forked from cisagov/Malcolm
-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
both zeek and zeek-live containers are trying to pull intel feeds on startup #196
Labels
bug
Something isn't working
regression
It worked at one point...
zeek
Relating to Malcolm's use of Zeek
Milestone
Comments
mmguero
added
bug
Something isn't working
zeek
Relating to Malcolm's use of Zeek
regression
It worked at one point...
labels
May 16, 2023
Here's where I broke it. Not sure what I was doing there. I'll fix it. |
mmguero
added a commit
to mmguero-dev/Malcolm
that referenced
this issue
May 16, 2023
…ll intel feeds on startup
This was referenced May 16, 2023
mmguero
added a commit
that referenced
this issue
May 16, 2023
Malcolm v23.05.1 is a minor release with a few component version updates and bug fixes, particularly to fix an issue with `install.py` where the ownership of `.env` files in the `config` directory may get incorrectly set to `root` rather than the unprivileged user. cisagov/Malcolm@v23.05.0...v23.05.1 * Enhancements and bug fixes - install.py can create .env files 0:0 ownership instead of unprivileged user ownership (cisagov#253) - both zeek and zeek-live containers are trying to pull intel feeds on startup (#196) - Make sure a few Arkime fields (`http.xff*`) get created in the index template with the right field types to avoid aggregation query issues - Tweaks to convenience scripts (`malcolmmonitor` and `sensormonitor`) in ISO-installed Malcolm and Hedgehog Linux environments - Added some `.service` files for the ISO-installed version of Malcolm to be able to feed itself resource statistics via Fluent Bit - Documentation updates * Component version updates - Arkime to [v4.3.1](https://github.com/arkime/arkime/blob/ce8d5d4d1a54a3a9f022bf4b72081f7af666f6e4/CHANGELOG#L33-L44) - OpenSearch and OpenSearch Dashboards to [v2.7.0](https://github.com/opensearch-project/opensearch-build/blob/2dbbce4428e583c4cf1f1f867f7591d978395420/release-notes/opensearch-release-notes-2.7.0.md) - NetBox to [v3.5.1](https://netbox.dev/blog/posts/netbox-v351-released/) - Beats to [v8.7.1](https://www.elastic.co/guide/en/beats/libbeat/8.7/release-notes-8.7.1.html)
mmguero
added a commit
to cisagov/Malcolm
that referenced
this issue
May 16, 2023
Malcolm v23.05.1 is a minor release with a few component version updates and bug fixes, particularly to fix an issue with `install.py` where the ownership of `.env` files in the `config` directory may get incorrectly set to `root` rather than the unprivileged user. v23.05.0...v23.05.1 * Enhancements and bug fixes - install.py can create .env files 0:0 ownership instead of unprivileged user ownership (#253) - both zeek and zeek-live containers are trying to pull intel feeds on startup (idaholab#196) - Make sure a few Arkime fields (`http.xff*`) get created in the index template with the right field types to avoid aggregation query issues - Tweaks to convenience scripts (`malcolmmonitor` and `sensormonitor`) in ISO-installed Malcolm and Hedgehog Linux environments - Added some `.service` files for the ISO-installed version of Malcolm to be able to feed itself resource statistics via Fluent Bit - Documentation updates * Component version updates - Arkime to [v4.3.1](https://github.com/arkime/arkime/blob/ce8d5d4d1a54a3a9f022bf4b72081f7af666f6e4/CHANGELOG#L33-L44) - OpenSearch and OpenSearch Dashboards to [v2.7.0](https://github.com/opensearch-project/opensearch-build/blob/2dbbce4428e583c4cf1f1f867f7591d978395420/release-notes/opensearch-release-notes-2.7.0.md) - NetBox to [v3.5.1](https://netbox.dev/blog/posts/netbox-v351-released/) - Beats to [v8.7.1](https://www.elastic.co/guide/en/beats/libbeat/8.7/release-notes-8.7.1.html)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
bug
Something isn't working
regression
It worked at one point...
zeek
Relating to Malcolm's use of Zeek
In Malcolm, both zeek and zeek-live containers are trying to pull intel feeds on startup, which could cause a conflict or race condition.
There's supposed to be code in there to prevent that, but something must have changed. Need to review it. Not super-super-high priority (I don't think it needs to delay v23.05.1 which has another important bug fix) but something that needs addressed.
The text was updated successfully, but these errors were encountered: