trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added Malcolm

Browse Source
This commit is contained in:
Trinitor
2021-08-06 10:35:01 +02:00
parent f043730066
commit 70f1922e80
751 changed files with 195277 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
Vagrant/resources/malcolm/moloch/patch/fields_db_max_2048.patch Normal file
View File

@@ -0,0 +1,26 @@
diff --git a/capture/moloch.h b/capture/moloch.h
index ef1327ee..773ae80e 100644
--- a/capture/moloch.h
+++ b/capture/moloch.h
@@ -310,7 +310,7 @@ enum MolochRotate {
*/
#define MOLOCH_FIELD_NOT_FOUND -1
-#define MOLOCH_FIELDS_DB_MAX 512
+#define MOLOCH_FIELDS_DB_MAX 2048
#define MOLOCH_FIELDS_CNT_MIN MOLOCH_FIELDS_DB_MAX
#define MOLOCH_FIELDS_CNT_MAX (MOLOCH_FIELDS_DB_MAX*2)
#define MOLOCH_FIELD_EXSPECIAL_START (MOLOCH_FIELDS_CNT_MAX)
diff --git a/capture/plugins/wise.c b/capture/plugins/wise.c
index 34a83d6a..001b6866 100644
--- a/capture/plugins/wise.c
+++ b/capture/plugins/wise.c
@@ -111,7 +111,7 @@ typedef struct wiseitem_head {
uint32_t wil_count;
} WiseItemHead_t;
-#define WISE_MAX_REQUEST_ITEMS 512
+#define WISE_MAX_REQUEST_ITEMS MOLOCH_FIELDS_DB_MAX
typedef struct wiserequest {
BSB bsb;
WiseItem_t *items[WISE_MAX_REQUEST_ITEMS];

14
Vagrant/resources/malcolm/moloch/patch/footer_links.patch Normal file
View File

@@ -0,0 +1,14 @@
diff --git a/viewer/vueapp/src/components/utils/Footer.vue b/viewer/vueapp/src/components/utils/Footer.vue
index 55b2dbdb..8e6338da 100644
--- a/viewer/vueapp/src/components/utils/Footer.vue
+++ b/viewer/vueapp/src/components/utils/Footer.vue
@@ -4,7 +4,8 @@
<p>
<small>
Arkime v{{molochVersion}} |
- <a href="https://arkime.com">arkime.com</a>
+ <a href="https://arkime.com">arkime.com</a> |
+ <a href="/readme">Malcolm</a>
<span v-if="responseTime && !loadingData">
| {{ responseTime | commaString }}ms
</span>

24
Vagrant/resources/malcolm/moloch/patch/remove_upload.patch Normal file
View File

@@ -0,0 +1,24 @@
diff --git a/viewer/vueapp/src/router/index.js b/viewer/vueapp/src/router/index.js
index 02494926..a3c974f9 100644
--- a/viewer/vueapp/src/router/index.js
+++ b/viewer/vueapp/src/router/index.js
@@ -11,7 +11,6 @@ import Spiview from '@/components/spiview/Spiview';
import Spigraph from '@/components/spigraph/Spigraph';
import Connections from '@/components/connections/Connections';
import Settings from '@/components/settings/Settings';
-import Upload from '@/components/upload/Upload';
import Hunt from '@/components/hunt/Hunt';
import Moloch404 from '@/components/utils/404';
@@ -86,11 +85,6 @@ const router = new Router({
name: 'Settings',
component: Settings
},
- {
- path: '/upload',
- name: 'Upload',
- component: Upload
- },
{
path: '/hunt',
name: 'Hunt',

13
Vagrant/resources/malcolm/moloch/patch/spi_sort_zeek.patch Normal file
View File

@@ -0,0 +1,13 @@
diff --git a/viewer/vueapp/src/components/spiview/Spiview.vue b/viewer/vueapp/src/components/spiview/Spiview.vue
index 51378987..facfe7e9 100644
--- a/viewer/vueapp/src/components/spiview/Spiview.vue
+++ b/viewer/vueapp/src/components/spiview/Spiview.vue
@@ -841,6 +841,8 @@ export default {
// sorted list of categories for the view
this.categoryList = Object.keys(this.categoryObjects).sort();
+ this.categoryList.splice(this.categoryList.indexOf('zeek'), 1);
+ this.categoryList.unshift('zeek');
this.categoryList.splice(this.categoryList.indexOf('general'), 1);
this.categoryList.unshift('general');

30
Vagrant/resources/malcolm/moloch/patch/user_agent.patch Normal file
View File

@@ -0,0 +1,30 @@
diff --git a/capture/http.c b/capture/http.c
index c39f7a0c..a2032880 100644
--- a/capture/http.c
+++ b/capture/http.c
@@ -227,6 +227,8 @@ unsigned char *moloch_http_send_sync(void *serverV, const char *method, const ch
curl_easy_setopt(easy, CURLOPT_HTTPGET, 1L);
}
+ curl_easy_setopt(easy, CURLOPT_USERAGENT, "arkime");
+
if (headerList) {
curl_easy_setopt(easy, CURLOPT_HTTPHEADER, headerList);
}
@@ -828,6 +830,7 @@ gboolean moloch_http_send(void *serverV, const char *method, const char *key, in
curl_easy_setopt(request->easy, CURLOPT_CLOSESOCKETFUNCTION, moloch_http_curl_close_callback);
curl_easy_setopt(request->easy, CURLOPT_ACCEPT_ENCODING, ""); // https://curl.haxx.se/libcurl/c/CURLOPT_ACCEPT_ENCODING.html
curl_easy_setopt(request->easy, CURLOPT_TCP_KEEPALIVE, 1L);
+ curl_easy_setopt(request->easy, CURLOPT_USERAGENT, "arkime");
if (request->headerList) {
curl_easy_setopt(request->easy, CURLOPT_HTTPHEADER, request->headerList);
@@ -947,7 +950,7 @@ void moloch_http_set_retries(void *serverV, uint16_t retries)
server->maxRetries = retries;
}
/******************************************************************************/
-void moloch_http_set_client_cert(void *serverV, char* clientCert,
+void moloch_http_set_client_cert(void *serverV, char* clientCert,
char* clientKey, char* clientKeyPass)
{
MolochHttpServer_t *server = serverV;

22
Vagrant/resources/malcolm/moloch/patch/viewer_wider_field_detail.patch Normal file
View File

@@ -0,0 +1,22 @@
diff --git a/viewer/vueapp/src/components/sessions/SessionDetail.vue b/viewer/vueapp/src/components/sessions/SessionDetail.vue
index 72517d44..c75c5cc4 100644
--- a/viewer/vueapp/src/components/sessions/SessionDetail.vue
+++ b/viewer/vueapp/src/components/sessions/SessionDetail.vue
@@ -1049,7 +1049,7 @@ export default {
.session-detail dt {
float: left;
clear: left;
- width: 160px;
+ width: 320px;
text-align: right;
margin-right: 6px;
line-height: 1.7;
@@ -1057,7 +1057,7 @@ export default {
}
.session-detail dd {
- margin-left: 165px;
+ margin-left: 325px;
}
/* more items link */