Closed eeriedusk closed 1 year ago
FYI - The "checks" are failing as a result of our build systems not including the new OpenSSL requirements which results in a build break. I'll have to take a look at the licensing requirements but assuming that is all ok, I'll update our build systems to include OpenSSL.
@MarioHewardt Any update on this request?
Sorry for the delay (I was out of the office for a bit). I will take a look hopefully by mid next week.
@eeriedusk We should also add openssl as a dependency to the control.in file.
@MarioHewardt I moved the hash flag handling from linuxHelpers.cpp
to sysmonforlinux.c
, handleEvent
can now call processProcessCreate
to set m_HashType
. I also double check stringBuffer[256]
for overflow even though it shouldn't happen. I guess the checks failed because of the SysmonCommon dependency 😕
I forced OPT_VALUE( HashAlgorithms )
in a unsigned int *hashTypePtr
variable to avoid the Dereference of null pointer
.
It seems like the other warnings were already occuring on previous SysmonForLinux versions (tested on the main branch
e790b90014595744777b4d7a77804407a008eb1e and the 1.2.0.0 release).
I've approved both PR's. Please merge the SysmonCommon one first and then update this PR with the latest SysmonCommon submodule commit.
You will have to merge the SysmonCommon PR as I don't have the write access on both repositories
SysmonCommon has been merged.
@eeriedusk Thanks much for the work on this!
This pull request adds the feature to calculate an event image hash through a new
LinuxHelper
LinuxGetFileHash
.It allows to configure SHA1, MD5 and/or SHA256 through the HashAlgorithms configuration tag and depends on
OpenSSL::Crypto
(libssl-dev
/openssl-devel
). OpenSSL being here an easy solution, it's also possible to replace it by standard headers in case of any licensing difficulties.As the
N_Hash
field is handled byeventsCommon.cpp
in the SysmonCommon submodule, this pull request fully depends and is directly linked to another PR on the SysmonCommon repository.