A powerful, easily deployable network traffic analysis tool suite for network security monitoring
Malcolm operates as a cluster of containers, isolated sandboxes which each serve a dedicated function of the system. These images can be pulled from GitHub by running docker compose --profile malcolm pull
from within the Malcolm installation directory, or they can be built from source by following the instructions in the Quick Start section of the documentation.
Malcolm’s container-based deployment model makes Malcolm able to run on a variety of platforms. However, in some circumstances (for example, as a long-running appliance as part of a security operations center, or inside of a virtual machine) it may be desirable to install Malcolm as a dedicated standalone installation.
Malcolm is also packaged into an installer ISO based on the current stable release of Debian. This customized Debian installation is preconfigured with the bare minimum software needed to run Malcolm.
ISOs can be downloaded from Malcolm’s releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split into 2GB chunks and can be reassembled with scripts provided for both Bash (release_cleaver.sh) and PowerShell (release_cleaver.ps1).
For example, having downloaded the following files from Malcolm’s releases page on GitHub, the script will join the component files and check the resulting ISOs SHA256 sum:
$ ls -l
total 5446119424
-rw-r--r-- 1 user user 2000000000 Mar 14 20:03 malcolm-24.03.0.iso.01
-rw-r--r-- 1 user user 2000000000 Mar 14 20:03 malcolm-24.03.0.iso.02
-rw-r--r-- 1 user user 1446103040 Mar 14 20:03 malcolm-24.03.0.iso.03
-rw-r--r-- 1 user user 86 Mar 14 20:03 malcolm-24.03.0.iso.sha
-rwxr-xr-x 1 user user 3133 Mar 14 20:02 release_cleaver.sh
$ ./release_cleaver.sh malcolm-24.03.0.iso.*
Joining...
malcolm-24.03.0.iso: OK
$ ls -l *.iso
-rw-r--r-- 1 user user 5446103040 Mar 14 20:04 malcolm-24.03.0.iso
Similarly, in Microsoft Windows using PowerShell:
PS C:\Download> dir
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 3/14/2024 2:16 PM 2000000000 malcolm-24.03.0.iso.01
-a---- 3/14/2024 2:16 PM 2000000000 malcolm-24.03.0.iso.02
-a---- 3/14/2024 2:16 PM 1446103040 malcolm-24.03.0.iso.03
-a---- 3/14/2024 2:16 PM 176 malcolm-24.03.0.iso.sha
-a---- 3/14/2024 2:00 PM 6806 release_cleaver.ps1
PS C:\Download> .\release_cleaver.ps1 .\malcolm-24.03.0.iso.*
Joining...
"malcolm-24.03.0.iso" OK
PS C:\Download> dir *.iso
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 3/14/2024 2:17 PM 5446103040 malcolm-24.03.0.iso
Users should carefully read the installation documentation for Malcolm and Hedgehog Linux. The installer is designed to require as little user input as possible. For this reason, there are NO user prompts and confirmations about partitioning and reformatting hard disks for use by the operating system. The installer assumes that all non-removable storage media (eg., SSD, HDD, NVMe, etc.) are available for use and ⛔🆘😭💀 will partition and format them without warning 💀😭🆘⛔.