Suricata 6.0.9 is chosen to be the IDS engine in our project, but the IP team has big concerns on hassh module which is considered as a risk.
It turned out if we want to use Suricata we have to remove the hassh IP code, so my question is if there is no way to do it during compiling, which part of the code should i change/remove in Suricata source code? What is the risk? I am really worried about the quality and stability if we do so.
The current situation is we really want to remove it from code level, which means to modify the Suricata code
Based on my knowledge after code walk through, i think the core part is implemented via rust language, right? Maybe generate_hassh() in parser.rs is the one? If so we plan to set an empty value for the hassh_string and return, is that ok and secure? Thanks in advance!
In what way would the IP be violated, especially when it’s BSD3 clause.
Depending on the plan you might be more concerned about other license parts, especially if you plan to change parts of the code.
The IP department in our project considered the hassh feature in Suricata as a risk. But no too many details
We only have 2 options, give Suricata up or remove the hassh code (calculate the hassh string process) from the open source code. Meanwhile we are ready to deal with the license part, it’s ok to open the source
OK, great! So the point is whether generate_hassh() is the function I should remove or change? Could you please give me a clear answer so I can move forward, thanks!