Closed eeriedusk closed 1 year ago
MarioHewardt
commented
1 year ago FYI - The "checks" are failing as a result of our build systems not including the new OpenSSL requirements which results in a build break. I'll have to take a look at the licensing requirements but assuming that is all ok, I'll update our build systems to include OpenSSL.
eeriedusk
commented
1 year ago @MarioHewardt Any update on this request?
MarioHewardt
commented
1 year ago Sorry for the delay (I was out of the office for a bit). I will take a look hopefully by mid next week.
MarioHewardt
commented
1 year ago @eeriedusk We should also add openssl as a dependency to the control.in file.
eeriedusk
commented
1 year ago @MarioHewardt I moved the hash flag handling from linuxHelpers.cpp to sysmonforlinux.c, handleEvent can now call processProcessCreate to set m_HashType. I also double check stringBuffer[256] for overflow even though it shouldn't happen. I guess the checks failed because of the SysmonCommon dependency 😕
eeriedusk
commented
1 year ago I forced OPT_VALUE( HashAlgorithms ) in a unsigned int *hashTypePtr variable to avoid the Dereference of null pointer.
It seems like the other warnings were already occuring on previous SysmonForLinux versions (tested on the main branch
e790b90014595744777b4d7a77804407a008eb1e and the 1.2.0.0 release).
MarioHewardt
commented
1 year ago I've approved both PR's. Please merge the SysmonCommon one first and then update this PR with the latest SysmonCommon submodule commit.
eeriedusk
commented
1 year ago You will have to merge the SysmonCommon PR as I don't have the write access on both repositories
MarioHewardt
commented
1 year ago SysmonCommon has been merged.
MarioHewardt
commented
1 year ago @eeriedusk Thanks much for the work on this!
This pull request adds the feature to calculate an event image hash through a new
LinuxHelperLinuxGetFileHash.It allows to configure SHA1, MD5 and/or SHA256 through the HashAlgorithms configuration tag and depends on
OpenSSL::Crypto(libssl-dev/openssl-devel). OpenSSL being here an easy solution, it's also possible to replace it by standard headers in case of any licensing difficulties.As the
N_Hashfield is handled byeventsCommon.cppin the SysmonCommon submodule, this pull request fully depends and is directly linked to another PR on the SysmonCommon repository.