Logo

A powerful, easily deployable network traffic analysis tool suite for network security monitoring

Quick Start

Documentation

Components

Supported Protocols

Configuring

Arkime

Dashboards

Hedgehog Linux

Contribution Guide

Downloading Malcolm

Container images

Malcolm operates as a cluster of containers, isolated sandboxes which each serve a dedicated function of the system. These images can be pulled from GitHub by running docker compose --profile malcolm pull from within the Malcolm installation directory, or they can be built from source by following the instructions in the Quick Start section of the documentation.

Installer ISOs

Malcolm’s container-based deployment model makes Malcolm able to run on a variety of platforms. However, in some circumstances (for example, as a long-running appliance as part of a security operations center, or inside of a virtual machine) it may be desirable to install Malcolm as a dedicated standalone installation.

Malcolm is also packaged into an installer ISO based on the current stable release of Debian. This customized Debian installation is preconfigured with the bare minimum software needed to run Malcolm.

Joining split ISOs

ISOs can be downloaded from Malcolm’s releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split into 2GB chunks and can be reassembled with scripts provided for both Bash (release_cleaver.sh) and PowerShell (release_cleaver.ps1).

For example, having downloaded the following files from Malcolm’s releases page on GitHub, the script will join the component files and check the resulting ISOs SHA256 sum:

$ ls -l
total 5446119424
-rw-r--r-- 1 user user 2000000000 Mar 14 20:03 malcolm-25.05.0.iso.01
-rw-r--r-- 1 user user 2000000000 Mar 14 20:03 malcolm-25.05.0.iso.02
-rw-r--r-- 1 user user 1446103040 Mar 14 20:03 malcolm-25.05.0.iso.03
-rw-r--r-- 1 user user         86 Mar 14 20:03 malcolm-25.05.0.iso.sha
-rwxr-xr-x 1 user user       3133 Mar 14 20:02 release_cleaver.sh

$ ./release_cleaver.sh malcolm-25.05.0.iso.*
Joining...
malcolm-25.05.0.iso: OK

$ ls -l *.iso
-rw-r--r-- 1 user user 5446103040 Mar 14 20:04 malcolm-25.05.0.iso

Similarly, in Microsoft Windows using PowerShell:

PS C:\Download> dir

Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
-a----         3/14/2024   2:16 PM     2000000000 malcolm-25.05.0.iso.01
-a----         3/14/2024   2:16 PM     2000000000 malcolm-25.05.0.iso.02
-a----         3/14/2024   2:16 PM     1446103040 malcolm-25.05.0.iso.03
-a----         3/14/2024   2:16 PM            176 malcolm-25.05.0.iso.sha
-a----         3/14/2024   2:00 PM           6806 release_cleaver.ps1


PS C:\Download> .\release_cleaver.ps1 .\malcolm-25.05.0.iso.*
Joining...
"malcolm-25.05.0.iso" OK

PS C:\Download> dir *.iso

Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
-a----         3/14/2024   2:17 PM     5446103040 malcolm-25.05.0.iso

Warning

Users should carefully read the installation documentation for Malcolm and Hedgehog Linux. The installer is designed to require as little user input as possible. For this reason, there are NO user prompts and confirmations about partitioning and reformatting hard disks for use by the operating system. The installer assumes that all non-removable storage media (eg., SSD, HDD, NVMe, etc.) are available for use and ⛔🆘😭💀 will partition and format them without warning 💀😭🆘⛔.