Search
698 results for “alpinelinux”
-
CW: Release notes for v25.04.1 of Malcolm, a powerful, easily deployable network traffic analysis tool suite for network security monitoring
Malcolm v25.04.1 contains new features and improvements, component version updates, bug fixes, and other great stuff.
For these notes, I'm lumping v25.04.0 and v25.04.1 together, as v25.04.1 was released only two days after v25.04.0 in order to update Arkime to v5.6.4 which mitigates newly-discovered remote code execution (RCE) vulnerabilities.
https://github.com/idaholab/Malcolm/compare/v25.03.1...v25.04.1
✨ Features and enhancements
- add option to use external NetBox instance (cisagov/Malcolm#597)
- add
-q/--quietoption forstart/restart(cisagov/Malcolm#656) - handle non-HTTPS arkime case (cisagov/Malcolm#629)
lots of improvements to
control.pyandinstall.pyfor Kubernetes deployment- improved
start/stop/wipecontrol script behavior - allow providing resource requests in manifests via YML file and command-line argument
...
Kubernetes:
-n, --namespace <string>
Kubernetes namespace
--skip-persistent-volume-checks [SKIPPERVOLCHECKS]
Skip checks for PersistentVolumes/PersistentVolumeClaims in manifests (only for "start" operation with Kubernetes)
--no-capture-pods [NOCAPTUREPODSSTART]
Do not deploy pods for traffic live capture/analysis (only for "start" operation with Kubernetes)
--no-capabilities [NOCAPABILITIES]
Do not specify modifications to container capabilities (only for "start" operation with Kubernetes)
--inject-resources [INJECTRESOURCES]
Inject container resources from kubernetes-container-resources.yml (only for "start" operation with Kubernetes)
--image-source <string>
Source for container images (e.g., "ghcr.io/idaholab/malcolm"; only for "start" operation with Kubernetes)
--image-tag <string> Tag for container images (e.g., "25.04.0"; only for "start" operation with Kubernetes)
--delete-namespace [DELETENAMESPACE]
Delete Kubernetes namespace (only for "wipe" operation with Kubernetes)
...- improved
improvements to Malcolm's vanilla Kubernetes manifests
- lowered the amount of storage for the persistent volumes in the AWS EFS example
- replaced
namelabel withapplabel for deployments in accordance with best practices
improve links on landing page for NetBox and auth to accurately reflect what Malcolm is using
added more smarts to the NGINX startup script to dynamically set up upstreams that may or may not exist based on enabled or disabled Malcolm features
fixed a minor issue in the script setting up Zeek intelligence updates where it would remove its own lockfile
✅ Component version updates
- Alpine Linux v3.21
- Arkime v5.6.4 to resolve RCE vulnerabilities, as described below in the #announcements channel on the Arkime slack: * possible to bypass forced expressions for some API calls * direct access to OpenSearch/Elasticsearch could be used to create session documents that hang viewer or have viewer execute code * since Arkime 5.1.0 any arkimeUser user could create OpenSearch/Elasticsearch documents in any index that viewer had access to
- Keycloak v26.2
- NetBox v4.2.8
- netbox-initializers v4.2.0
- netbox-topology v4.2.1
- Fluent Bit to v4.0.1
🐛 Bug fixes
- API tokens created in NetBox still require authentication through NGINX reverse proxy (cisagov/Malcolm#383)
- adjust Logstash health check so K8s liveness probe doesn't kill it (cisagov/Malcolm#630)
- be more resilient in
zeekctlstatus checks inzeekdeploy.sh(cisagov/Malcolm#652) - in deployments with multiple zeek-live containers, each container's restarting causes the others to restart zeek (cisagov/Malcolm#651)
🧹 Code and project maintenance
- document customizing Malcolm with an additional output pipeline (cisagov/Malcolm#643)
- overhaul "deploying Malcolm on AWS" documentation (cisagov/Malcolm#655)
Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻♀️.
Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.
Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (
release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.
#Malcolm #HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov
-
CW: Release notes for v25.04.1 of Malcolm, a powerful, easily deployable network traffic analysis tool suite for network security monitoring
Malcolm v25.04.1 contains new features and improvements, component version updates, bug fixes, and other great stuff.
For these notes, I'm lumping v25.04.0 and v25.04.1 together, as v25.04.1 was released only two days after v25.04.0 in order to update Arkime to v5.6.4 which mitigates newly-discovered remote code execution (RCE) vulnerabilities.
https://github.com/idaholab/Malcolm/compare/v25.03.1...v25.04.1
✨ Features and enhancements
- add option to use external NetBox instance (cisagov/Malcolm#597)
- add
-q/--quietoption forstart/restart(cisagov/Malcolm#656) - handle non-HTTPS arkime case (cisagov/Malcolm#629)
lots of improvements to
control.pyandinstall.pyfor Kubernetes deployment- improved
start/stop/wipecontrol script behavior - allow providing resource requests in manifests via YML file and command-line argument
...
Kubernetes:
-n, --namespace <string>
Kubernetes namespace
--skip-persistent-volume-checks [SKIPPERVOLCHECKS]
Skip checks for PersistentVolumes/PersistentVolumeClaims in manifests (only for "start" operation with Kubernetes)
--no-capture-pods [NOCAPTUREPODSSTART]
Do not deploy pods for traffic live capture/analysis (only for "start" operation with Kubernetes)
--no-capabilities [NOCAPABILITIES]
Do not specify modifications to container capabilities (only for "start" operation with Kubernetes)
--inject-resources [INJECTRESOURCES]
Inject container resources from kubernetes-container-resources.yml (only for "start" operation with Kubernetes)
--image-source <string>
Source for container images (e.g., "ghcr.io/idaholab/malcolm"; only for "start" operation with Kubernetes)
--image-tag <string> Tag for container images (e.g., "25.04.0"; only for "start" operation with Kubernetes)
--delete-namespace [DELETENAMESPACE]
Delete Kubernetes namespace (only for "wipe" operation with Kubernetes)
...- improved
improvements to Malcolm's vanilla Kubernetes manifests
- lowered the amount of storage for the persistent volumes in the AWS EFS example
- replaced
namelabel withapplabel for deployments in accordance with best practices
improve links on landing page for NetBox and auth to accurately reflect what Malcolm is using
added more smarts to the NGINX startup script to dynamically set up upstreams that may or may not exist based on enabled or disabled Malcolm features
fixed a minor issue in the script setting up Zeek intelligence updates where it would remove its own lockfile
✅ Component version updates
- Alpine Linux v3.21
- Arkime v5.6.4 to resolve RCE vulnerabilities, as described below in the #announcements channel on the Arkime slack: * possible to bypass forced expressions for some API calls * direct access to OpenSearch/Elasticsearch could be used to create session documents that hang viewer or have viewer execute code * since Arkime 5.1.0 any arkimeUser user could create OpenSearch/Elasticsearch documents in any index that viewer had access to
- Keycloak v26.2
- NetBox v4.2.8
- netbox-initializers v4.2.0
- netbox-topology v4.2.1
- Fluent Bit to v4.0.1
🐛 Bug fixes
- API tokens created in NetBox still require authentication through NGINX reverse proxy (cisagov/Malcolm#383)
- adjust Logstash health check so K8s liveness probe doesn't kill it (cisagov/Malcolm#630)
- be more resilient in
zeekctlstatus checks inzeekdeploy.sh(cisagov/Malcolm#652) - in deployments with multiple zeek-live containers, each container's restarting causes the others to restart zeek (cisagov/Malcolm#651)
🧹 Code and project maintenance
- document customizing Malcolm with an additional output pipeline (cisagov/Malcolm#643)
- overhaul "deploying Malcolm on AWS" documentation (cisagov/Malcolm#655)
Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻♀️.
Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.
Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (
release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.
#Malcolm #HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov
-
CW: Release notes for v25.04.1 of Malcolm, a powerful, easily deployable network traffic analysis tool suite for network security monitoring
Malcolm v25.04.1 contains new features and improvements, component version updates, bug fixes, and other great stuff.
For these notes, I'm lumping v25.04.0 and v25.04.1 together, as v25.04.1 was released only two days after v25.04.0 in order to update Arkime to v5.6.4 which mitigates newly-discovered remote code execution (RCE) vulnerabilities.
https://github.com/idaholab/Malcolm/compare/v25.03.1...v25.04.1
✨ Features and enhancements
- add option to use external NetBox instance (cisagov/Malcolm#597)
- add
-q/--quietoption forstart/restart(cisagov/Malcolm#656) - handle non-HTTPS arkime case (cisagov/Malcolm#629)
lots of improvements to
control.pyandinstall.pyfor Kubernetes deployment- improved
start/stop/wipecontrol script behavior - allow providing resource requests in manifests via YML file and command-line argument
...
Kubernetes:
-n, --namespace <string>
Kubernetes namespace
--skip-persistent-volume-checks [SKIPPERVOLCHECKS]
Skip checks for PersistentVolumes/PersistentVolumeClaims in manifests (only for "start" operation with Kubernetes)
--no-capture-pods [NOCAPTUREPODSSTART]
Do not deploy pods for traffic live capture/analysis (only for "start" operation with Kubernetes)
--no-capabilities [NOCAPABILITIES]
Do not specify modifications to container capabilities (only for "start" operation with Kubernetes)
--inject-resources [INJECTRESOURCES]
Inject container resources from kubernetes-container-resources.yml (only for "start" operation with Kubernetes)
--image-source <string>
Source for container images (e.g., "ghcr.io/idaholab/malcolm"; only for "start" operation with Kubernetes)
--image-tag <string> Tag for container images (e.g., "25.04.0"; only for "start" operation with Kubernetes)
--delete-namespace [DELETENAMESPACE]
Delete Kubernetes namespace (only for "wipe" operation with Kubernetes)
...- improved
improvements to Malcolm's vanilla Kubernetes manifests
- lowered the amount of storage for the persistent volumes in the AWS EFS example
- replaced
namelabel withapplabel for deployments in accordance with best practices
improve links on landing page for NetBox and auth to accurately reflect what Malcolm is using
added more smarts to the NGINX startup script to dynamically set up upstreams that may or may not exist based on enabled or disabled Malcolm features
fixed a minor issue in the script setting up Zeek intelligence updates where it would remove its own lockfile
✅ Component version updates
- Alpine Linux v3.21
- Arkime v5.6.4 to resolve RCE vulnerabilities, as described below in the #announcements channel on the Arkime slack: * possible to bypass forced expressions for some API calls * direct access to OpenSearch/Elasticsearch could be used to create session documents that hang viewer or have viewer execute code * since Arkime 5.1.0 any arkimeUser user could create OpenSearch/Elasticsearch documents in any index that viewer had access to
- Keycloak v26.2
- NetBox v4.2.8
- netbox-initializers v4.2.0
- netbox-topology v4.2.1
- Fluent Bit to v4.0.1
🐛 Bug fixes
- API tokens created in NetBox still require authentication through NGINX reverse proxy (cisagov/Malcolm#383)
- adjust Logstash health check so K8s liveness probe doesn't kill it (cisagov/Malcolm#630)
- be more resilient in
zeekctlstatus checks inzeekdeploy.sh(cisagov/Malcolm#652) - in deployments with multiple zeek-live containers, each container's restarting causes the others to restart zeek (cisagov/Malcolm#651)
🧹 Code and project maintenance
- document customizing Malcolm with an additional output pipeline (cisagov/Malcolm#643)
- overhaul "deploying Malcolm on AWS" documentation (cisagov/Malcolm#655)
Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻♀️.
Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.
Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (
release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.
#Malcolm #HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov
-
CW: Release notes for v25.04.1 of Malcolm, a powerful, easily deployable network traffic analysis tool suite for network security monitoring
Malcolm v25.04.1 contains new features and improvements, component version updates, bug fixes, and other great stuff.
For these notes, I'm lumping v25.04.0 and v25.04.1 together, as v25.04.1 was released only two days after v25.04.0 in order to update Arkime to v5.6.4 which mitigates newly-discovered remote code execution (RCE) vulnerabilities.
https://github.com/idaholab/Malcolm/compare/v25.03.1...v25.04.1
✨ Features and enhancements
- add option to use external NetBox instance (cisagov/Malcolm#597)
- add
-q/--quietoption forstart/restart(cisagov/Malcolm#656) - handle non-HTTPS arkime case (cisagov/Malcolm#629)
lots of improvements to
control.pyandinstall.pyfor Kubernetes deployment- improved
start/stop/wipecontrol script behavior - allow providing resource requests in manifests via YML file and command-line argument
...
Kubernetes:
-n, --namespace <string>
Kubernetes namespace
--skip-persistent-volume-checks [SKIPPERVOLCHECKS]
Skip checks for PersistentVolumes/PersistentVolumeClaims in manifests (only for "start" operation with Kubernetes)
--no-capture-pods [NOCAPTUREPODSSTART]
Do not deploy pods for traffic live capture/analysis (only for "start" operation with Kubernetes)
--no-capabilities [NOCAPABILITIES]
Do not specify modifications to container capabilities (only for "start" operation with Kubernetes)
--inject-resources [INJECTRESOURCES]
Inject container resources from kubernetes-container-resources.yml (only for "start" operation with Kubernetes)
--image-source <string>
Source for container images (e.g., "ghcr.io/idaholab/malcolm"; only for "start" operation with Kubernetes)
--image-tag <string> Tag for container images (e.g., "25.04.0"; only for "start" operation with Kubernetes)
--delete-namespace [DELETENAMESPACE]
Delete Kubernetes namespace (only for "wipe" operation with Kubernetes)
...- improved
improvements to Malcolm's vanilla Kubernetes manifests
- lowered the amount of storage for the persistent volumes in the AWS EFS example
- replaced
namelabel withapplabel for deployments in accordance with best practices
improve links on landing page for NetBox and auth to accurately reflect what Malcolm is using
added more smarts to the NGINX startup script to dynamically set up upstreams that may or may not exist based on enabled or disabled Malcolm features
fixed a minor issue in the script setting up Zeek intelligence updates where it would remove its own lockfile
✅ Component version updates
- Alpine Linux v3.21
- Arkime v5.6.4 to resolve RCE vulnerabilities, as described below in the #announcements channel on the Arkime slack: * possible to bypass forced expressions for some API calls * direct access to OpenSearch/Elasticsearch could be used to create session documents that hang viewer or have viewer execute code * since Arkime 5.1.0 any arkimeUser user could create OpenSearch/Elasticsearch documents in any index that viewer had access to
- Keycloak v26.2
- NetBox v4.2.8
- netbox-initializers v4.2.0
- netbox-topology v4.2.1
- Fluent Bit to v4.0.1
🐛 Bug fixes
- API tokens created in NetBox still require authentication through NGINX reverse proxy (cisagov/Malcolm#383)
- adjust Logstash health check so K8s liveness probe doesn't kill it (cisagov/Malcolm#630)
- be more resilient in
zeekctlstatus checks inzeekdeploy.sh(cisagov/Malcolm#652) - in deployments with multiple zeek-live containers, each container's restarting causes the others to restart zeek (cisagov/Malcolm#651)
🧹 Code and project maintenance
- document customizing Malcolm with an additional output pipeline (cisagov/Malcolm#643)
- overhaul "deploying Malcolm on AWS" documentation (cisagov/Malcolm#655)
Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻♀️.
Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.
Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (
release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.
#Malcolm #HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov
-
CW: Release notes for v25.04.1 of Malcolm, a powerful, easily deployable network traffic analysis tool suite for network security monitoring
Malcolm v25.04.1 contains new features and improvements, component version updates, bug fixes, and other great stuff.
For these notes, I'm lumping v25.04.0 and v25.04.1 together, as v25.04.1 was released only two days after v25.04.0 in order to update Arkime to v5.6.4 which mitigates newly-discovered remote code execution (RCE) vulnerabilities.
https://github.com/idaholab/Malcolm/compare/v25.03.1...v25.04.1
✨ Features and enhancements
- add option to use external NetBox instance (cisagov/Malcolm#597)
- add
-q/--quietoption forstart/restart(cisagov/Malcolm#656) - handle non-HTTPS arkime case (cisagov/Malcolm#629)
lots of improvements to
control.pyandinstall.pyfor Kubernetes deployment- improved
start/stop/wipecontrol script behavior - allow providing resource requests in manifests via YML file and command-line argument
...
Kubernetes:
-n, --namespace <string>
Kubernetes namespace
--skip-persistent-volume-checks [SKIPPERVOLCHECKS]
Skip checks for PersistentVolumes/PersistentVolumeClaims in manifests (only for "start" operation with Kubernetes)
--no-capture-pods [NOCAPTUREPODSSTART]
Do not deploy pods for traffic live capture/analysis (only for "start" operation with Kubernetes)
--no-capabilities [NOCAPABILITIES]
Do not specify modifications to container capabilities (only for "start" operation with Kubernetes)
--inject-resources [INJECTRESOURCES]
Inject container resources from kubernetes-container-resources.yml (only for "start" operation with Kubernetes)
--image-source <string>
Source for container images (e.g., "ghcr.io/idaholab/malcolm"; only for "start" operation with Kubernetes)
--image-tag <string> Tag for container images (e.g., "25.04.0"; only for "start" operation with Kubernetes)
--delete-namespace [DELETENAMESPACE]
Delete Kubernetes namespace (only for "wipe" operation with Kubernetes)
...- improved
improvements to Malcolm's vanilla Kubernetes manifests
- lowered the amount of storage for the persistent volumes in the AWS EFS example
- replaced
namelabel withapplabel for deployments in accordance with best practices
improve links on landing page for NetBox and auth to accurately reflect what Malcolm is using
added more smarts to the NGINX startup script to dynamically set up upstreams that may or may not exist based on enabled or disabled Malcolm features
fixed a minor issue in the script setting up Zeek intelligence updates where it would remove its own lockfile
✅ Component version updates
- Alpine Linux v3.21
- Arkime v5.6.4 to resolve RCE vulnerabilities, as described below in the #announcements channel on the Arkime slack: * possible to bypass forced expressions for some API calls * direct access to OpenSearch/Elasticsearch could be used to create session documents that hang viewer or have viewer execute code * since Arkime 5.1.0 any arkimeUser user could create OpenSearch/Elasticsearch documents in any index that viewer had access to
- Keycloak v26.2
- NetBox v4.2.8
- netbox-initializers v4.2.0
- netbox-topology v4.2.1
- Fluent Bit to v4.0.1
🐛 Bug fixes
- API tokens created in NetBox still require authentication through NGINX reverse proxy (cisagov/Malcolm#383)
- adjust Logstash health check so K8s liveness probe doesn't kill it (cisagov/Malcolm#630)
- be more resilient in
zeekctlstatus checks inzeekdeploy.sh(cisagov/Malcolm#652) - in deployments with multiple zeek-live containers, each container's restarting causes the others to restart zeek (cisagov/Malcolm#651)
🧹 Code and project maintenance
- document customizing Malcolm with an additional output pipeline (cisagov/Malcolm#643)
- overhaul "deploying Malcolm on AWS" documentation (cisagov/Malcolm#655)
Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻♀️.
Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.
Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (
release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.
#Malcolm #HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov
-
Freebsd virtualization is easy with the correct tools
Of course one can use the basic jail command but to make life easier: I prefer a tool around it.I use now BastilleBSD to create Freebsd jails, Bhyve for VMs.
I was looking for a combination tool with more options for export / clone easy backup and linux virtual machines/instances--> I tried CBSD: good command set, relatively easy to use, no good documentation. The Freebsd system install was a bit more invasive then I wanted. Too bad, a nice tool.
--> Then the (I hope) final solution which is a perfect match: appjail
1: The comparison table: https://appjail.readthedocs.io/en/latest/compare/
2: The documentation is sold, supported by a good repository of samples and jail templates
3: Easy to create a "native" freebsd jail, and linux in various flavours.
4: Vnets are auto created and maintained during start and stopExample for Freebsd:
appjail quick hello \
virtualnet=":ajnet" \
overwrite
done ;)Example for Alpine:
appjail makejail \
-j alpine \
-f gh+AppJail-makejails/alpine-linux \
-o template=/usr/local/share/examples/appjail/templates/linux.conf \
-o alias \
-o virtualnet=":ajnet address:192.168.X.XXX default" \
-o natappjail login alpine
Welcome to Alpine!
alpine:~#And for Debian Bookworm,:
appjail makejail \
-j debian \
-f gh+AppJail-makejails/debian \
-o template=/usr/local/share/examples/appjail/templates/linux.conf \
-o alias -o linuxfs -o osversion=bookworm -o type=linux+debootstrap \
-o virtualnet=":ajnet address:192.168.X.XXX default" \
-o nat -o devfs_ruleset=11appjail login debian
Linux debian.appjail 5.15.0 FreeBSD 14.1-RELEASE-p3 GENERIC x86_64
root@debian:~# -
Реинсталл-0624 | Расширение инфры
События от 27.06.2024[Пост с большим опозданием, но всё равно лучше, чем ничего.]
- Селфхостед сервисов на dc09.ru много, все нужны, не все хорошо оптимизированы.
- Изредка появлялись ошибки "No file descriptors available", сервер не вывозил количество соединений — видимо, больше 8192; правда, в этом частично виноват я, не знавший о настройке keepalive в реверс-прокси nginx, об этом напишу в следующем посте.
- Из-за пайпеда пару раз IPv6-адрес блокировался ютубом, приходилось менять, ставить заново PTR-запись, ибо почта на том же сервере, ставить новый адрес в DNS-е.
Прямо напрашивается аренда второго вирутального сервера исключительно под проксирующий софт вроде Piped, SearXNG, txtdot. А первый — для критически важных и/или личных сервисов.
Расписал на листочке план-схему новой инфраструктуры (от которого слегка пришлось отойти), на нём же для каждого сервиса указано его потребление ОЗУ и открытые TCP/UDP-порты.
27 июня начал расширять инфру: создал qcow2-образ и установил туда Alpine Linux через QEMU, загрузил образ через панельку хостера, создал два виртуальных сервера (сначала один) из образа с альпином.
Даунтайм номер раз: 9:30 по МСК, это была попытка объединить действующий сервер dc09 и новый в одну сеть (услуга у хостера называется VPC или "личная сеть"). Тут и нелучший UX раздела "личные сети" в панельке, и почему-то не заработавший DHCP-сервер… Отключил VPC в 10:18, сетевой доступ был восстановлен.
Позже разобрался-таки в VPC, создал два сервера "по-правильному" (в той же зоне, что и личная сеть, и с привязкой к сети сразу при заказе VPS), начал переносить сервисы. И у меня это получилось на удивление довольно быстро, до конца дня почти всё было на новых впсках.
Могли быть недоступны отдельные сервисы, прошу меня простить. Вот точно помню, что криво сконфигурировал SearXNG в Nginx Unit, заметил не сразу, часик метасёрч точно пролежал… В целом всё хорошо было :)
Итак, новые сервисы:
- rl.dc09.ru — Redlib (форк Libreddit)
- ly.dc09.ru — LibreY (ещё один метасёрч), возможно заменю на 4get потом
- Piped снова сделал публичным: фронтенд pv.dc09.ru, апишка pa.dc09.ru, прокси на pp.dc09.ru
С плеромы sc.dc09.ru перешёл на легковесный GoToSocial — gts.dc09.ru
Что ещё из публичных сервисов у меня было и есть:
- searx.dc09.ru — SearXNG (метасёрч)
- txt.dc09.ru — txtdot (прокси со сжатием/очисткой страницы, без JS)
- git.dc09.ru — Forgejo (гит-хостинг с веб-интерфейсом, форк Gitea)
- RustDesk hbbr/hbbs на
s1.dc09.ru - Syncthing discosrv на
s1.dc09.ru
По просьбе могу дать аккаунт на GTS, на Piped, на почтовом сервере maddy, на матрикс-сервере Dendrite или на штуке для синхронизации контактов и календаря Radicale.
