Skip to content

Malcolm v24.07.0

Compare
Choose a tag to compare
@mmguero mmguero released this 30 Jul 21:38
· 321 commits to main since this release
7b27173

Malcolm v24.07.0 contains minor improvements, some component version updates, and a few bug fixes.

v24.06.0...v24.07.0

  • Features and enhancements
    • integrated the ICSNPP GE SRTP network analyzer (idaholab#516)
    • Changed the way docker compose does bind mounts of files and directories to avoid creating empty directories when the source is missing, returning an error instead (idaholab#473)
      • This changed necessitated a switch from Python's built-in YAML library to ruamel.yaml
    • code to pull from MISP feeds should specify JSON as preferred format in HTTP headers (idaholab#520)
    • add optional service argument to restart script (idaholab#521)
    • replace API link on landing page with extracted-files (idaholab#524)
    • exclude private IP space Intel::ADDR items when populating Zeek intel (idaholab#528)
    • updated some screenshots for the documentation
  • Component version updates
  • Bug fixes
    • tarball-based installation should not depend on UID inside of tarball, prevents installation if UID with which tarball's contents were created don't match installing user's (idaholab#519)
    • bacnet discovery log not parsed correctly (idaholab#523)
    • resolved issue with the build.sh helper script when building non-AMD64 Docker images
  • Configuration changes (in environment variables in ./config/)
    • The variable ZEEK_DISABLE_ICS_GE_SRTP has been added to zeek.env and control_vars.conf to control enabling the network analyzer for the GE SRTP protocol. It's default value is true (indicating that the analyzer is disabled) as it is a somewhat uncommon OT protocol that likely won't be needed by most Malcolm users.
  • Other
    • Removed long-deprecated net-map.json file support (idaholab#517)

Official ISO installer images for Malcolm and Hedgehog Linux can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split into 2GB chunks and can be reassembled with scripts provided for both Bash (release_cleaver.sh) and PowerShell (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.