SCLogInfo("forcing magic lookup for logged files");
}
- const char *force_md5 = ConfNodeLookupChildValue(conf, "force-md5");
- if (force_md5 != NULL && ConfValIsTrue(force_md5)) {
-#ifdef HAVE_NSS
- FileForceMd5Enable();
- SCLogInfo("forcing md5 calculation for logged files");
-#else
- SCLogInfo("md5 calculation requires linking against libnss");
-#endif
- }
+ FileForceHashParseCfg(conf);
FileForceTrackingEnable();
SCReturnPtr(output_ctx, "OutputCtx");
}
SCLogInfo("forcing magic lookup for stored files");
}
- const char *force_md5 = ConfNodeLookupChildValue(conf, "force-md5");
- if (force_md5 != NULL && ConfValIsTrue(force_md5)) {
-#ifdef HAVE_NSS
- FileForceMd5Enable();
- SCLogInfo("forcing md5 calculation for stored files");
-#else
- SCLogInfo("md5 calculation requires linking against libnss");
-#endif
- }
+ FileForceHashParseCfg(conf);
SCLogInfo("storing files in %s", g_logfile_base_dir);
SCReturnPtr(output_ctx, "OutputCtx");
SCLogConfig("forcing magic lookup for logged files");
}
- const char *force_md5 = ConfNodeLookupChildValue(conf, "force-md5");
- if (force_md5 != NULL && ConfValIsTrue(force_md5)) {
-#ifdef HAVE_NSS
- FileForceMd5Enable();
- SCLogConfig("forcing md5 calculation for logged files");
-#else
- SCLogInfo("md5 calculation requires linking against libnss");
-#endif
- }
+ FileForceHashParseCfg(conf);
}
output_ctx->data = output_file_ctx;
}
/**
- * \brief Parse the filemd5 keyword
+ * \brief Parse the filemd5, filesha1 or filesha256 keyword
*
* \param det_ctx pattern matcher thread local data
* \param str Pointer to the user provided option
* \param type the hash algorithm
*
- * \retval filemd5 pointer to DetectFileHashData on success
+ * \retval hash pointer to DetectFileHashData on success
* \retval NULL on failure
*/
static DetectFileHashData *DetectFileHashParse (const DetectEngineCtx *de_ctx,
FILE *fp = NULL;
char *filename = NULL;
- /* We have a correct filemd5 option */
+ /* We have a correct hash algorithm option */
filehash = SCMalloc(sizeof(DetectFileHashData));
if (unlikely(filehash == NULL))
goto error;
#include "util-rohash.h"
-typedef struct DetectFileHashData {
+typedef struct DetectFileHashData_ {
ROHashTable *hash;
int negated;
} DetectFileHashData;
g_file_force_tracking = 1;
}
+
+/**
+ * \brief Function to parse forced file hashing configuration.
+ */
+void FileForceHashParseCfg(ConfNode *conf)
+{
+ BUG_ON(conf == NULL);
+
+ ConfNode *forcehash_node = NULL;
+
+ if (conf != NULL)
+ forcehash_node = ConfNodeLookupChild(conf, "force-hash");
+
+ if (forcehash_node != NULL) {
+ ConfNode *field = NULL;
+
+ TAILQ_FOREACH(field, &forcehash_node->head, next) {
+ if (field == NULL) {
+ break;
+ }
+
+ if (strcasecmp("md5", field->val) == 0) {
+#ifdef HAVE_NSS
+ FileForceMd5Enable();
+ SCLogConfig("forcing md5 calculation for logged or stored files");
+#else
+ SCLogInfo("md5 calculation requires linking against libnss");
+#endif
+ }
+
+ if (strcasecmp("sha1", field->val) == 0) {
+#ifdef HAVE_NSS
+ FileForceSha1Enable();
+ SCLogConfig("forcing sha1 calculation for logged or stored files");
+#else
+ SCLogInfo("sha1 calculation requires linking against libnss");
+#endif
+ }
+
+ if (strcasecmp("sha256", field->val) == 0) {
+#ifdef HAVE_NSS
+ FileForceSha256Enable();
+ SCLogConfig("forcing sha256 calculation for logged or stored files");
+#else
+ SCLogInfo("sha256 calculation requires linking against libnss");
+#endif
+ }
+ }
+ }
+}
+
int FileMagicSize(void)
{
/** \todo make this size configurable */
#include <sechash.h>
#endif
+#include "conf.h"
+
#include "util-streaming-buffer.h"
#define FILE_TRUNCATED 0x0001
void FileForceSha256Enable(void);
int FileForceSha256(void);
+void FileForceHashParseCfg(ConfNode *);
+
void FileForceTrackingEnable(void);
void FileStoreAllFiles(FileContainer *);
extended: yes # enable this for extended logging information
- files:
force-magic: no # force logging magic on all logged files
- force-md5: no # force logging of md5 checksums
+ # force logging of checksums, available hash functions are md5,
+ # sha1 and sha256
+ #force-hash: [md5]
#- drop:
# alerts: yes # log alerts that caused drops
# flows: all # start or all: 'start' logs only a single drop
enabled: no # set to yes to enable
log-dir: files # directory to store the files
force-magic: no # force logging magic on all stored files
- force-md5: no # force logging of md5 checksums
+ # force logging of checksums, available hash functions are md5,
+ # sha1 and sha256
+ #force-hash: [md5]
force-filestore: no # force storing of all files
#waldo: file.waldo # waldo file to store the file_id across runs
#filetype: regular # 'regular', 'unix_stream' or 'unix_dgram'
force-magic: no # force logging magic on all logged files
- force-md5: no # force logging of md5 checksums
+ # force logging of checksums, available hash functions are md5,
+ # sha1 and sha256
+ #force-hash: [md5]
# Log TCP data after stream normalization
# 2 types: file or dir. File logs into a single logfile. Dir creates
projects / thirdparty / suricata.git / commitdiff
