Merge pull request #211 from cisagov/v6.1.0_merge_cisagov

v6.1.0 development

.github/workflows/malcolm-iso-build-docker-wrap-push-ghcr.yml

@@ -106,6 +106,8 @@ jobs:
             docker rmi "$IMAGE"
           done
           pushd ./malcolm-iso
+          mkdir -p ./shared
+          echo "GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}" > ./shared/environment.chroot
           sudo /usr/bin/env bash ./build.sh -d "$DEST_IMAGES_TGZ"
           rm -rf ./shared/
           sudo chmod 644 ./malcolm-*.*

.github/workflows/sensor-iso-build-docker-wrap-push-ghcr.yml

@@ -91,6 +91,7 @@ jobs:
           pushd ./sensor-iso
           echo "${{ steps.extract_malcolm_version.outputs.mversion }}" > ./shared/version.txt
           echo "${{ secrets.MAXMIND_GEOIP_DB_LICENSE_KEY }}" > ./shared/maxmind_license.txt
+          echo "GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}" > ./shared/environment.chroot
           sudo /usr/bin/env bash ./build.sh
           rm -rf ./shared/
           sudo chmod 644 ./hedgehog-*.*

.trigger_workflow_build

@@ -1,2 +1,2 @@
 # this file exists solely for the purpose of being updated and seen by github to trigger a commit build action
-19
+20

Dockerfiles/dashboards-helper.Dockerfile

@@ -43,27 +43,22 @@ ENV OPENSEARCH_DEFAULT_DASHBOARD $OPENSEARCH_DEFAULT_DASHBOARD
 ENV DASHBOARDS_URL $DASHBOARDS_URL
 ENV PATH="/data:${PATH}"
 
-ENV SUPERCRONIC_VERSION "0.1.12"
+ENV SUPERCRONIC_VERSION "0.2.1"
 ENV SUPERCRONIC_URL "https://github.com/aptible/supercronic/releases/download/v$SUPERCRONIC_VERSION/supercronic-linux-amd64"
 ENV SUPERCRONIC "supercronic-linux-amd64"
-ENV SUPERCRONIC_SHA1SUM "048b95b48b708983effb2e5c935a1ef8483d9e3e"
+ENV SUPERCRONIC_SHA1SUM "d7f4c0886eb85249ad05ed592902fa6865bb9d70"
 ENV SUPERCRONIC_CRONTAB "/etc/crontab"
 
+ENV ECS_RELEASES_URL "https://api.github.com/repos/elastic/ecs/releases/latest"
+
 ADD dashboards/dashboards /opt/dashboards
-# At the moment Beats won't import dashboards into OpenSearch dashboards
-# (see opensearch-project/OpenSearch-Dashboards#656 and
-# opensearch-project/OpenSearch-Dashboards#831), although the templates/index
-# patterns work ok. As such, we're going to manually add the dashboards we care about to
-# /opt/dashboards/beats and load them when the container starts up.
-ADD sensor-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/*.json /opt/dashboards/beats
-ADD sensor-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/*.json /opt/dashboards/beats
-ADD sensor-iso/config/includes.chroot/usr/share/protologbeat/kibana/7/dashboard/*.json /opt/dashboards/beats
 ADD dashboards/anomaly_detectors /opt/anomaly_detectors
 ADD dashboards/alerting /opt/alerting
+ADD dashboards/notifications /opt/notifications
 ADD dashboards/maps /opt/maps
 ADD dashboards/scripts /data/
 ADD dashboards/supervisord.conf /etc/supervisord.conf
-ADD dashboards/malcolm_template.json /data/malcolm_template.json
+ADD dashboards/templates /opt/templates
 ADD shared/bin/docker-uid-gid-setup.sh /usr/local/bin/
 ADD shared/bin/opensearch_status.sh /data/
 ADD shared/bin/opensearch_index_size_prune.py /data/
@@ -83,11 +78,19 @@ RUN apk update --no-cache && \
       adduser -D -H -u ${DEFAULT_UID} -h /nonexistant -s /sbin/nologin -G ${PGROUP} -g ${PUSER} ${PUSER} ; \
       addgroup ${PUSER} tty ; \
       addgroup ${PUSER} shadow ; \
-    mkdir -p /data/init && \
-    chown -R ${PUSER}:${PGROUP} /opt/dashboards /opt/maps /data/init /opt/anomaly_detectors && \
+    mkdir -p /data/init /opt/ecs && \
+      cd /opt && \
+      curl -sSL "$(curl -sSL "$ECS_RELEASES_URL" | jq '.tarball_url' | tr -d '"')" | tar xzf - -C ./ecs --strip-components 1 && \
+      mv /opt/ecs/generated/elasticsearch /opt/ecs-templates && \
+      find /opt/ecs-templates -name "*.json" -exec sed -i 's/\("type"[[:space:]]*:[[:space:]]*\)"match_only_text"/\1"text"/' "{}" \; && \
+      find /opt/ecs-templates -name "*.json" -exec sed -i 's/\("type"[[:space:]]*:[[:space:]]*\)"constant_keyword"/\1"keyword"/' "{}" \; && \
+      find /opt/ecs-templates -name "*.json" -exec sed -i 's/\("type"[[:space:]]*:[[:space:]]*\)"wildcard"/\1"keyword"/' "{}" \; && \
+      find /opt/ecs-templates -name "*.json" -exec sed -i 's/\("type"[[:space:]]*:[[:space:]]*\)"flattened"/\1"nested"/' "{}" \; && \
+      rm -rf /opt/ecs && \
+    chown -R ${PUSER}:${PGROUP} /opt/dashboards /opt/templates /opt/ecs-templates /opt/maps /data/init /opt/anomaly_detectors && \
     chmod 755 /data/*.sh /data/*.py /data/init && \
     chmod 400 /opt/maps/* && \
-    (echo -e "*/2 * * * * /data/create-arkime-sessions-index.sh\n0 10 * * * /data/index-refresh.py --template malcolm_template --unassigned\n30 */6 * * * /data/refresh-auxiliary-index-patterns.sh\n*/20 * * * * /data/opensearch_index_size_prune.py" > ${SUPERCRONIC_CRONTAB})
+    (echo -e "*/2 * * * * /data/create-arkime-sessions-index.sh\n0 10 * * * /data/index-refresh.py --template malcolm_template --unassigned\n30 */2 * * * /data/index-refresh.py --index 'malcolm_beats_*' --template malcolm_beats_template --unassigned\n*/20 * * * * /data/opensearch_index_size_prune.py" > ${SUPERCRONIC_CRONTAB})
 
 EXPOSE $OFFLINE_REGION_MAPS_PORT
 

Dockerfiles/dashboards.Dockerfile

@@ -14,10 +14,10 @@ ENV PGROUP "dashboarder"
 
 ENV TERM xterm
 
-ARG OPENSEARCH_VERSION="1.3.2"
+ARG OPENSEARCH_VERSION="2.1.0"
 ENV OPENSEARCH_VERSION $OPENSEARCH_VERSION
 
-ARG OPENSEARCH_DASHBOARDS_VERSION="1.3.2"
+ARG OPENSEARCH_DASHBOARDS_VERSION="2.1.0"
 ENV OPENSEARCH_DASHBOARDS_VERSION $OPENSEARCH_DASHBOARDS_VERSION
 
 # base system dependencies for checking out and building plugins
@@ -59,7 +59,7 @@ RUN git clone --single-branch --depth=1 --recurse-submodules --shallow-submodule
 
 RUN eval "$(nodenv init -)" && \
     mkdir -p /usr/share/opensearch-dashboards/plugins && \
-    git clone --depth 1 --recurse-submodules --shallow-submodules --single-branch https://github.com/mmguero-dev/osd_sankey_vis.git /usr/share/opensearch-dashboards/plugins/sankey_vis && \
+    git clone --depth 1 --recurse-submodules --shallow-submodules --single-branch --branch opensearch-v2-dashboards-compatibility https://github.com/mmguero-dev/osd_sankey_vis.git /usr/share/opensearch-dashboards/plugins/sankey_vis && \
     cd /usr/share/opensearch-dashboards/plugins/sankey_vis && \
     yarn osd bootstrap && \
     yarn install && \
@@ -68,7 +68,7 @@ RUN eval "$(nodenv init -)" && \
 
 # runtime ##################################################################
 
-FROM opensearchproject/opensearch-dashboards:1.3.2
+FROM opensearchproject/opensearch-dashboards:2.1.0
 
 LABEL maintainer="[email protected]"
 LABEL org.opencontainers.image.authors='[email protected]'
@@ -128,6 +128,8 @@ ADD shared/bin/docker-uid-gid-setup.sh /usr/local/bin/
 # to specify the entries in the opensearch_dashboards.yml such that they are valid BOTH from the
 # internal opensearch code validating them AND the web browser retrieving them. So we're going scorched earth instead.
 ADD docs/images/logo/malcolm_logo.svg /usr/share/opensearch-dashboards/src/core/server/core_app/assets/default_branding/opensearch_logo.svg
+ADD docs/images/logo/malcolm_logo.svg /usr/share/opensearch-dashboards/src/core/server/core_app/assets/default_branding/opensearch_logo_dark_mode.svg
+ADD docs/images/logo/malcolm_logo.svg /usr/share/opensearch-dashboards/src/core/server/core_app/assets/default_branding/opensearch_logo_default_mode.svg
 ADD docs/images/icon/malcolm_mark_dashboards.svg /usr/share/opensearch-dashboards/src/core/server/core_app/assets/default_branding/opensearch_mark_dark_mode.svg
 ADD docs/images/icon/malcolm_mark_dashboards.svg /usr/share/opensearch-dashboards/src/core/server/core_app/assets/default_branding/opensearch_mark_default_mode.svg
 ADD docs/images/favicon/favicon.ico /usr/share/opensearch-dashboards/src/core/server/core_app/assets/favicons/favicon.ico

Dockerfiles/file-monitor.Dockerfile

@@ -75,7 +75,7 @@ ENV EXTRACTED_FILE_ENABLE_CAPA $EXTRACTED_FILE_ENABLE_CAPA
 ENV EXTRACTED_FILE_CAPA_VERBOSE $EXTRACTED_FILE_CAPA_VERBOSE
 ENV SRC_BASE_DIR "/usr/local/src"
 ENV CLAMAV_RULES_DIR "/var/lib/clamav"
-ENV YARA_VERSION "4.2.1"
+ENV YARA_VERSION "4.2.2"
 ENV YARA_URL "https://github.com/VirusTotal/yara/archive/v${YARA_VERSION}.tar.gz"
 ENV YARA_RULES_URL "https://github.com/Neo23x0/signature-base"
 ENV YARA_RULES_DIR "/yara-rules"
@@ -90,10 +90,10 @@ ENV EXTRACTED_FILE_HTTP_SERVER_ENCRYPT $EXTRACTED_FILE_HTTP_SERVER_ENCRYPT
 ENV EXTRACTED_FILE_HTTP_SERVER_KEY $EXTRACTED_FILE_HTTP_SERVER_KEY
 ENV EXTRACTED_FILE_HTTP_SERVER_PORT $EXTRACTED_FILE_HTTP_SERVER_PORT
 
-ENV SUPERCRONIC_VERSION "0.1.12"
+ENV SUPERCRONIC_VERSION "0.2.1"
 ENV SUPERCRONIC_URL "https://github.com/aptible/supercronic/releases/download/v$SUPERCRONIC_VERSION/supercronic-linux-amd64"
 ENV SUPERCRONIC "supercronic-linux-amd64"
-ENV SUPERCRONIC_SHA1SUM "048b95b48b708983effb2e5c935a1ef8483d9e3e"
+ENV SUPERCRONIC_SHA1SUM "d7f4c0886eb85249ad05ed592902fa6865bb9d70"
 ENV SUPERCRONIC_CRONTAB "/etc/crontab"
 
 RUN sed -i "s/bullseye main/bullseye main contrib non-free/g" /etc/apt/sources.list && \

Dockerfiles/filebeat.Dockerfile

@@ -23,6 +23,7 @@ ENV PUSER_PRIV_DROP false
 
 ENV TERM xterm
 
+ARG AUTO_TAG=true
 ARG FILEBEAT_SCAN_FREQUENCY=10s
 ARG FILEBEAT_CLEAN_INACTIVE=180m
 ARG FILEBEAT_IGNORE_OLDER=120m
@@ -37,12 +38,25 @@ ARG FILEBEAT_NGINX_LOG_PATH="/data/nginx"
 ARG LOG_CLEANUP_MINUTES=0
 ARG ZIP_CLEANUP_MINUTES=0
 ARG NGINX_LOG_ACCESS_AND_ERRORS=false
-ARG AUTO_TAG=true
-
-ENV SUPERCRONIC_VERSION "0.1.12"
+ARG FILEBEAT_TCP_LISTEN=false
+ARG FILEBEAT_TCP_PORT=5045
+ARG FILEBEAT_TCP_LOG_FORMAT="raw"
+ARG FILEBEAT_TCP_MAX_CONNECTIONS=32
+ARG FILEBEAT_TCP_MAX_MESSAGE_SIZE=20MB
+ARG FILEBEAT_TCP_PARSE_ADD_ERROR_KEY=true
+ARG FILEBEAT_TCP_PARSE_DOCUMENT_ID_FIELD=""
+ARG FILEBEAT_TCP_PARSE_MAX_DEPTH=1
+ARG FILEBEAT_TCP_PARSE_OVERWRITE_KEYS=false
+ARG FILEBEAT_TCP_PARSE_PROCESS_ARRAY=false
+ARG FILEBEAT_TCP_PARSE_SOURCE_FIELD="message"
+ARG FILEBEAT_TCP_PARSE_TARGET_FIELD=""
+ARG FILEBEAT_TCP_PARSE_DROP_FIELD=""
+ARG FILEBEAT_TCP_TAG=""
+
+ENV SUPERCRONIC_VERSION "0.2.1"
 ENV SUPERCRONIC_URL "https://github.com/aptible/supercronic/releases/download/v$SUPERCRONIC_VERSION/supercronic-linux-amd64"
 ENV SUPERCRONIC "supercronic-linux-amd64"
-ENV SUPERCRONIC_SHA1SUM "048b95b48b708983effb2e5c935a1ef8483d9e3e"
+ENV SUPERCRONIC_SHA1SUM "d7f4c0886eb85249ad05ed592902fa6865bb9d70"
 ENV SUPERCRONIC_CRONTAB "/etc/crontab"
 
 USER root
@@ -62,17 +76,21 @@ RUN yum install -y epel-release && \
 ADD shared/bin/docker-uid-gid-setup.sh /usr/local/bin/
 ADD filebeat/filebeat.yml /usr/share/filebeat/filebeat.yml
 ADD filebeat/filebeat-nginx.yml /usr/share/filebeat-nginx/filebeat-nginx.yml
+ADD filebeat/filebeat-tcp.yml /usr/share/filebeat-tcp/filebeat-tcp.yml
 ADD filebeat/scripts /data/
 ADD shared/bin/opensearch_status.sh /data/
 ADD filebeat/supervisord.conf /etc/supervisord.conf
-RUN mkdir -p /usr/share/filebeat-nginx/data && \
-    chown -R root:${PGROUP} /usr/share/filebeat-nginx && \
-    cp -a /usr/share/filebeat/module /usr/share/filebeat-nginx/module && \
-    chmod 750 /usr/share/filebeat-nginx && \
-    chmod 770 /usr/share/filebeat-nginx/data && \
+RUN for INPUT in nginx tcp; do \
+      mkdir -p /usr/share/filebeat-$INPUT/data; \
+      chown -R root:${PGROUP} /usr/share/filebeat-$INPUT; \
+      cp -a /usr/share/filebeat/module /usr/share/filebeat-$INPUT/module; \
+      chmod 750 /usr/share/filebeat-$INPUT; \
+      chmod 770 /usr/share/filebeat-$INPUT/data; \
+    done; \
     chmod 755 /data/*.sh /data/*.py && \
     (echo -e "* * * * * /data/filebeat-process-zeek-folder.sh\n*/5 * * * * /data/filebeat-clean-zeeklogs-processed-folder.py" > ${SUPERCRONIC_CRONTAB})
 
+ENV AUTO_TAG $AUTO_TAG
 ENV LOG_CLEANUP_MINUTES $LOG_CLEANUP_MINUTES
 ENV ZIP_CLEANUP_MINUTES $ZIP_CLEANUP_MINUTES
 ENV FILEBEAT_SCAN_FREQUENCY $FILEBEAT_SCAN_FREQUENCY
@@ -87,13 +105,25 @@ ENV FILEBEAT_ZEEK_LOG_PATH $FILEBEAT_ZEEK_LOG_PATH
 ENV FILEBEAT_SURICATA_LOG_PATH $FILEBEAT_SURICATA_LOG_PATH
 ENV FILEBEAT_NGINX_LOG_PATH $FILEBEAT_NGINX_LOG_PATH
 ENV NGINX_LOG_ACCESS_AND_ERRORS $NGINX_LOG_ACCESS_AND_ERRORS
-ENV AUTO_TAG $AUTO_TAG
-
+ENV FILEBEAT_TCP_LISTEN $FILEBEAT_TCP_LISTEN
+ENV FILEBEAT_TCP_PORT $FILEBEAT_TCP_PORT
+ENV FILEBEAT_TCP_LOG_FORMAT $FILEBEAT_TCP_LOG_FORMAT
+ENV FILEBEAT_TCP_MAX_CONNECTIONS $FILEBEAT_TCP_MAX_CONNECTIONS
+ENV FILEBEAT_TCP_MAX_MESSAGE_SIZE $FILEBEAT_TCP_MAX_MESSAGE_SIZE
+ENV FILEBEAT_TCP_PARSE_ADD_ERROR_KEY $FILEBEAT_TCP_PARSE_ADD_ERROR_KEY
+ENV FILEBEAT_TCP_PARSE_DOCUMENT_ID_FIELD $FILEBEAT_TCP_PARSE_DOCUMENT_ID_FIELD
+ENV FILEBEAT_TCP_PARSE_MAX_DEPTH $FILEBEAT_TCP_PARSE_MAX_DEPTH
+ENV FILEBEAT_TCP_PARSE_OVERWRITE_KEYS $FILEBEAT_TCP_PARSE_OVERWRITE_KEYS
+ENV FILEBEAT_TCP_PARSE_PROCESS_ARRAY $FILEBEAT_TCP_PARSE_PROCESS_ARRAY
+ENV FILEBEAT_TCP_PARSE_SOURCE_FIELD $FILEBEAT_TCP_PARSE_SOURCE_FIELD
+ENV FILEBEAT_TCP_PARSE_TARGET_FIELD $FILEBEAT_TCP_PARSE_TARGET_FIELD
+ENV FILEBEAT_TCP_PARSE_DROP_FIELD $FILEBEAT_TCP_PARSE_DROP_FIELD
+ENV FILEBEAT_TCP_TAG $FILEBEAT_TCP_TAG
 ENV FILEBEAT_REGISTRY_FILE "/usr/share/filebeat/data/registry/filebeat/data.json"
 ENV FILEBEAT_ZEEK_DIR "/data/zeek/"
 ENV PATH="/data:${PATH}"
 
-VOLUME ["/usr/share/filebeat/data", "/usr/share/filebeat-nginx/data"]
+VOLUME ["/usr/share/filebeat/data", "/usr/share/filebeat-nginx/data", "/usr/share/filebeat-tcp/data"]
 
 ENTRYPOINT ["/usr/local/bin/docker-uid-gid-setup.sh"]
 

Dockerfiles/logstash.Dockerfile

@@ -65,7 +65,7 @@ ENV PUSER_PRIV_DROP true
 ENV TERM xterm
 
 ARG LOGSTASH_ENRICHMENT_PIPELINE=enrichment
-ARG LOGSTASH_PARSE_PIPELINE_ADDRESSES=zeek-parse,suricata-parse
+ARG LOGSTASH_PARSE_PIPELINE_ADDRESSES=zeek-parse,suricata-parse,beats-parse
 ARG LOGSTASH_OPENSEARCH_PIPELINE_ADDRESS_INTERNAL=internal-os
 ARG LOGSTASH_OPENSEARCH_PIPELINE_ADDRESS_EXTERNAL=external-os
 ARG LOGSTASH_OPENSEARCH_OUTPUT_PIPELINE_ADDRESSES=internal-os,external-os
@@ -90,8 +90,9 @@ RUN yum install -y epel-release && \
                                        logstash-filter-json logstash-filter-prune logstash-filter-http \
                                        logstash-filter-grok logstash-filter-geoip logstash-filter-uuid \
                                        logstash-filter-kv logstash-filter-mutate logstash-filter-dissect \
+                                       logstash-filter-useragent \
                                        logstash-input-beats logstash-output-elasticsearch && \
-    logstash-plugin install /opt/logstash-filter-fingerprint/logstash-filter-fingerprint-3.4.0.gem && \
+    logstash-plugin install /opt/logstash-filter-fingerprint/logstash-filter-fingerprint-*.gem && \
     rm -rf /opt/logstash-filter-fingerprint /root/.cache /root/.gem /root/.bundle
 
 ADD shared/bin/docker-uid-gid-setup.sh /usr/local/bin/
@@ -101,6 +102,7 @@ ADD logstash/maps/*.yaml /etc/
 ADD logstash/config/log4j2.properties /usr/share/logstash/config/
 ADD logstash/config/logstash.yml /usr/share/logstash/config/logstash.orig.yml
 ADD logstash/pipelines/ /usr/share/logstash/malcolm-pipelines/
+ADD logstash/patterns/ /usr/share/logstash/malcolm-patterns/
 ADD logstash/ruby/ /usr/share/logstash/malcolm-ruby/
 ADD logstash/scripts /usr/local/bin/
 ADD logstash/supervisord.conf /etc/supervisord.conf
@@ -113,6 +115,7 @@ RUN bash -c "chmod --silent 755 /usr/local/bin/*.sh /usr/local/bin/*.py || true"
     chown --silent -R ${PUSER}:root \
         /usr/share/logstash/config/logstash*.yml \
         /usr/share/logstash/malcolm-pipelines \
+        /usr/share/logstash/malcolm-patterns \
         /usr/share/logstash/malcolm-ruby \
         /logstash-persistent-queue && \
     echo "Retrieving and parsing Wireshark manufacturer database..." && \

Dockerfiles/opensearch.Dockerfile

@@ -1,4 +1,4 @@
-FROM opensearchproject/opensearch:1.3.2
+FROM opensearchproject/opensearch:2.1.0
 
 # Copyright (c) 2022 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="[email protected]"
@@ -37,7 +37,7 @@ RUN yum install -y openssl util-linux procps && \
   yum upgrade -y && \
   /usr/share/opensearch/bin/opensearch-plugin remove opensearch-security --purge && \
   /usr/share/opensearch/bin/opensearch-plugin remove opensearch-performance-analyzer --purge && \
-  echo -e 'cluster.name: "docker-cluster"\nnetwork.host: 0.0.0.0\ncompatibility.override_main_response_version: true\nbootstrap.memory_lock: true' > /usr/share/opensearch/config/opensearch.yml && \
+  echo -e 'cluster.name: "docker-cluster"\nnetwork.host: 0.0.0.0\nbootstrap.memory_lock: true' > /usr/share/opensearch/config/opensearch.yml && \
   sed -i "s/#[[:space:]]*\([0-9]*-[0-9]*:-XX:-\(UseConcMarkSweepGC\|UseCMSInitiatingOccupancyOnly\)\)/\1/" /usr/share/opensearch/config/jvm.options && \
   sed -i "s/^[0-9][0-9]*\(-:-XX:\(+UseG1GC\|G1ReservePercent\|InitiatingHeapOccupancyPercent\)\)/$($OPENSEARCH_JAVA_HOME/bin/java -version 2>&1 | grep version | awk '{print $3}' | tr -d '\"' | cut -d. -f1)\1/" /usr/share/opensearch/config/jvm.options && \
   mkdir -p /usr/share/opensearch/ca-trust && \

Dockerfiles/suricata.Dockerfile

@@ -103,10 +103,10 @@ ENV PUSER "suricata"
 ENV PGROUP "suricata"
 ENV PUSER_PRIV_DROP true
 
-ENV SUPERCRONIC_VERSION "0.1.12"
+ENV SUPERCRONIC_VERSION "0.2.1"
 ENV SUPERCRONIC_URL "https://github.com/aptible/supercronic/releases/download/v$SUPERCRONIC_VERSION/supercronic-linux-amd64"
 ENV SUPERCRONIC "supercronic-linux-amd64"
-ENV SUPERCRONIC_SHA1SUM "048b95b48b708983effb2e5c935a1ef8483d9e3e"
+ENV SUPERCRONIC_SHA1SUM "d7f4c0886eb85249ad05ed592902fa6865bb9d70"
 ENV SUPERCRONIC_CRONTAB "/etc/crontab"
 
 ENV YQ_VERSION "4.24.2"