node version and minor updates (arkime#2646)

* node version and minor updates

* added parliament for 31453

CONTRIBUTING.md

@@ -18,7 +18,7 @@ First, checkout the main [Arkime README](README.md) for information on how to bu
 **Then, get some test data!**
 
 * If using a VM/docker make sure your dev host has at least 2-3G of memory
-* Make sure `node` is in your path, currently main only supports Node version 16 (Use the latest version in "Node Versions" section of [CHANGELOG](CHANGELOG)), we recommend using [nvm](https://github.com/nvm-sh/nvm) to manage what version of node is installed
+* Make sure `node` is in your path, currently main only supports Node version 18 (Use the latest version in "Node Versions" section of [CHANGELOG](CHANGELOG)), we recommend using [nvm](https://github.com/nvm-sh/nvm) to manage what version of node is installed
 * Install [OpenSearch](https://opensearch.org/downloads.html) OR [Elasticsearch](https://www.elastic.co/downloads/past-releases#elasticsearch) (Use the latest version in "OpenSearch Versions" or "Elasticsearch versions" section of [CHANGELOG](CHANGELOG))
 * Start OpenSearch/Elasticsearch
 * If on a Mac install either [Homebrew](https://brew.sh) or [MacPorts](https://www.macports.org/)
@@ -31,9 +31,6 @@ First, checkout the main [Arkime README](README.md) for information on how to bu
 
 You should now have test data loaded, so let's **start the web app**:
 
-* Move to the Arkime viewer directory
-* Run `npm ci`
-* Move back up to the top level Arkime directory
 * Run `npm run viewer:test`
 * Now browse to the app at `http://localhost:8123`
 
@@ -75,7 +72,6 @@ Feature requests include new features and minor improvements to existing functio
 
 Feature requests are tracked as [GitHub Issues](https://guides.github.com/features/issues/).
 **Please follow these guidelines when submitting a feature request:**
-* Please use a [fork](https://guides.github.com/activities/forking/) to submit a [pull request](https://help.github.com/articles/creating-a-pull-request/) for your contribution.
 * Provide a clear and descriptive title
 * Describe the suggested feature in as much detail as possible
 * Use examples to help us understand the use case of the feature
@@ -99,6 +95,7 @@ To implement something new, please create an issue first so we can discuss it to
 * The README file in the tests directory provides additional information on the test cases
 * When creating a Pull Request please follow [best practices](https://github.com/trein/dev-best-practices/wiki/Git-Commit-Best-Practices) for creating git commits.
 * When your code is ready to be submitted, submit a Pull Request to begin the code review process.
+* Please use a [fork](https://guides.github.com/activities/forking/) to submit a [pull request](https://help.github.com/articles/creating-a-pull-request/) for your contribution.
 
 We only seek to accept code that you are authorized to contribute to the project. We have added a pull request template on our projects so that your contributions are made with the following confirmation:
 > I confirm that this contribution is made under an Apache 2.0 license and that I have the authority necessary to make this contribution on behalf of its copyright owner.
@@ -151,6 +148,7 @@ We encourage inclusive and professional interactions on our project. We welcome
 8. Click "Run workflow" button
 9. AFTER everything finishes, update the release notes https://github.com/arkime/arkime/releases/
 10. Profit!
+11. Edit CHANGELOG and configure.ac with the next version when ready
 
 ---
 

README.md

@@ -6,7 +6,7 @@
 
 
 # Arkime
-> Arkime (formerly Moloch) is a large scale, open source, indexed packet capture and search system.
+> Arkime is a large scale, open-source network analysis and packet capture system.
 
 ![banner](https://raw.githubusercontent.com/arkime/arkime/main/assets/[email protected])
 
@@ -29,12 +29,18 @@ Arkime is built to be deployed across many systems and can scale to handle tens
 
 ## Background
 
-Arkime was created to replace commercial full packet systems at AOL in 2012. By having complete control of hardware and costs, we found we could deploy full packet capture across all our networks for the same cost as just one network using a commercial tool.
+Arkime, previously named Moloch, was created to replace commercial full packet systems at AOL in 2012. By having complete control of hardware and costs, we found we could deploy full packet capture across all our networks for the same cost as just one network using a commercial tool.
 
-The Arkime system is comprised of 3 components:
+The Arkime system is comprised of 3 main components:
 * **capture** - A threaded C application that monitors network traffic, writes PCAP formatted files to disk, parses the captured packets, and sends metadata (SPI data) to elasticsearch.
 * **viewer** - A [node.js](http://nodejs.org/) application that runs per capture machine. It handles the web interface and transfer of PCAP files.
-* **[elasticsearch](https://www.elastic.co/guide/en/elasticsearch/reference/current/getting-started.html)** - The search database technology powering Arkime.
+* **[OpenSearch](https://opensearch.org/downloads.html)/[Elasticsearch](https://www.elastic.co/guide/en/elasticsearch/reference/current/getting-started.html)** - The search database technology powering Arkime.
+
+We also provide several optional applications:
+* **cont3xt** - An application that provides a structured approach to gathering contextual intelligence in support of technical investigations.
+* **esProxy** - A proxy that provides extra security between capture and OpenSearch/Elasticsearch.
+* **Parliament** - An application that monitors and is a front door to multiple Arkime clusters.
+* **wiseService** - An application that integrates threat intelligence into the session metadata.
 
 Once installed, a user can look at the data Arkime has captured using a simple web interface. Arkime provides multiple views of the data.  The primary view is the Sessions page that contains a list of sessions. Each session can be opened to view the metadata and PCAP data.
 
@@ -50,7 +56,7 @@ Another way to view the data is the SPI View page, which allows the user to see
 Most users should use the prebuilt binaries available at our [Downloads page](https://arkime.com/downloads) and follow the simple install instructions on that page.
 
 For advanced users, you can build Arkime yourself:
-* Make sure `node` is in your path, currently main only support Node version 16.x
+* Make sure `node` is in your path, currently main only support Node version 18 and not 19/20.
 * `git clone https://github.com/arkime/arkime` - latest version on github
 * `./easybutton-build.sh --install` - downloads all the prerequisites, build, and install
 * `make config` - performs an initial Arkime configuration
@@ -59,7 +65,7 @@ For advanced users, you can build Arkime yourself:
 
 ## Configuration
 
-Most of the system configuration will be performed in the `/data/arkime/etc/config.ini` file.  The variables are documented in our [Settings Wiki page](https://arkime.com/settings).
+Most of the system configuration will be performed in the `/opt/arkime/etc/config.ini` file.  The variables are documented in our [Settings Wiki page](https://arkime.com/settings).
 
 ## Usage
 
@@ -69,31 +75,19 @@ Once Arkime is running, point your browser to http://localhost:8005 to access th
 
 Access to Arkime is protected by using HTTPS with digest passwords or by using an authentication providing web server proxy. All PCAPs are stored on the sensors and are only accessed using the Arkime interface or API. Arkime is not meant to replace an IDS but instead work alongside them to store and index all the network traffic in standard PCAP format, providing fast access.
 
-Elasticsearch provides NO security by default, so ``iptables`` **MUST** be used to allow only Arkime machines to talk to the ``elasticsearch`` machines (ports 9200-920x) and for them to mesh connect (ports 9300-930x).  An example with 3 ES machines 2 nodes each and a viewer only machine
-```
-    for ip in arkimees1 arkimees2 arkimees3 arkimevieweronly1; do
-      iptables -A INPUT -i eth0 -p tcp --dport 9300 -s $ip -j ACCEPT
-      iptables -A INPUT -i eth0 -p tcp --dport 9200 -s $ip -j ACCEPT
-      iptables -A INPUT -i eth0 -p tcp --dport 9301 -s $ip -j ACCEPT
-      iptables -A INPUT -i eth0 -p tcp --dport 9201 -s $ip -j ACCEPT
-    done
-    iptables -A INPUT -i eth0 -p tcp --dport 9300 -j DROP
-    iptables -A INPUT -i eth0 -p tcp --dport 9200 -j DROP
-    iptables -A INPUT -i eth0 -p tcp --dport 9301 -j DROP
-    iptables -A INPUT -i eth0 -p tcp --dport 9201 -j DROP
-```
+
+* Arkime can be configured to use OpenSearch/Elasticsearch user auth or API keys.
 
 * Arkime machines should be locked down, however they need to talk to each other (port 8005), to the elasticsearch machines (ports 9200-920x), and the web interface needs to be open (port 8005).
 
 * Arkime ``viewer`` should be configured to use SSL.
 
-  - It's easiest to use a single certificate with multiple DNs.
+  - It's easiest to use a single certificate with multiple DNs or a wildcard.
   - Make sure you protect the cert on the filesystem with proper file permissions.
 
 * It is possible to set up a Arkime ``viewer`` on a machine that doesn't capture any data that gateways all requests.
 
-  - It is also possible to place Apache in front of Arkime, so it can handle the authentication and pass the username on to Arkime.
-  - This is how we deploy it.
+  - Using a reverse proxy (Caddy, Apache, ...) can handle the authentication and pass the username on to Arkime, this is how we deploy it.
 
 * A shared password stored in the Arkime configuration file is used to encrypt password hashes AND for inter-Arkime communication.