add option to enable SSH via password in hedgehog's configure-interfaces.py script #158
Assignees
Labels
enhancement
New feature or request
iso
relating to the ISO-installed environment for Malcolm and/or Hedgehog
security
Related to issues with bearing on the security of Malcolm itself
sensor
For issues dealing with the Hedgehog OS capture sensor
Milestone
Comments
mmguero
added
enhancement
|
This should actually apply for both Malcolm and Hedgehog. |
mmguero
added a commit
to mmguero-dev/Malcolm
that referenced
this issue
Jul 17, 2023
mmguero
added a commit
to mmguero-dev/Malcolm
that referenced
this issue
Jul 17, 2023
mmguero
added a commit
to mmguero-dev/Malcolm
that referenced
this issue
Jul 17, 2023
mmguero
added a commit
to mmguero-dev/Malcolm
that referenced
this issue
Jul 18, 2023
mmguero
added a commit
to mmguero-dev/Malcolm
that referenced
this issue
Jul 18, 2023
|
Complete for v23.07.0 |
This was referenced Jul 18, 2023
Merged
mmguero
added a commit
to cisagov/Malcolm
that referenced
this issue
Jul 19, 2023
Malcolm v23.07.0 is a feature release with a number of improvements, bux fixes and component updates. v23.05.1...v23.07.0 * New features - scan docker images built via GitHub actions for vulnerabilities using Trivy (idaholab#218) - document building and deplolying Malcolm with an AWS AMI image (idaholab#205) - handle Arkime field actions (idaholab#200) - kubernetes: document how to get running on Amazon EKS (idaholab#194) - Populate NetBox inventory via passively-gathered network traffic metadata (basic functionality, work in progress) (idaholab#135) * Enhancements - use .tar.xz instead of .tar.gz for packaging Malcolm docker images for better compression (and smaller ISO file size) - Malcolm documentation edits (idaholab#204) - add option to enable SSH via password in hedgehog's configure-interfaces.py script (idaholab#158) - updated "Network Traffic Analysis with Malcolm" slides - use an init container in Kubernetes container startup to ensure necessary directories get created under PersistentVolume objects before startup - improvements to identifying source of third-party logs sent via fluent bit - don't do unnecessary clone of Zeek plugins, just install using URL - parse [bacnet_device_control.log](https://github.com/cisagov/icsnpp-bacnet/#device-control-log-bacnet_device_controllog) produced by the icsnpp-bacnet parser for Zeek * Bug fixes - maxlogins value includes tmux sessions, can lock user out of SSH (idaholab#214) - curl rc file for connecting to external OpenSearch without auth enabled causes logstash startup to fail (idaholab#209) - failure to parse some suricata alerts due to integer type which should be indexed as long (idaholab#206) - netbox-restore doesn't work in Kubernetes (idaholab#202) - PCAP File with no `-` in pcapng Fails to Upload (#265) - disable NetBox telemetry * Component version updates - Alpine (docker container image base) to [v3.18.0](https://www.alpinelinux.org/posts/Alpine-3.18.0-released.html) - Arkime to [v4.3.2](https://github.com/arkime/arkime/blob/8bd9d1ccaf3214eeb07da910c45d6172f9ff4ca8/CHANGELOG#L40-L55) - capa to [v6.0.0](https://github.com/mandiant/capa/releases/tag/v6.0.0) - filebeat to [v8.8.2](https://www.elastic.co/guide/en/beats/libbeat/current/release-notes-8.8.2.html) - NetBox to [v3.5.4](https://github.com/netbox-community/netbox/releases/tag/v3.5.4) - OpenSearch and OpenSearch Dashboards to [v2.8.0](https://github.com/opensearch-project/opensearch-build/blob/main/release-notes/opensearch-release-notes-2.8.0.md) - Supercronic to [v0.2.25](https://github.com/aptible/supercronic/releases/tag/v0.2.25) - YARA to [v4.3.2](https://github.com/VirusTotal/yara/releases/tag/v4.3.2) - Zeek to [v5.2.2](https://github.com/zeek/zeek/releases/tag/v5.2.2) Malcolm and Hedgehog Linux may be obtained by pulling or building the Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on GitHub, but may be downloaded from [https://malcolm.fyi/](https://malcolm.fyi/docs/download.html).
mmguero
added a commit
that referenced
this issue
Jul 19, 2023
Malcolm v23.07.0 is a feature release with a number of improvements, bux fixes and component updates. v23.05.1...v23.07.0 * New features - scan docker images built via GitHub actions for vulnerabilities using Trivy (#218) - document building and deplolying Malcolm with an AWS AMI image (#205) - handle Arkime field actions (#200) - kubernetes: document how to get running on Amazon EKS (#194) - Populate NetBox inventory via passively-gathered network traffic metadata (basic functionality, work in progress) (#135) * Enhancements - use .tar.xz instead of .tar.gz for packaging Malcolm docker images for better compression (and smaller ISO file size) - Malcolm documentation edits (#204) - add option to enable SSH via password in hedgehog's configure-interfaces.py script (#158) - updated "Network Traffic Analysis with Malcolm" slides - use an init container in Kubernetes container startup to ensure necessary directories get created under PersistentVolume objects before startup - improvements to identifying source of third-party logs sent via fluent bit - don't do unnecessary clone of Zeek plugins, just install using URL - parse [bacnet_device_control.log](https://github.com/cisagov/icsnpp-bacnet/#device-control-log-bacnet_device_controllog) produced by the icsnpp-bacnet parser for Zeek * Bug fixes - maxlogins value includes tmux sessions, can lock user out of SSH (#214) - curl rc file for connecting to external OpenSearch without auth enabled causes logstash startup to fail (#209) - failure to parse some suricata alerts due to integer type which should be indexed as long (#206) - netbox-restore doesn't work in Kubernetes (#202) - PCAP File with no `-` in pcapng Fails to Upload (cisagov#265) - disable NetBox telemetry * Component version updates - Alpine (docker container image base) to [v3.18.0](https://www.alpinelinux.org/posts/Alpine-3.18.0-released.html) - Arkime to [v4.3.2](https://github.com/arkime/arkime/blob/8bd9d1ccaf3214eeb07da910c45d6172f9ff4ca8/CHANGELOG#L40-L55) - capa to [v6.0.0](https://github.com/mandiant/capa/releases/tag/v6.0.0) - filebeat to [v8.8.2](https://www.elastic.co/guide/en/beats/libbeat/current/release-notes-8.8.2.html) - NetBox to [v3.5.4](https://github.com/netbox-community/netbox/releases/tag/v3.5.4) - OpenSearch and OpenSearch Dashboards to [v2.8.0](https://github.com/opensearch-project/opensearch-build/blob/main/release-notes/opensearch-release-notes-2.8.0.md) - Supercronic to [v0.2.25](https://github.com/aptible/supercronic/releases/tag/v0.2.25) - YARA to [v4.3.2](https://github.com/VirusTotal/yara/releases/tag/v4.3.2) - Zeek to [v5.2.2](https://github.com/zeek/zeek/releases/tag/v5.2.2) Malcolm and Hedgehog Linux may be obtained by pulling or building the Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on GitHub, but may be downloaded from [https://malcolm.fyi/](https://malcolm.fyi/docs/download.html).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Part of the process for configuring hedgehog is to copy the filebeat/logstash client certificates from Malcolm to the hedgehog, but it can be difficult because SSH is only pubkey enabled on the hedgehog by default.
I should allow password-enabled authentication to be enabled on the hedgehog with warnings to the user about setting it back (or maybe auto-setting it back on reboot or something?).
This could be done in two places:
The text was updated successfully, but these errors were encountered: