Added Hash diff scanner

[okynos]

Hello!

This PR closes #177 and #167. This PR solves #193 and is related to and #96
Performed modifications:

• Added mechanism to select hash algorithm in monitor and Audit events. Ping @Angelozinna96
• Added mechanism to select hash in Hash diff scanner.
• Added Database handling to store hash of monitoring path.
• Added mechanism to update database files.
• Added thread called HashScanner to perform periodic scans of files.
• Improved current unit tests.
• Added specific unit tests for the new added modules.
• Improved Ubuntu system tests procedure, package build and Audit tests.
• Updated ElasticSearch template to include new HashScanner events.
• Added to config hashscanner section with the following parameters:
  • file, the path to store the database.
  • enabled, enable or disable the scanner thread.
  • interval, number of minutes to wait between hash scans.
  • algorithm, the selected algorithm to produce hash of files (Sha224/Sha256/Sha384/Sha512/Keccak224/Keccak256/Keccak384/Keccak512)
• Updated Linux, Windows and macOS default configuration files, we removed Audit enabled by default, added hashscanner configuration section.
• Updated the way to obtain hash of big files, now we will use the header (first MB) of the file instead of skip the hash.
• Fixed a bug that prevent required folders creation at init.
• Updated all configuration templates to add hashscanner section.
• This PR couldn't be merged until documentation PR is ready Added Hashscanner documentation and fixed some sections documentation.achiefs.github.io#18

Just for clarification the database contains the following information of each file:

• hash, the calculated checksum of the file at the moment of scan.
• timestamp, the time in millis (Unix Epoch) when the hash was analyzed.
• size, the size of the file when was analyzed.
• permissions, the permissions of the file at the moment of scan.
• path, the path of the analyzed file.

The hash event will output the following information:

• The stored information with previous information (check section above)
• The current file information (modifications)
• The operation performed over the file (currently limited to REMOVE/CREATE/WRITE)

FIM will perform the following event trigger path:

• A file is modified (Checksum changed) while FIM is running, HashEvent + MonitorEvent or AuditEvent will trigger (2 events)
• A file is modified while FIM is off, When FIM starts it will trigger HashEvent (1 event)
• A file changed permissions when FIM is running, it will trigger HashEvent + MonitorEvent or AuditEvent (2 events)
• A file changed permissions when FIM is off, it will trigger HashEvent after FIM starts (1 event)
• The rest of cases FIM will perform the same as previous versions.

Special thanks to:

• @jcl-concept for pushing the idea + testing and keep interested in the project.
• @Angelozinna96 for giving feedback of this development, it helps to improve the design.
• Those who always keep giving feedback, stars and push me to improve.

[Angelozinna96]

Thank you so much for your work, can't wait to test the new features with the next release.