hedgehog.md

Hedgehog Linux

Network Traffic Capture Appliance

Hedgehog Linux is a Debian-based operating system built to

• monitor network interfaces
• capture packets to PCAP files
• detect file transfers in network traffic and extract and scan those files for threats
• generate and forward Zeek logs, Arkime sessions, and other information to [Malcolm]({{ site.github.repository_url }})


• Sensor installation
  • Image boot options
  • Installer
• Boot
  • Kiosk mode
• Configuration
  • Configure Hostname, Interfaces and Time Sync
  • Configure Capture
    • Capture
    • File extraction and scanning
  • Configure Forwarding
    • arkime-capture: Arkime session forwarding
    • ssl-client-receive: Receive client SSL files for filebeat from Malcolm
    • filebeat: Zeek and Suricata log forwarding
    • miscbeat: System metrics forwarding
  • Autostart services

• Zeek Intelligence Framework

• Appendix A - Generating the ISO
• Appendix B - Configuring SSH access
• Appendix C - Troubleshooting
• Appendix D - Hardening
  • Compliance exceptions
• Appendix E - Upgrades