2.3.0 (#1104)

2.3.0

---------

Co-authored-by: Davide Arcuri <[email protected]>
Co-authored-by: garanews <[email protected]>

Author: 3 people

.env.sample

@@ -1 +1,3 @@
 VERSION=latest
+REDIS_VERSION=6.2.5
+POSTGRES_VERSION=16.2

.envs/.local/.django

@@ -14,24 +14,21 @@ EMAIL_PORT=1025
 EMAIL_USE_TLS=False
 EMAIL_HOST_USER=
 EMAIL_HOST_PASSWORD=
+DEFAULT_FROM_EMAIL=
+EMAIL_TIMEOUT=30
 
 # Redis
 # ------------------------------------------------------------------------------
 REDIS_URL=redis://redis:6379/0
 REDIS_SERVER=redis
 REDIS_PORT=6379
 
-# elasticsearch
-# ------------------------------------------------------------------------------
-ELASTICSEARCH_URL=http://es01:9200
-
 # Dask
 # ------------------------------------------------------------------------------
 DASK_SCHEDULER_URL=tcp://scheduler:8786
 
 # Orochi
 # ------------------------------------------------------------------------------
-MAX_ELASTIC_WINDOWS_SIZE=50000
 THREAD_NO=10
 AWESOME_PATH=https://raw.githubusercontent.com/InQuest/awesome-yara/master/README.md
 LOCAL_YARA_PATH=/yara
@@ -53,6 +50,10 @@ REGIPY_PLUGINS=computer_name,host_domain_name,network_drives_plugin
 # ------------------------------------------------------------------------------
 DEBUG_LEVEL=WARNING
 
+# Https
+# ------------------------------------------------------------------------------
+HTTPS=False
+
 # Ldap
 # ------------------------------------------------------------------------------
 AUTH_LDAP_SERVER_URI=

.envs/.local/.postgres

@@ -5,3 +5,4 @@ POSTGRES_PORT=5432
 POSTGRES_DB=orochi
 POSTGRES_USER=debug
 POSTGRES_PASSWORD=debug
+DATABASE_URL=postgresql://debug:debug@postgres:5432/orochi

.pre-commit-config.yaml

@@ -4,18 +4,23 @@ fail_fast: true
 
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.5.0
+    rev: v4.6.0
     hooks:
       - id: trailing-whitespace
       - id: end-of-file-fixer
       - id: check-yaml
 
   - repo: https://github.com/psf/black
-    rev: 24.3.0
+    rev: 24.10.0
     hooks:
       - id: black
 
   - repo: https://github.com/timothycrosley/isort
     rev: 5.13.2
     hooks:
       - id: isort
+
+  - repo: https://github.com/hadialqattan/pycln
+    rev: v2.4.0
+    hooks:
+      - id: pycln

CHANGELOG.md

@@ -1,6 +1,23 @@
 ## Changelog
 
 <details open>
+  <summary><b>OROCHI 2.3.0</b></summary>
+
+  * Removed elasticsearch
+  * Add clamav volume to keep antivirus updated
+  * Recompile rules via admin command
+  * Add experimental support for ARM64
+  * Manage BodyFile file in timeliner plugin
+  * export/import [[#1102](https://github.com/LDO-CERT/orochi/issues/1102)]
+  * signal for dump/result changes are very verbose [[#1074](https://github.com/LDO-CERT/orochi/issues/1074)]
+  * replace drf & co. with django-ninja [[#1073](https://github.com/LDO-CERT/orochi/issues/1073)]
+  * Add Two-Factor Authentication [[#1099](https://github.com/LDO-CERT/orochi/issues/1099)]
+  * Admin: Assign multiple dumps to user [[#1082](https://github.com/LDO-CERT/orochi/issues/1082)]
+  * Multi-arch build and images [[#1098](https://github.com/LDO-CERT/orochi/issues/1098)]
+  * Custom logo in the login page [[#1083](https://github.com/LDO-CERT/orochi/issues/1083)]
+</details>
+
+<details>
   <summary><b>OROCHI 2.2.0 [2024/03/26]</b></summary>
 
   * Upload ntoskrnl.exe and generate symbol [[#1020](https://github.com/LDO-CERT/orochi/issues/1020)]
@@ -11,6 +28,7 @@
   * Add use case example with API. [[#248](https://github.com/LDO-CERT/orochi/issues/248)]
   * put custom plugins under volatility3 /plugins/ [[#1068](https://github.com/LDO-CERT/orochi/issues/1068)]
   * Improve tree rendered plugins
+  * Execute Regipy plugins on windows images
 </details>
 
 <details>
@@ -20,7 +38,7 @@
   * Expand/Collapse folders [[#1006](https://github.com/LDO-CERT/orochi/issues/1006)]
 </details>
 
-<details open>
+<details>
   <summary><b>OROCHI 2.1.0 [2024/02/12]</b></summary>
 
   * add possibility to download all symbols from a given ISF URL [[#1007](https://github.com/LDO-CERT/orochi/issues/1007)]

compose/local/__init__.py

@@ -14,6 +14,13 @@
 
 import volatility3.framework.constants.linux
 import volatility3.framework.constants.windows
+from volatility3.framework.constants._version import (
+    PACKAGE_VERSION,
+    VERSION_MAJOR,
+    VERSION_MINOR,
+    VERSION_PATCH,
+    VERSION_SUFFIX,
+)
 
 PLUGINS_PATH = [
     os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "plugins")),
@@ -42,20 +49,6 @@
 BANG = "!"
 """Constant used to delimit table names from type names when referring to a symbol"""
 
-# We use the SemVer 2.0.0 versioning scheme
-VERSION_MAJOR = 2  # Number of releases of the library with a breaking change
-VERSION_MINOR = 7  # Number of changes that only add to the interface
-VERSION_PATCH = 0  # Number of changes that do not change the interface
-VERSION_SUFFIX = ""
-
-# TODO: At version 2.0.0, remove the symbol_shift feature
-
-PACKAGE_VERSION = (
-    ".".join([str(x) for x in [VERSION_MAJOR, VERSION_MINOR, VERSION_PATCH]])
-    + VERSION_SUFFIX
-)
-"""The canonical version of the volatility3 package"""
-
 AUTOMAGIC_CONFIG_PATH = "automagic"
 """The root section within the context configuration for automagic values"""