Prototype: hashmatch(filename, algorithm, hash)

Return type: boolean

Description: Compute the hash of file filename using the hash algorithm and test if it matches hash.

This function may be used to determine whether a system has a particular version of a binary file (e.g. software patch).

Arguments:

  • filename: string - Filename to hash - in the range: "?(/.*)
  • algorithm: - Hash or digest algorithm - one of
    • md5
    • sha1
    • sha256
    • sha384
    • sha512
  • hash: string - ASCII representation of hash for comparison - in the range: [a-zA-Z0-9_$(){}\[\].:]+

hash is an ASCII representation of the hash for comparison.

Example:

code
bundle agent example
{
classes:

  "matches" expression => hashmatch("/etc/passwd","md5","c5068b7c2b1707f8939b283a2758a691");

reports:

  matches::

    "File has correct version";

}