Merge pull request idaholab#287 from cisagov/v23.10.0_merge_cisagov

Malcolm v23.10.0 development
mmguero-dev · Oct 26, 2023 · 72cb1d1 · 72cb1d1
2 parents 010a6e6 + d9e4732
commit 72cb1d1
Show file tree

Hide file tree

Showing 225 changed files with 2,231 additions and 1,178 deletions.
diff --git a/Dockerfiles/api.Dockerfile b/Dockerfiles/api.Dockerfile
@@ -49,7 +49,7 @@ ARG ARKIME_INDEX_PATTERN="arkime_sessions3-*"
 ARG ARKIME_INDEX_TIME_FIELD="firstPacket"
 ARG DASHBOARDS_URL="http://dashboards:5601/dashboards"
 ARG OPENSEARCH_URL="http://opensearch:9200"
-ARG OPENSEARCH_LOCAL=true
+ARG OPENSEARCH_PRIMARY="opensearch-local"
 ARG RESULT_SET_LIMIT="500"
 
 ENV HOME=/malcolm
@@ -62,7 +62,7 @@ ENV ARKIME_INDEX_PATTERN $ARKIME_INDEX_PATTERN
 ENV ARKIME_INDEX_TIME_FIELD $ARKIME_INDEX_TIME_FIELD
 ENV DASHBOARDS_URL $DASHBOARDS_URL
 ENV OPENSEARCH_URL $OPENSEARCH_URL
-ENV OPENSEARCH_LOCAL $OPENSEARCH_LOCAL
+ENV OPENSEARCH_PRIMARY $OPENSEARCH_PRIMARY
 ENV RESULT_SET_LIMIT $RESULT_SET_LIMIT
 
 WORKDIR "${APP_HOME}"

diff --git a/Dockerfiles/arkime.Dockerfile b/Dockerfiles/arkime.Dockerfile
@@ -7,7 +7,7 @@ ENV TERM xterm
 ENV PYTHONDONTWRITEBYTECODE 1
 ENV PYTHONUNBUFFERED 1
 
-ENV ARKIME_VERSION "v4.5.0"
+ENV ARKIME_VERSION "v4.6.0"
 ENV ARKIME_DIR "/opt/arkime"
 ENV ARKIME_URL "https://github.com/arkime/arkime.git"
 ENV ARKIME_LOCALELASTICSEARCH no
@@ -101,7 +101,7 @@ ENV PYTHONDONTWRITEBYTECODE 1
 ENV PYTHONUNBUFFERED 1
 
 ARG OPENSEARCH_URL="http://opensearch:9200"
-ARG OPENSEARCH_LOCAL=true
+ARG OPENSEARCH_PRIMARY="opensearch-local"
 ARG MALCOLM_USERNAME=admin
 ARG ARKIME_ECS_PROVIDER=arkime
 ARG ARKIME_ECS_DATASET=session
@@ -116,11 +116,13 @@ ARG MANAGE_PCAP_FILES=false
 ARG AUTO_TAG=true
 ARG PCAP_PIPELINE_VERBOSITY=""
 ARG PCAP_MONITOR_HOST=pcap-monitor
+ARG PCAP_NODE_NAME=malcolm
+ARG PCAP_NODE_HOST=
 ARG MAXMIND_GEOIP_DB_LICENSE_KEY=""
 
 # Declare envs vars for each arg
 ENV OPENSEARCH_URL $OPENSEARCH_URL
-ENV OPENSEARCH_LOCAL $OPENSEARCH_LOCAL
+ENV OPENSEARCH_PRIMARY $OPENSEARCH_PRIMARY
 ENV ARKIME_INTERFACE $ARKIME_INTERFACE
 ENV MALCOLM_USERNAME $MALCOLM_USERNAME
 # this needs to be present, but is unused as nginx is going to handle auth for us
@@ -136,6 +138,8 @@ ENV MANAGE_PCAP_FILES $MANAGE_PCAP_FILES
 ENV AUTO_TAG $AUTO_TAG
 ENV PCAP_PIPELINE_VERBOSITY $PCAP_PIPELINE_VERBOSITY
 ENV PCAP_MONITOR_HOST $PCAP_MONITOR_HOST
+ENV PCAP_NODE_NAME $PCAP_NODE_NAME
+ENV PCAP_NODE_HOST $PCAP_NODE_HOST
 
 COPY --from=build $ARKIME_DIR $ARKIME_DIR
 

diff --git a/Dockerfiles/dashboards-helper.Dockerfile b/Dockerfiles/dashboards-helper.Dockerfile
@@ -25,7 +25,7 @@ ARG ARKIME_INDEX_PATTERN_ID="arkime_sessions3-*"
 ARG ARKIME_INDEX_TIME_FIELD="firstPacket"
 ARG CREATE_OS_ARKIME_SESSION_INDEX="true"
 ARG OPENSEARCH_URL="http://opensearch:9200"
-ARG OPENSEARCH_LOCAL=true
+ARG OPENSEARCH_PRIMARY="opensearch-local"
 ARG ISM_SNAPSHOT_COMPRESSED=false
 ARG ISM_SNAPSHOT_REPO=logs
 ARG OFFLINE_REGION_MAPS_PORT="28991"
@@ -38,7 +38,7 @@ ENV ARKIME_INDEX_PATTERN_ID $ARKIME_INDEX_PATTERN_ID
 ENV ARKIME_INDEX_TIME_FIELD $ARKIME_INDEX_TIME_FIELD
 ENV CREATE_OS_ARKIME_SESSION_INDEX $CREATE_OS_ARKIME_SESSION_INDEX
 ENV OPENSEARCH_URL $OPENSEARCH_URL
-ENV OPENSEARCH_LOCAL $OPENSEARCH_LOCAL
+ENV OPENSEARCH_PRIMARY $OPENSEARCH_PRIMARY
 ENV ISM_SNAPSHOT_COMPRESSED $ISM_SNAPSHOT_COMPRESSED
 ENV ISM_SNAPSHOT_REPO $ISM_SNAPSHOT_REPO
 ENV OFFLINE_REGION_MAPS_PORT $OFFLINE_REGION_MAPS_PORT
@@ -47,10 +47,10 @@ ENV DASHBOARDS_URL $DASHBOARDS_URL
 ENV DASHBOARDS_DARKMODE $DASHBOARDS_DARKMODE
 ENV PATH="/data:${PATH}"
 
-ENV SUPERCRONIC_VERSION "0.2.26"
+ENV SUPERCRONIC_VERSION "0.2.27"
 ENV SUPERCRONIC_URL "https://github.com/aptible/supercronic/releases/download/v$SUPERCRONIC_VERSION/supercronic-linux-amd64"
 ENV SUPERCRONIC "supercronic-linux-amd64"
-ENV SUPERCRONIC_SHA1SUM "7a79496cf8ad899b99a719355d4db27422396735"
+ENV SUPERCRONIC_SHA1SUM "7dadd4ac827e7bd60b386414dfefc898ae5b6c63"
 ENV SUPERCRONIC_CRONTAB "/etc/crontab"
 
 ENV ECS_RELEASES_URL "https://api.github.com/repos/elastic/ecs/releases/latest"
@@ -89,13 +89,14 @@ RUN apk update --no-cache && \
       cd /opt && \
       curl -sSL "$(curl -sSL "$ECS_RELEASES_URL" | jq '.tarball_url' | tr -d '"')" | tar xzf - -C ./ecs --strip-components 1 && \
       mv /opt/ecs/generated/elasticsearch /opt/ecs-templates && \
-      find /opt/ecs-templates -name "*.json" -exec sed -i 's/\("type"[[:space:]]*:[[:space:]]*\)"match_only_text"/\1"text"/' "{}" \; && \
-      find /opt/ecs-templates -name "*.json" -exec sed -i 's/\("type"[[:space:]]*:[[:space:]]*\)"constant_keyword"/\1"keyword"/' "{}" \; && \
-      find /opt/ecs-templates -name "*.json" -exec sed -i 's/\("type"[[:space:]]*:[[:space:]]*\)"wildcard"/\1"keyword"/' "{}" \; && \
-      find /opt/ecs-templates -name "*.json" -exec sed -i 's/\("type"[[:space:]]*:[[:space:]]*\)"flattened"/\1"nested"/' "{}" \; && \
-      find /opt/ecs-templates -name "*.json" -exec sed -i 's/\("type"[[:space:]]*:[[:space:]]*\)"number"/\1"long"/' "{}" \; && \
+      rsync -av /opt/ecs-templates/ /opt/ecs-templates-os/ && \
+      find /opt/ecs-templates-os -name "*.json" -exec sed -i 's/\("type"[[:space:]]*:[[:space:]]*\)"match_only_text"/\1"text"/' "{}" \; && \
+      find /opt/ecs-templates-os -name "*.json" -exec sed -i 's/\("type"[[:space:]]*:[[:space:]]*\)"constant_keyword"/\1"keyword"/' "{}" \; && \
+      find /opt/ecs-templates-os -name "*.json" -exec sed -i 's/\("type"[[:space:]]*:[[:space:]]*\)"wildcard"/\1"keyword"/' "{}" \; && \
+      find /opt/ecs-templates-os -name "*.json" -exec sed -i 's/\("type"[[:space:]]*:[[:space:]]*\)"flattened"/\1"nested"/' "{}" \; && \
+      find /opt/ecs-templates-os -name "*.json" -exec sed -i 's/\("type"[[:space:]]*:[[:space:]]*\)"number"/\1"long"/' "{}" \; && \
       rm -rf /opt/ecs && \
-    chown -R ${PUSER}:${PGROUP} /opt/dashboards /opt/templates /opt/ecs-templates /opt/maps /data/init /opt/anomaly_detectors && \
+    chown -R ${PUSER}:${PGROUP} /opt/dashboards /opt/templates /opt/ecs-templates /opt/ecs-templates-os /opt/maps /data/init /opt/anomaly_detectors && \
     chmod 755 /data/*.sh /data/*.py /data/init && \
     chmod 400 /opt/maps/* && \
     (echo -e "*/2 * * * * /data/create-arkime-sessions-index.sh\n0 10 * * * /data/index-refresh.py --template malcolm_template --unassigned\n30 */2 * * * /data/index-refresh.py --index 'malcolm_beats_*' --template malcolm_beats_template --unassigned\n*/20 * * * * /data/opensearch_index_size_prune.py" > ${SUPERCRONIC_CRONTAB})

diff --git a/Dockerfiles/dashboards.Dockerfile b/Dockerfiles/dashboards.Dockerfile
@@ -96,7 +96,7 @@ ENV TINI_VERSION v0.19.0
 ENV OSD_TRANSFORM_VIS_VERSION 2.8.0
 
 ARG OPENSEARCH_URL="http://opensearch:9200"
-ARG OPENSEARCH_LOCAL="true"
+ARG OPENSEARCH_PRIMARY="opensearch-local"
 ARG CREATE_OS_ARKIME_SESSION_INDEX="true"
 ARG ARKIME_INDEX_PATTERN="arkime_sessions3-*"
 ARG ARKIME_INDEX_PATTERN_ID="arkime_sessions3-*"
@@ -110,7 +110,7 @@ ENV ARKIME_INDEX_TIME_FIELD $ARKIME_INDEX_TIME_FIELD
 ENV OPENSEARCH_DEFAULT_DASHBOARD $OPENSEARCH_DEFAULT_DASHBOARD
 ENV PATH="/data:${PATH}"
 ENV OPENSEARCH_URL $OPENSEARCH_URL
-ENV OPENSEARCH_LOCAL $OPENSEARCH_LOCAL
+ENV OPENSEARCH_PRIMARY $OPENSEARCH_PRIMARY
 ENV NODE_OPTIONS $NODE_OPTIONS
 
 USER root

diff --git a/Dockerfiles/file-monitor.Dockerfile b/Dockerfiles/file-monitor.Dockerfile
@@ -93,10 +93,10 @@ ENV EXTRACTED_FILE_HTTP_SERVER_ENCRYPT $EXTRACTED_FILE_HTTP_SERVER_ENCRYPT
 ENV EXTRACTED_FILE_HTTP_SERVER_KEY $EXTRACTED_FILE_HTTP_SERVER_KEY
 ENV EXTRACTED_FILE_HTTP_SERVER_PORT $EXTRACTED_FILE_HTTP_SERVER_PORT
 
-ENV SUPERCRONIC_VERSION "0.2.26"
+ENV SUPERCRONIC_VERSION "0.2.27"
 ENV SUPERCRONIC_URL "https://github.com/aptible/supercronic/releases/download/v$SUPERCRONIC_VERSION/supercronic-linux-amd64"
 ENV SUPERCRONIC "supercronic-linux-amd64"
-ENV SUPERCRONIC_SHA1SUM "7a79496cf8ad899b99a719355d4db27422396735"
+ENV SUPERCRONIC_SHA1SUM "7dadd4ac827e7bd60b386414dfefc898ae5b6c63"
 ENV SUPERCRONIC_CRONTAB "/etc/crontab"
 
 COPY --chmod=755 shared/bin/yara_rules_setup.sh /usr/local/bin/

diff --git a/Dockerfiles/file-upload.Dockerfile b/Dockerfiles/file-upload.Dockerfile
@@ -49,10 +49,10 @@ ENV FILEPOND_SERVER_BRANCH $FILEPOND_SERVER_BRANCH
 ARG STALE_UPLOAD_DELETE_MIN=360
 ENV STALE_UPLOAD_DELETE_MIN $STALE_UPLOAD_DELETE_MIN
 
-ENV SUPERCRONIC_VERSION "0.2.26"
+ENV SUPERCRONIC_VERSION "0.2.27"
 ENV SUPERCRONIC_URL "https://github.com/aptible/supercronic/releases/download/v$SUPERCRONIC_VERSION/supercronic-linux-amd64"
 ENV SUPERCRONIC "supercronic-linux-amd64"
-ENV SUPERCRONIC_SHA1SUM "7a79496cf8ad899b99a719355d4db27422396735"
+ENV SUPERCRONIC_SHA1SUM "7dadd4ac827e7bd60b386414dfefc898ae5b6c63"
 ENV SUPERCRONIC_CRONTAB "/etc/crontab"
 
 COPY --from=npmget /usr/local/lib/node_modules/filepond /var/www/upload/filepond

diff --git a/Dockerfiles/filebeat.Dockerfile b/Dockerfiles/filebeat.Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.elastic.co/beats/filebeat-oss:8.10.0
+FROM docker.elastic.co/beats/filebeat-oss:8.10.4
 
 # Copyright (c) 2023 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm@inl.gov"
@@ -45,7 +45,7 @@ ARG LOG_CLEANUP_MINUTES=0
 ARG ZIP_CLEANUP_MINUTES=0
 ARG NGINX_LOG_ACCESS_AND_ERRORS=false
 ARG OPENSEARCH_URL="http://opensearch:9200"
-ARG OPENSEARCH_LOCAL=true
+ARG OPENSEARCH_PRIMARY="opensearch-local"
 ARG FILEBEAT_TCP_LISTEN=false
 ARG FILEBEAT_TCP_PORT=5045
 ARG FILEBEAT_TCP_LOG_FORMAT="raw"
@@ -61,10 +61,10 @@ ARG FILEBEAT_TCP_PARSE_TARGET_FIELD=""
 ARG FILEBEAT_TCP_PARSE_DROP_FIELD=""
 ARG FILEBEAT_TCP_TAG="_malcolm_beats"
 
-ENV SUPERCRONIC_VERSION "0.2.26"
+ENV SUPERCRONIC_VERSION "0.2.27"
 ENV SUPERCRONIC_URL "https://github.com/aptible/supercronic/releases/download/v$SUPERCRONIC_VERSION/supercronic-linux-amd64"
 ENV SUPERCRONIC "supercronic-linux-amd64"
-ENV SUPERCRONIC_SHA1SUM "7a79496cf8ad899b99a719355d4db27422396735"
+ENV SUPERCRONIC_SHA1SUM "7dadd4ac827e7bd60b386414dfefc898ae5b6c63"
 ENV SUPERCRONIC_CRONTAB "/etc/crontab"
 
 ENV TINI_VERSION v0.19.0
@@ -146,7 +146,7 @@ ENV FILEBEAT_SURICATA_LOG_PATH $FILEBEAT_SURICATA_LOG_PATH
 ENV FILEBEAT_NGINX_LOG_PATH $FILEBEAT_NGINX_LOG_PATH
 ENV NGINX_LOG_ACCESS_AND_ERRORS $NGINX_LOG_ACCESS_AND_ERRORS
 ENV OPENSEARCH_URL $OPENSEARCH_URL
-ENV OPENSEARCH_LOCAL $OPENSEARCH_LOCAL
+ENV OPENSEARCH_PRIMARY $OPENSEARCH_PRIMARY
 ENV FILEBEAT_TCP_LISTEN $FILEBEAT_TCP_LISTEN
 ENV FILEBEAT_TCP_PORT $FILEBEAT_TCP_PORT
 ENV FILEBEAT_TCP_LOG_FORMAT $FILEBEAT_TCP_LOG_FORMAT

diff --git a/Dockerfiles/logstash.Dockerfile b/Dockerfiles/logstash.Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.elastic.co/logstash/logstash-oss:8.10.0
+FROM docker.elastic.co/logstash/logstash-oss:8.10.4
 
 LABEL maintainer="malcolm@inl.gov"
 LABEL org.opencontainers.image.authors='malcolm@inl.gov'

diff --git a/Dockerfiles/netbox.Dockerfile b/Dockerfiles/netbox.Dockerfile
@@ -1,4 +1,4 @@
-FROM netboxcommunity/netbox:v3.6.1
+FROM netboxcommunity/netbox:v3.6.4
 
 # Copyright (c) 2023 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm@inl.gov"
@@ -24,10 +24,10 @@ ENV PUSER "ubuntu"
 ENV PGROUP "ubuntu"
 ENV PUSER_PRIV_DROP true
 
-ENV SUPERCRONIC_VERSION "0.2.26"
+ENV SUPERCRONIC_VERSION "0.2.27"
 ENV SUPERCRONIC_URL "https://github.com/aptible/supercronic/releases/download/v$SUPERCRONIC_VERSION/supercronic-linux-amd64"
 ENV SUPERCRONIC "supercronic-linux-amd64"
-ENV SUPERCRONIC_SHA1SUM "7a79496cf8ad899b99a719355d4db27422396735"
+ENV SUPERCRONIC_SHA1SUM "7dadd4ac827e7bd60b386414dfefc898ae5b6c63"
 ENV SUPERCRONIC_CRONTAB "/etc/crontab"
 
 ENV YQ_VERSION "4.33.3"

diff --git a/Dockerfiles/opensearch.Dockerfile b/Dockerfiles/opensearch.Dockerfile
@@ -24,8 +24,8 @@ ENV TERM xterm
 
 ENV TINI_VERSION v0.19.0
 
-ARG OPENSEARCH_LOCAL=true
-ENV OPENSEARCH_LOCAL $OPENSEARCH_LOCAL
+ARG OPENSEARCH_PRIMARY="opensearch-local"
+ENV OPENSEARCH_PRIMARY $OPENSEARCH_PRIMARY
 
 ARG MALCOLM_API_URL="http://api:5000/mapi/event"
 ENV MALCOLM_API_URL $MALCOLM_API_URL

diff --git a/Dockerfiles/pcap-monitor.Dockerfile b/Dockerfiles/pcap-monitor.Dockerfile
@@ -27,7 +27,7 @@ ENV PYTHONDONTWRITEBYTECODE 1
 ENV PYTHONUNBUFFERED 1
 
 ARG OPENSEARCH_URL="http://opensearch:9200"
-ARG OPENSEARCH_LOCAL=true
+ARG OPENSEARCH_PRIMARY="opensearch-local"
 ARG PCAP_PATH=/pcap
 ARG PCAP_PIPELINE_VERBOSITY=""
 ARG PCAP_PIPELINE_IGNORE_PREEXISTING=false
@@ -37,7 +37,7 @@ ARG PCAP_NODE_NAME=malcolm
 ARG ZEEK_PATH=/zeek
 
 ENV OPENSEARCH_URL $OPENSEARCH_URL
-ENV OPENSEARCH_LOCAL $OPENSEARCH_LOCAL
+ENV OPENSEARCH_PRIMARY $OPENSEARCH_PRIMARY
 ENV PCAP_PATH $PCAP_PATH
 ENV PCAP_PIPELINE_VERBOSITY $PCAP_PIPELINE_VERBOSITY
 ENV PCAP_PIPELINE_IGNORE_PREEXISTING $PCAP_PIPELINE_IGNORE_PREEXISTING
@@ -63,7 +63,14 @@ RUN apt-get -q update && \
       vim-tiny && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/* && \
-    python3 -m pip install --break-system-packages --no-compile --no-cache-dir opensearch-py pyzmq python-magic requests watchdog && \
+    python3 -m pip install --break-system-packages --no-compile --no-cache-dir \
+      elasticsearch \
+      elasticsearch-dsl \
+      opensearch-py \
+      python-magic \
+      pyzmq \
+      requests \
+      watchdog && \
     groupadd --gid ${DEFAULT_GID} ${PGROUP} && \
       useradd -M --uid ${DEFAULT_UID} --gid ${DEFAULT_GID} ${PUSER}
 

diff --git a/Dockerfiles/suricata.Dockerfile b/Dockerfiles/suricata.Dockerfile
@@ -30,10 +30,10 @@ ENV PGROUP "suricata"
 ENV PUSER_PRIV_DROP false
 ENV PUSER_RLIMIT_UNLOCK true
 
-ENV SUPERCRONIC_VERSION "0.2.26"
+ENV SUPERCRONIC_VERSION "0.2.27"
 ENV SUPERCRONIC_URL "https://github.com/aptible/supercronic/releases/download/v$SUPERCRONIC_VERSION/supercronic-linux-amd64"
 ENV SUPERCRONIC "supercronic-linux-amd64"
-ENV SUPERCRONIC_SHA1SUM "7a79496cf8ad899b99a719355d4db27422396735"
+ENV SUPERCRONIC_SHA1SUM "7dadd4ac827e7bd60b386414dfefc898ae5b6c63"
 ENV SUPERCRONIC_CRONTAB "/etc/crontab"
 
 ENV YQ_VERSION "4.33.3"

diff --git a/Dockerfiles/zeek.Dockerfile b/Dockerfiles/zeek.Dockerfile
@@ -12,6 +12,9 @@ ARG BUILD_JOBS=4
 ENV BUILD_JOBS $BUILD_JOBS
 ENV CCACHE_DIR "/var/spool/ccache"
 ENV CCACHE_COMPRESS 1
+ENV CMAKE_C_COMPILER clang-14
+ENV CMAKE_CXX_COMPILER clang++-14
+ENV CXXFLAGS "-stdlib=libc++ -lc++abi"
 ENV PYTHONDONTWRITEBYTECODE 1
 ENV PYTHONUNBUFFERED 1
 
@@ -21,15 +24,16 @@ RUN apt-get -q update && \
         bison \
         ca-certificates \
         ccache \
+        clang \
         cmake \
         curl \
         flex \
-        g++ \
-        gcc \
         git \
+        libc++-dev \
+        libc++abi-dev \
         libfl-dev \
-        libgoogle-perftools4 \
         libgoogle-perftools-dev \
+        libgoogle-perftools4 \
         libkrb5-3 \
         libkrb5-dev \
         libmaxminddb-dev \
@@ -90,10 +94,10 @@ ENV PGROUP "zeeker"
 ENV PUSER_PRIV_DROP false
 ENV PUSER_RLIMIT_UNLOCK true
 
-ENV SUPERCRONIC_VERSION "0.2.26"
+ENV SUPERCRONIC_VERSION "0.2.27"
 ENV SUPERCRONIC_URL "https://github.com/aptible/supercronic/releases/download/v$SUPERCRONIC_VERSION/supercronic-linux-amd64"
 ENV SUPERCRONIC "supercronic-linux-amd64"
-ENV SUPERCRONIC_SHA1SUM "7a79496cf8ad899b99a719355d4db27422396735"
+ENV SUPERCRONIC_SHA1SUM "7dadd4ac827e7bd60b386414dfefc898ae5b6c63"
 ENV SUPERCRONIC_CRONTAB "/etc/crontab"
 
 # for download and install
@@ -107,6 +111,9 @@ ENV PATH "${ZEEK_DIR}/bin:${PATH}"
 # for build
 ENV CCACHE_DIR "/var/spool/ccache"
 ENV CCACHE_COMPRESS 1
+ENV CMAKE_C_COMPILER clang-14
+ENV CMAKE_CXX_COMPILER clang++-14
+ENV CXXFLAGS "-stdlib=libc++ -lc++abi"
 
 COPY --from=build /usr/share/src/zeek/build/*.deb /tmp/zeekdebs/
 
@@ -123,19 +130,20 @@ RUN export DEBARCH=$(dpkg --print-architecture) && \
       bison \
       ca-certificates \
       ccache \
+      clang \
       cmake \
       curl \
       ethtool \
       file \
       flex \
-      g++ \
-      gcc \
       git \
       gnupg2 \
       iproute2 \
       jq \
       less \
       libatomic1 \
+      libc++-dev \
+      libc++abi-dev \
       libcap2-bin \
       libfl-dev \
       libfl2 \

diff --git a/api/entrypoint.sh b/api/entrypoint.sh
@@ -1,6 +1,5 @@
 #!/bin/sh
 
-echo "Giving OpenSearch time to start..."
-"${APP_HOME}"/opensearch_status.sh 2>&1 && echo "OpenSearch is running!"
+"${APP_HOME}"/opensearch_status.sh
 
 exec "$@"