This has been a busy month for Malcolm! I pushed hard to get v25.03.0 out earlier this month, as it contained pretty much just the Keycloak integration one of our partners (and major funding sources) was waiting for. Rather than wait until April for the other stuff that would have gone into the regular end-of-the-month release, I decided to pull those items into this smaller release just a week and a half after the last one.
Malcolm v25.03.1 contains a few enhancements, bug fixes, and several component version updates, including one that addresses a CVE that may affect Hedgehog Linux Kiosk mode and Malcolm's API container.
NOTE: If you have not already upgraded to v25.03.0, read the notes for v25.02.0 and v25.03.0 and follow the Read Before Upgrading instructions on those releases.
Changes in this release
Features and enhancements- Incorporate new S7comm device identification log,
s7comm_known_devices.log (#622) - Display current PCAP, Zeek, and Suricata capture results in Hedgehog Linux Kiosk mode (#566)
- Keycloak authentication: configurable group or role membership restrictions for login (#633) (see Requiring user groups and realm roles)
- Mark newly-discovered and uninventoried devices in logs during NetBox enrichment (#573)
- Added "Apply recommended system tweaks automatically without asking for confirmation?" question to
install.py to allow the user to accept changes to sysctl.conf, grub kernel parameters, etc., without having to answer "yes" to each one.
Component version updates
Bug fixes- Fix
install.py error when answering yes to "Pull Malcolm images?" with podman (#604) - Order of user-provided tags from PCAP upload interface not preserved (#624)
Configuration changes (in environment variables in ./config/) for Malcolm and in control_vars.conf for Hedgehog Linux
Code and project maintenance- Ensure Malcolm's NetBox configuration Python scripts are baked into the image in addition to bind-mounting them in
docker-compose.yml at runtime.
Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 
.
Malcolm operates as a cluster of containers 
, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 
, Podman 
, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.
Alternatively, dedicated official ISO installer images 
for Malcolm and Hedgehog Linux 
can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 
into 2GB chunks and can be reassembled with scripts provided for both Bash 
(release_cleaver.sh) and PowerShell 
(release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.
As always, join us on the Malcolm discussions board 
to engage with the community, or pop some corn 
and watch a video 
.
