Add Libsodium sodium support for sha256 filehashes #1381
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
It will switch from running OS_md5_sha1_File to OS_algorithm_File The output will be different. Enable with LIBSODIUM_ENABLED=y !! Incomplete and untested !!
will be prepended with the hash type followed by an '='. This will cause changes in analysisd, I think. It will have to handle the different hash strings and types. I can probably either change to a generic signature for "HASH changed," and maybe add the hash type into a field in the alert (like src_ip). Or continue with the way rules are currently written and add rules for the new hash types.
lots of devug left in, need to free file_sums or change how it's being handled plenty of other cleanups available. sleep now. code later
The instances that are MAC_PATH stayed the same.
Get rid of a free that was apparently not ok.
pass the opts in the function.
Also remove some debugging.
the opts to the functions that needed it instead. Much cleaner.
looking at when investigating later. I'm not sure if I should use GENERIC or BLAKE2B for the "generic" hash. It's set to GENERIC for now. Hopefully correct some ifdef/else/endif LIBSODIUM stuff. I think alert_msg was being overwritten in a few places making my actual hashes to be written as "xxx:xxx" (no value, basically) instead of the actual computed hashes. Also a bunch of debugging stuff that will be removed later.
Also try not to truncate the hashes when reporting changes.
|
|
to SHA256 and MD5. SHA256 should be good enough for integrity checking for now, and MD5 can be used with services (if necessary, and sha256 isn't an option).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
EXPERIMENTAL: Add support for sha256 checksums in syscheckd. It's optional for now under
USE_LIBSODIUM.If libsodium is enabled, sha1 is disabled. There's currently no way to choose it over sha256.
Only tested on OpenBSD and CentOS 7. Completely untested on Windows and other unix-like systems. Requires libsodium development packages on systems where developers are second class citizens.