List of changes in Malcolm v3.0.0:

- Change base for Elasticsearch and Kibana Docker images (version 7.6.2) from Elastic.co to Open Distro for Elastic (based on Elastic 7.10.0); see #15. This is a major change which **breaks backwards compatibility** for several features (listed below). If you are using these features, you will need to back up the data and/or configuration associated with them and migrate them manually to the new tools. No automatic migration or upgrade of these features is performed. It's recommended that you re-run `install.py --configure` (see [System configuration and tuning](https://github.com/cisagov/Malcolm#ConfigAndTuning)) prior to running Malcolm v3.0.0. - Kibana [comments](https://github.com/gwintzer/kibana-comments-app-plugin) replaced with [Notebooks](https://opendistro.github.io/for-elasticsearch-docs/docs/notebooks/) - Kibana [elastalert](https://github.com/nsano-rururu/elastalert-kibana-plugin) plugin replaced with [Alerting](https://opendistro.github.io/for-elasticsearch-docs/docs/alerting/) plugin - Elasticsearch [curator](https://www.elastic.co/guide/en/elasticsearch/client/curator/current/index.html) replaced with [Index Management](https://opendistro.github.io/for-elasticsearch-docs/docs/ism/) plugin - The third-party [Sankey visualization plugin](https://github.com/mmguero-dev/kbn_sankey_vis] has been temporarily removed due to compatibility issues, although it is planned to be reintegrated in a Malcolm point release in the near future (see uniberg/kbn_sankey_vis#15) - The third-party [Kibana drill-down plugin](https://github.com/mmguero-dev/kibana-plugin-drilldownmenu/) providing Kibana-to-Moloch pivoting has been temporarily removed due to compatibility issues, although it is planned to be reintegrated in a Malcolm point release in the near future (see goodlabs-studio/kibana-plugin-drilldownmenu#5) - In addition to those replacements, the Real Time Anomaly Detection feature is now available: - [Real Time Anomaly Detection in Open Distro for Elasticsearch](https://opendistro.github.io/for-elasticsearch/blog/odfe-updates/2019/11/real-time-anomaly-detection-in-open-distro-for-elasticsearch/) blog announcement - [Anomaly Detection](https://opendistro.github.io/for-elasticsearch-docs/docs/ad/) documentation and source code for [Elasticsearch](https://github.com/opendistro-for-elasticsearch/anomaly-detection) and [Kibana](https://github.com/opendistro-for-elasticsearch/anomaly-detection-kibana-plugin) components - [Random Cut Forests writeup](https://opendistro.github.io/for-elasticsearch/blog/odfe-updates/2019/11/random-cut-forests/) - Malcolm startup time (especially the Logstash container) has been reduced drastically - Improvements to Malcolm's prebuilt Kibana dashboards - Improvements to build scripts - Minor tweaks and bugfixes for ISO-installed environments for Malcolm and Hedgehog Linux - Minor other bug fixes and performance improvements - Version bump - Yara [v4.0.5](https://github.com/VirusTotal/yara/releases/tag/v4.0.5)
idaholab · Mar 3, 2021 · 0bab88a · 0bab88a
1 parent 2875fee
commit 0bab88a
Show file tree

Hide file tree

Showing 70 changed files with 265 additions and 482 deletions.
diff --git a/Dockerfiles/elasticsearch.Dockerfile b/Dockerfiles/elasticsearch.Dockerfile
@@ -1,14 +1,14 @@
-FROM docker.elastic.co/elasticsearch/elasticsearch-oss:7.6.2
+FROM amazon/opendistro-for-elasticsearch:1.12.0
 
 # Copyright (c) 2021 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm.netsec@gmail.com"
 LABEL org.opencontainers.image.authors='malcolm.netsec@gmail.com'
-LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
-LABEL org.opencontainers.image.documentation='https://github.com/idaholab/Malcolm/blob/master/README.md'
-LABEL org.opencontainers.image.source='https://github.com/idaholab/Malcolm'
-LABEL org.opencontainers.image.vendor='Idaho National Laboratory'
-LABEL org.opencontainers.image.title='malcolmnetsec/elasticsearch-oss'
-LABEL org.opencontainers.image.description='Malcolm container providing Elasticsearch (the Apache-licensed variant)'
+LABEL org.opencontainers.image.url='https://github.com/cisagov/Malcolm'
+LABEL org.opencontainers.image.documentation='https://github.com/cisagov/Malcolm/blob/master/README.md'
+LABEL org.opencontainers.image.source='https://github.com/cisagov/Malcolm'
+LABEL org.opencontainers.image.vendor='Cybersecurity and Infrastructure Security Agency'
+LABEL org.opencontainers.image.title='malcolmnetsec/elasticsearch-od'
+LABEL org.opencontainers.image.description='Malcolm container providing Elasticsearch (the Apache-licensed Open Distro variant)'
 
 ARG DEFAULT_UID=1000
 ARG DEFAULT_GID=1000
@@ -20,11 +20,23 @@ ENV PUSER_PRIV_DROP true
 
 ENV TERM xterm
 
+ARG GITHUB_OAUTH_TOKEN=""
+ARG DISABLE_INSTALL_DEMO_CONFIG=true
+ENV DISABLE_INSTALL_DEMO_CONFIG $DISABLE_INSTALL_DEMO_CONFIG
+
+# Malcolm manages authentication and encryption via NGINX reverse proxy
+# https://opendistro.github.io/for-elasticsearch-docs/docs/security/configuration/disable/
+# https://opendistro.github.io/for-elasticsearch-docs/docs/install/docker/#customize-the-docker-image
+# https://github.com/opendistro-for-elasticsearch/opendistro-build/issues/613
+RUN /usr/share/elasticsearch/bin/elasticsearch-plugin remove opendistro_security && \
+    /usr/share/elasticsearch/bin/elasticsearch-plugin remove opendistro_performance_analyzer && \
+  echo -e 'cluster.name: "docker-cluster"\nnetwork.host: 0.0.0.0' > /usr/share/elasticsearch/config/elasticsearch.yml && \
+  chown -R $PUSER:$PGROUP /usr/share/elasticsearch/config/elasticsearch.yml && \
+  sed -i "s/\b1000\b/\${PUID:-${DEFAULT_UID}}/g" /usr/local/bin/docker-entrypoint.sh
+
+# just used for initial keystore creation
 ADD shared/bin/docker-uid-gid-setup.sh /usr/local/bin/
 
-ENTRYPOINT ["/usr/local/bin/docker-uid-gid-setup.sh", "/usr/local/bin/docker-entrypoint.sh"]
-
-
 # to be populated at build-time:
 ARG BUILD_DATE
 ARG MALCOLM_VERSION

diff --git a/Dockerfiles/filebeat.Dockerfile b/Dockerfiles/filebeat.Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.elastic.co/beats/filebeat-oss:7.10.2
+FROM docker.elastic.co/beats/filebeat-oss:7.10.0
 
 # Copyright (c) 2021 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm.netsec@gmail.com"

diff --git a/Dockerfiles/kibana-helper.Dockerfile b/Dockerfiles/kibana-helper.Dockerfile
@@ -1,12 +1,12 @@
-FROM alpine:3.13
+FROM alpine:3.12
 
 # Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm.netsec@gmail.com"
 LABEL org.opencontainers.image.authors='malcolm.netsec@gmail.com'
-LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
-LABEL org.opencontainers.image.documentation='https://github.com/idaholab/Malcolm/blob/master/README.md'
-LABEL org.opencontainers.image.source='https://github.com/idaholab/Malcolm'
-LABEL org.opencontainers.image.vendor='Idaho National Laboratory'
+LABEL org.opencontainers.image.url='https://github.com/cisagov/Malcolm'
+LABEL org.opencontainers.image.documentation='https://github.com/cisagov/Malcolm/blob/master/README.md'
+LABEL org.opencontainers.image.source='https://github.com/cisagov/Malcolm'
+LABEL org.opencontainers.image.vendor='Cybersecurity and Infrastructure Security Agency'
 LABEL org.opencontainers.image.title='malcolmnetsec/kibana-helper'
 LABEL org.opencontainers.image.description='Malcolm container providing Kibana support functions'
 

diff --git a/Dockerfiles/kibana.Dockerfile b/Dockerfiles/kibana.Dockerfile
@@ -1,14 +1,14 @@
-FROM docker.elastic.co/kibana/kibana-oss:7.6.2
+FROM amazon/opendistro-for-elasticsearch-kibana:1.12.0
 
 # Copyright (c) 2021 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm.netsec@gmail.com"
 LABEL org.opencontainers.image.authors='malcolm.netsec@gmail.com'
-LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
-LABEL org.opencontainers.image.documentation='https://github.com/idaholab/Malcolm/blob/master/README.md'
-LABEL org.opencontainers.image.source='https://github.com/idaholab/Malcolm'
-LABEL org.opencontainers.image.vendor='Idaho National Laboratory'
-LABEL org.opencontainers.image.title='malcolmnetsec/kibana-oss'
-LABEL org.opencontainers.image.description='Malcolm container providing Kibana (the Apache-licensed variant)'
+LABEL org.opencontainers.image.url='https://github.com/cisagov/Malcolm'
+LABEL org.opencontainers.image.documentation='https://github.com/cisagov/Malcolm/blob/master/README.md'
+LABEL org.opencontainers.image.source='https://github.com/cisagov/Malcolm'
+LABEL org.opencontainers.image.vendor='Cybersecurity and Infrastructure Security Agency'
+LABEL org.opencontainers.image.title='malcolmnetsec/kibana-od'
+LABEL org.opencontainers.image.description='Malcolm container providing Kibana (the Apache-licensed Open Distro variant)'
 
 ARG DEFAULT_UID=1000
 ARG DEFAULT_GID=1000
@@ -26,8 +26,6 @@ ARG ARKIME_INDEX_PATTERN="sessions2-*"
 ARG ARKIME_INDEX_PATTERN_ID="sessions2-*"
 ARG ARKIME_INDEX_TIME_FIELD="firstPacket"
 ARG KIBANA_DEFAULT_DASHBOARD="0ad3d7c2-3441-485e-9dfe-dbb22e84e576"
-ARG KIBANA_OFFLINE_REGION_MAPS="false"
-ARG KIBANA_OFFLINE_REGION_MAPS_PORT="28991"
 
 ENV CREATE_ES_ARKIME_SESSION_INDEX $CREATE_ES_ARKIME_SESSION_INDEX
 ENV ARKIME_INDEX_PATTERN $ARKIME_INDEX_PATTERN
@@ -38,148 +36,62 @@ ENV KIBANA_OFFLINE_REGION_MAPS $KIBANA_OFFLINE_REGION_MAPS
 ENV KIBANA_OFFLINE_REGION_MAPS_PORT $KIBANA_OFFLINE_REGION_MAPS_PORT
 ENV PATH="/data:${PATH}"
 ENV ELASTICSEARCH_URL $ELASTICSEARCH_URL
-
-ENV SUPERCRONIC_VERSION "0.1.12"
-ENV SUPERCRONIC_URL "https://github.com/aptible/supercronic/releases/download/v$SUPERCRONIC_VERSION/supercronic-linux-amd64"
-ENV SUPERCRONIC "supercronic-linux-amd64"
-ENV SUPERCRONIC_SHA1SUM "048b95b48b708983effb2e5c935a1ef8483d9e3e"
-ENV SUPERCRONIC_CRONTAB "/etc/crontab"
+ENV KIBANA_DEFAULT_DASHBOARD $KIBANA_DEFAULT_DASHBOARD
 
 USER root
 
-ADD kibana/plugin-patches /tmp/plugin-patches
-ADD kibana/elastalert-kibana-plugin/server/routes/elastalert.js /tmp/elastalert-server-routes.js
-
-# todo: these extra plugins are kind of gutted right now with 7.x, need to fix
-
-# see https://github.com/walterra/kibana-milestones-vis/issues/9
-# curl -sSL -o /tmp/kibana-milestones.zip "https://github.com/walterra/kibana-milestones-vis/releases/download/v7.1.1/kibana-milestones-vis-7.1.1.zip"
-#    cd /tmp && \
-#    echo "Installing Milestones visualization..." && \
-#      unzip kibana-milestones.zip kibana/kibana-milestones-vis/package.json && \
-#      sed -i "s/7\.1\.1/7\.6\.2/g" kibana/kibana-milestones-vis/package.json && \
-#      zip kibana-milestones.zip kibana/kibana-milestones-vis/package.json && \
-#      cd /usr/share/kibana/plugins && \
-#      /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-milestones.zip --allow-root && \
-#      rm -rf /tmp/kibana-milestones.zip /tmp/kibana
-
-# not optimizing in 6.6+ correctly
-# curl -sSL -o /tmp/kibana-calendar.zip "https://github.com/aaronoah/kibana_calendar_vis/releases/download/v6.4.0/kibana_calendar_vis-6.4.0.zip"
-#    echo "Installing Calendar visualization..." && \
-#    unzip kibana-calendar.zip kibana/kibana_calendar_vis/package.json && \
-#    sed -i "s/6\.4\.0/6\.6\.0/g" kibana/kibana_calendar_vis/package.json && \
-#    zip kibana-calendar.zip kibana/kibana_calendar_vis/package.json && \
-#    /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-calendar.zip --allow-root && \
-#    rm -rf /tmp/kibana-calendar.zip /tmp/kibana && \
-
-RUN sed -i "s/d\.name\.split/d\.name\.toString()\.split/" /usr/share/kibana/src/legacy/ui/public/vislib/visualizations/pie_chart.js && \
-    curl -sSL -o /tmp/kibana-comments.zip "https://github.com/gwintzer/kibana-comments-app-plugin/releases/download/7.4.0/kibana-comments-app-plugin-7.4.0-latest.zip" && \
-      curl -sSL -o /tmp/kibana-swimlane.zip "https://github.com/prelert/kibana-swimlane-vis/releases/download/v7.6.2/prelert_swimlane_vis-7.6.2.zip" && \
-      curl -sSL -o /tmp/elastalert-kibana-plugin.zip "https://github.com/bitsensor/elastalert-kibana-plugin/releases/download/1.1.0/elastalert-kibana-plugin-1.1.0-7.5.0.zip" && \
-      curl -sSL -o /tmp/kibana-network.zip "https://codeload.github.com/dlumbrer/kbn_network/zip/7-dev" && \
-      curl -sSL -o /tmp/kibana-sankey.zip "https://codeload.github.com/mmguero-dev/kbn_sankey_vis/zip/master" && \
-      curl -sSL -o /tmp/kibana-drilldown.zip "https://codeload.github.com/mmguero-dev/kibana-plugin-drilldownmenu/zip/master" && \
-    yum install -y epel-release && \
+# TODO:
+# see https://github.com/uniberg/kbn_sankey_vis/issues/15#issuecomment-720700879
+# curl -sSL -o /tmp/kibana-sankey.zip "https://codeload.github.com/mmguero-dev/kbn_sankey_vis/zip/master" && \
+# cd /tmp && \
+#   echo "Installing Sankey visualization..." && \
+#   unzip /tmp/kibana-sankey.zip && \
+#   mkdir ./kibana &&\
+#   mv ./kbn_sankey_vis-* ./kibana/sankey_vis && \
+#   cd ./kibana/sankey_vis && \
+#   sed -i "s/7\.6\.3/7\.10\.0/g" ./package.json && \
+#   npm install && \
+#   cd /tmp && \
+#   zip -r sankey_vis.zip kibana --exclude ./kibana/sankey_vis/.git\* && \
+#   cd /usr/share/kibana/plugins && \
+#   /usr/share/kibana/bin/kibana-plugin install file:///tmp/sankey_vis.zip --allow-root && \
+#   rm -rf /tmp/kibana /tmp/*sankey* && \
+
+# curl -sSL -o /tmp/kibana-drilldown.zip "https://codeload.github.com/mmguero-dev/kibana-plugin-drilldownmenu/zip/master" && \
+# cd /tmp && \
+#   echo "Installing Drilldown menu plugin..." && \
+#   unzip /tmp/kibana-drilldown.zip && \
+#   mkdir ./kibana &&\
+#   mv ./kibana-plugin-drilldownmenu-* ./kibana/kibana-plugin-drilldownmenu && \
+#   cd ./kibana/kibana-plugin-drilldownmenu && \
+#   sed -i "s/7\.6\.2/7\.10\.0/g" ./package.json && \
+#   npm install && \
+#   cd /tmp && \
+#   zip -r drilldown.zip kibana --exclude ./kibana/kibana-plugin-drilldownmenu/.git\* && \
+#   cd /usr/share/kibana/plugins && \
+#   /usr/share/kibana/bin/kibana-plugin install file:///tmp/drilldown.zip --allow-root && \
+#   rm -rf /tmp/kibana /tmp/*drilldown* && \
+# cd /tmp && \
+#     rm -rf /tmp/npm-*
+
+RUN yum install -y epel-release && \
       yum update -y && \
-      yum install -y curl inotify-tools git npm patch psmisc python-requests python-setuptools zip unzip && \
+      yum install -y curl git npm patch psmisc zip unzip && \
       yum clean all && \
-      easy_install supervisor && \
-      npm install -g http-server && \
       usermod -a -G tty ${PUSER} && \
-    curl -fsSLO "$SUPERCRONIC_URL" && \
-      echo "${SUPERCRONIC_SHA1SUM}  ${SUPERCRONIC}" | sha1sum -c - && \
-      chmod +x "$SUPERCRONIC" && \
-      mv "$SUPERCRONIC" "/usr/local/bin/${SUPERCRONIC}" && \
-      ln -s "/usr/local/bin/${SUPERCRONIC}" /usr/local/bin/supercronic && \
-    cd /tmp && \
-    echo "Installing ElastAlert plugin..." && \
-      unzip elastalert-kibana-plugin.zip kibana/elastalert-kibana-plugin/package.json kibana/elastalert-kibana-plugin/public/components/main/main.js && \
-      sed -i "s/7\.5\.0/7\.6\.2/g" kibana/elastalert-kibana-plugin/package.json && \
-      sed -i "s/^import.*eui_theme_light.css.*$//" kibana/elastalert-kibana-plugin/public/components/main/main.js && \
-      mkdir -p kibana/elastalert-kibana-plugin/server/routes/ && \
-      cp /tmp/elastalert-server-routes.js kibana/elastalert-kibana-plugin/server/routes/elastalert.js && \
-      zip elastalert-kibana-plugin.zip \
-          kibana/elastalert-kibana-plugin/package.json \
-          kibana/elastalert-kibana-plugin/public/components/main/main.js \
-          kibana/elastalert-kibana-plugin/server/routes/elastalert.js && \
-      cd /usr/share/kibana/plugins && \
-      /usr/share/kibana/bin/kibana-plugin install file:///tmp/elastalert-kibana-plugin.zip --allow-root && \
-      rm -rf /tmp/elastalert-kibana-plugin.zip /tmp/elastalert.js /tmp/kibana && \
-    cd /tmp && \
-      echo "Installing Sankey visualization..." && \
-      unzip /tmp/kibana-sankey.zip && \
-      mkdir ./kibana &&\
-      mv ./kbn_sankey_vis-* ./kibana/sankey_vis && \
-      cd ./kibana/sankey_vis && \
-      sed -i "s/7\.6\.3/7\.6\.2/g" ./package.json && \
-      npm install && \
-      cd /tmp && \
-      zip -r sankey_vis.zip kibana --exclude ./kibana/sankey_vis/.git\* && \
-      cd /usr/share/kibana/plugins && \
-      /usr/share/kibana/bin/kibana-plugin install file:///tmp/sankey_vis.zip --allow-root && \
-      rm -rf /tmp/kibana /tmp/*sankey* && \
-    cd /tmp && \
-      echo "Installing Drilldown menu plugin..." && \
-      unzip /tmp/kibana-drilldown.zip && \
-      mkdir ./kibana &&\
-      mv ./kibana-plugin-drilldownmenu-* ./kibana/kibana-plugin-drilldownmenu && \
-      cd ./kibana/kibana-plugin-drilldownmenu && \
-      sed -i "s/7\.6\.2/7\.6\.2/g" ./package.json && \
-      npm install && \
-      cd /tmp && \
-      zip -r drilldown.zip kibana --exclude ./kibana/kibana-plugin-drilldownmenu/.git\* && \
-      cd /usr/share/kibana/plugins && \
-      /usr/share/kibana/bin/kibana-plugin install file:///tmp/drilldown.zip --allow-root && \
-      rm -rf /tmp/kibana /tmp/*drilldown* && \
-    cd /tmp && \
-      echo "Installing Network visualization..." && \
-      cd /usr/share/kibana/plugins && \
-      unzip /tmp/kibana-network.zip && \
-      mv ./kbn_network-* ./network_vis && \
-      cd ./network_vis && \
-      sed -i "s/7\.5\.2/7\.6\.2/g" ./package.json && \
-      rm -rf ./images && \
-      patch -p 1 < /tmp/plugin-patches/kbn_network_7.6.x.patch && \
-      npm install && \
-      rm -rf /tmp/kibana-network.zip && \
-    cd /tmp && \
-    echo "Installing Comments visualization..." && \
-      unzip kibana-comments.zip kibana/kibana-comments-app-plugin/package.json && \
-      sed -i "s/7\.4\.0/7\.6\.2/g" kibana/kibana-comments-app-plugin/package.json && \
-      zip kibana-comments.zip kibana/kibana-comments-app-plugin/package.json && \
-      cd /usr/share/kibana/plugins && \
-      /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-comments.zip --allow-root && \
-      rm -rf /tmp/kibana-comments.zip /tmp/kibana && \
-    cd /tmp && \
-    echo "Installing Swimlanes visualization..." && \
-      unzip kibana-swimlane.zip kibana/prelert_swimlane_vis/package.json && \
-      sed -i "s/7\.6\.2/7\.6\.2/g" kibana/prelert_swimlane_vis/package.json && \
-      zip kibana-swimlane.zip kibana/prelert_swimlane_vis/package.json && \
-      cd /usr/share/kibana/plugins && \
-      /usr/share/kibana/bin/kibana-plugin install file:///tmp/kibana-swimlane.zip --allow-root && \
-      bash -c "find /usr/share/kibana/plugins/prelert_swimlane_vis/ -type f -exec chmod 644 '{}' \;" && \
-      rm -rf /tmp/kibana-swimlane.zip /tmp/kibana && \
-    rm -rf /tmp/plugin-patches /tmp/elastalert-server-routes.js /tmp/npm-*
+      # Malcolm manages authentication and encryption via NGINX reverse proxy
+      /usr/share/kibana/bin/kibana-plugin remove opendistroSecurityKibana --allow-root && \
+      # https://github.com/opendistro-for-elasticsearch/kibana-reports/issues/259
+      /usr/share/kibana/bin/kibana-plugin remove opendistroReportsKibana --allow-root
 
+ADD kibana/kibana.yml /usr/share/kibana/config/kibana.yml
 ADD shared/bin/docker-uid-gid-setup.sh /usr/local/bin/
-ADD kibana/dashboards /opt/kibana/dashboards
-ADD kibana/kibana-offline-maps.yml /opt/kibana/config/kibana-offline-maps.yml
-ADD kibana/kibana-standard.yml /opt/kibana/config/kibana-standard.yml
-ADD kibana/maps /opt/maps
-ADD kibana/scripts /data/
-ADD kibana/supervisord.conf /etc/supervisord.conf
-ADD kibana/zeek_template.json /data/zeek_template.json
-ADD shared/bin/elastic_search_status.sh /data/
-
-RUN chmod 755 /data/*.sh /data/*.py && \
-    chown -R ${PUSER}:${PGROUP} /opt/kibana/dashboards /opt/maps /opt/kibana/config/kibana*.yml && \
-    chmod 400 /opt/maps/* && \
-    (echo -e "*/2 * * * * /data/kibana-create-moloch-sessions-index.sh\n0 10 * * * /data/kibana_index_refresh.py" > ${SUPERCRONIC_CRONTAB})
 
 ENTRYPOINT ["/usr/local/bin/docker-uid-gid-setup.sh"]
 
-CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf", "-n"]
+CMD ["/usr/local/bin/kibana-docker"]
 
+EXPOSE 5601
 
 # to be populated at build-time:
 ARG BUILD_DATE

diff --git a/Dockerfiles/logstash.Dockerfile b/Dockerfiles/logstash.Dockerfile
@@ -22,7 +22,7 @@ RUN /bin/bash -lc "command curl -sSL https://rvm.io/mpapis.asc | gpg2 --import -
       curl -sSL "$OUIFILTER_URL" | tar xzvf - -C ./logstash-filter-ieee_oui --strip-components 1 && \
       /bin/bash -lc "cd /opt/logstash-filter-ieee_oui && bundle install && gem build logstash-filter-ieee_oui.gemspec && bundle info logstash-filter-ieee_oui"
 
-FROM docker.elastic.co/logstash/logstash-oss:7.10.2
+FROM docker.elastic.co/logstash/logstash-oss:7.10.0
 
 LABEL maintainer="malcolm.netsec@gmail.com"
 LABEL org.opencontainers.image.authors='malcolm.netsec@gmail.com'
@@ -54,15 +54,14 @@ ENV LOGSTASH_PARSE_PIPELINE_ADDRESSES $LOGSTASH_PARSE_PIPELINE_ADDRESSES
 ENV LOGSTASH_ELASTICSEARCH_PIPELINE_ADDRESS_INTERNAL $LOGSTASH_ELASTICSEARCH_PIPELINE_ADDRESS_INTERNAL
 ENV LOGSTASH_ELASTICSEARCH_PIPELINE_ADDRESS_EXTERNAL $LOGSTASH_ELASTICSEARCH_PIPELINE_ADDRESS_EXTERNAL
 ENV LOGSTASH_ELASTICSEARCH_OUTPUT_PIPELINE_ADDRESSES $LOGSTASH_ELASTICSEARCH_OUTPUT_PIPELINE_ADDRESSES
-ENV JAVA_HOME=/usr/share/logstash/jdk
 
 USER root
 
 COPY --from=build /opt/logstash-filter-ieee_oui /opt/logstash-filter-ieee_oui
 
 RUN yum install -y epel-release && \
     yum update -y && \
-    yum install -y curl gettext python-setuptools python-pip python-requests python-yaml openssl && \
+    yum install -y curl gettext python-setuptools python-pip python-requests python-yaml && \
     yum clean all && \
     pip install py2-ipaddress supervisor && \
     logstash-plugin install logstash-filter-translate logstash-filter-cidr logstash-filter-dns \
@@ -74,7 +73,6 @@ RUN yum install -y epel-release && \
     rm -rf /opt/logstash-filter-ieee_oui /root/.cache /root/.gem /root/.bundle
 
 ADD shared/bin/docker-uid-gid-setup.sh /usr/local/bin/
-ADD shared/bin/jdk-cacerts-auto-import.sh /usr/local/bin/
 ADD logstash/maps/*.yaml /etc/
 ADD logstash/config/log4j2.properties /usr/share/logstash/config/
 ADD logstash/config/logstash.yml /usr/share/logstash/config/