Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

both zeek and zeek-live containers are trying to pull intel feeds on startup #196

Closed
mmguero opened this issue May 16, 2023 · 1 comment
Closed
Assignees
Labels
bug Something isn't working regression It worked at one point... zeek Relating to Malcolm's use of Zeek
Milestone

Comments

@mmguero
Copy link
Collaborator

mmguero commented May 16, 2023

In Malcolm, both zeek and zeek-live containers are trying to pull intel feeds on startup, which could cause a conflict or race condition.

There's supposed to be code in there to prevent that, but something must have changed. Need to review it. Not super-super-high priority (I don't think it needs to delay v23.05.1 which has another important bug fix) but something that needs addressed.

@mmguero mmguero added bug Something isn't working zeek Relating to Malcolm's use of Zeek regression It worked at one point... labels May 16, 2023
@mmguero mmguero self-assigned this May 16, 2023
@mmguero mmguero added this to Malcolm May 16, 2023
@mmguero
Copy link
Collaborator Author

mmguero commented May 16, 2023

Here's where I broke it. Not sure what I was doing there. I'll fix it.

mmguero added a commit to mmguero-dev/Malcolm that referenced this issue May 16, 2023
@mmguero mmguero moved this to Done in Malcolm May 16, 2023
@mmguero mmguero added this to the v23.05.1 milestone May 16, 2023
@mmguero mmguero closed this as completed May 16, 2023
mmguero added a commit that referenced this issue May 16, 2023
Malcolm v23.05.1 is a minor release with a few component version updates and bug fixes, particularly to fix an issue with `install.py` where the ownership of `.env` files in the `config` directory may get incorrectly set to `root` rather than the unprivileged user.

cisagov/Malcolm@v23.05.0...v23.05.1

* Enhancements and bug fixes
    - install.py can create .env files 0:0 ownership instead of unprivileged user ownership (cisagov#253)
    -  both zeek and zeek-live containers are trying to pull intel feeds on startup (#196)
    - Make sure a few Arkime fields (`http.xff*`) get created in the index template with the right field types to avoid aggregation query issues
    - Tweaks to convenience scripts (`malcolmmonitor` and `sensormonitor`) in ISO-installed Malcolm and Hedgehog Linux environments
    - Added some `.service` files for the ISO-installed version of Malcolm to be able to feed itself resource statistics via Fluent Bit
    - Documentation updates    

* Component version updates
    - Arkime to [v4.3.1](https://github.com/arkime/arkime/blob/ce8d5d4d1a54a3a9f022bf4b72081f7af666f6e4/CHANGELOG#L33-L44)
    - OpenSearch and OpenSearch Dashboards to [v2.7.0](https://github.com/opensearch-project/opensearch-build/blob/2dbbce4428e583c4cf1f1f867f7591d978395420/release-notes/opensearch-release-notes-2.7.0.md)
    - NetBox to [v3.5.1](https://netbox.dev/blog/posts/netbox-v351-released/)
    - Beats to [v8.7.1](https://www.elastic.co/guide/en/beats/libbeat/8.7/release-notes-8.7.1.html)
mmguero added a commit to cisagov/Malcolm that referenced this issue May 16, 2023
Malcolm v23.05.1 is a minor release with a few component version updates and bug fixes, particularly to fix an issue with `install.py` where the ownership of `.env` files in the `config` directory may get incorrectly set to `root` rather than the unprivileged user.

v23.05.0...v23.05.1

* Enhancements and bug fixes
    - install.py can create .env files 0:0 ownership instead of unprivileged user ownership (#253)
    -  both zeek and zeek-live containers are trying to pull intel feeds on startup (idaholab#196)
    - Make sure a few Arkime fields (`http.xff*`) get created in the index template with the right field types to avoid aggregation query issues
    - Tweaks to convenience scripts (`malcolmmonitor` and `sensormonitor`) in ISO-installed Malcolm and Hedgehog Linux environments
    - Added some `.service` files for the ISO-installed version of Malcolm to be able to feed itself resource statistics via Fluent Bit
    - Documentation updates    

* Component version updates
    - Arkime to [v4.3.1](https://github.com/arkime/arkime/blob/ce8d5d4d1a54a3a9f022bf4b72081f7af666f6e4/CHANGELOG#L33-L44)
    - OpenSearch and OpenSearch Dashboards to [v2.7.0](https://github.com/opensearch-project/opensearch-build/blob/2dbbce4428e583c4cf1f1f867f7591d978395420/release-notes/opensearch-release-notes-2.7.0.md)
    - NetBox to [v3.5.1](https://netbox.dev/blog/posts/netbox-v351-released/)
    - Beats to [v8.7.1](https://www.elastic.co/guide/en/beats/libbeat/8.7/release-notes-8.7.1.html)
@mmguero mmguero moved this from Done to Released in Malcolm May 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working regression It worked at one point... zeek Relating to Malcolm's use of Zeek
Projects
Status: Released
Development

No branches or pull requests

1 participant