Feature: Add image hash support#121
Conversation
|
FYI - The "checks" are failing as a result of our build systems not including the new OpenSSL requirements which results in a build break. I'll have to take a look at the licensing requirements but assuming that is all ok, I'll update our build systems to include OpenSSL. |
|
@MarioHewardt Any update on this request? |
|
Sorry for the delay (I was out of the office for a bit). I will take a look hopefully by mid next week. |
|
@eeriedusk We should also add openssl as a dependency to the control.in file. |
|
@MarioHewardt I moved the hash flag handling from |
|
I forced |
|
I've approved both PR's. Please merge the SysmonCommon one first and then update this PR with the latest SysmonCommon submodule commit. |
|
You will have to merge the SysmonCommon PR as I don't have the write access on both repositories |
|
SysmonCommon has been merged. |
|
@eeriedusk Thanks much for the work on this! |
2 participants
This pull request adds the feature to calculate an event image hash through a new
LinuxHelperLinuxGetFileHash.It allows to configure SHA1, MD5 and/or SHA256 through the HashAlgorithms configuration tag and depends on
OpenSSL::Crypto(libssl-dev/openssl-devel). OpenSSL being here an easy solution, it's also possible to replace it by standard headers in case of any licensing difficulties.As the
N_Hashfield is handled byeventsCommon.cppin the SysmonCommon submodule, this pull request fully depends and is directly linked to another PR on the SysmonCommon repository.