind.
What's common among them? A corporate #OpenSource ecosystem that only they can maintain. Meanwhile, those who question this are treated with contempt!
https://www.osnews.com/story/145071/flatpak-will-depend-on-systemd/
-
So much for '#SystemD is not a monolith' guilt tripping. It's modular in theory alone. #Flatpak is the next critical software to introduce a hard dependency on systemd, after #Gnome. Those of us using #Runit, #OpenRC, #GNUShepherd etc are looking at a situation similar to #elogind.
What's common among them? A corporate #OpenSource ecosystem that only they can maintain. Meanwhile, those who question this are treated with contempt!
https://www.osnews.com/story/145071/flatpak-will-depend-on-systemd/