Skip to content

Licenses

PunchPlatform Proprietary Software

All components included in PunchPlatform, that are not associated in PunchPlatform source code to any explicitly mentioned open-source licence, are Licensed under the Thales Inner Source Software License (Version 1.0, InnerPublic - OuterRestricted the "License");

The PunchPlatform distributions are (c) Copyright Thales Services 2017, although included packages, libraries or setups mentioned above as related to an open-source license may be copied or distributed as allowed by this specifically applicable license.

Supported OS

The PunchPlatform software can be deployed on :

  • Ubuntu 18.04 or later
  • Debian 9 or later (not tested)
  • CentOS 7 or later
  • RedHat 7 or later (not tested)

Third Party dependencies

The PunchPlatform software includes the following open-source components. For the associated version number, please refer to the Security Issues documentation

JQ

JSON parser/query command-line tool

Curl

Command-line HTTP queries tool (used by PunchPlatform bash scripts to interact with elasticsearch to manage drivers) (x86_64-pc-linux-gnu)

Jinja2

  • suggested deployment: ubuntu apt repositories (package python-jinja2)

Python

  • version: = 3.6.x
  • suggested deployment: platform dependent.

Java Runtime

The punchplatform requires the OpenJdk runtime 1.8

Apache Storm

Apache Spark

Kafka

Elasticsearch

ElastAlert

Apache Zookeeper(tm)

Kibana

Elastic Beats

Open Distro

Warning

the classpath exception is important:
"As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library."

Export of Cryptography

Punch socket endpoints can be configured with ciphering. Here are the available ciphers used with the default JDK ssl/tls provider:

"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
"TLS_RSA_WITH_AES_128_CBC_SHA256"
"TLS_RSA_WITH_AES_128_CBC_SHA"

Here are the available ciphers used with the default OPENSSL/OPENSSL_RFCNT ssl/tls provider:

"ECDHE-ECDSA-AES256-GCM-SHA384"
"ECDHE-ECDSA-AES256-SHA384"
"ECDHE-RSA-AES256-GCM-SHA384"
"ECDHE-RSA-AES256-SHA384"
"DHE-RSA-AES256-GCM-SHA384"
"DHE-RSA-AES256-SHA256"
"ECDHE-ECDSA-AES128-GCM-SHA256"
"ECDHE-RSA-AES128-GCM-SHA256"
"ECDHE-ECDSA-AES128-SHA256"
"ECDHE-RSA-AES128-SHA256"
"ECDHE-ECDSA-AES256-GCM-SHA384"
"ECDHE-RSA-AES256-GCM-SHA384"
"ECDHE-ECDSA-AES256-SHA384"
"ECDHE-RSA-AES256-SHA384"
"AES128-GCM-SHA256"
"AES128-SHA256"
"AES256-GCM-SHA384"
"AES256-SHA256"