[Bro] Adding trusted cert to Bro (Security Onion)

Michael Bower mbower2 at gmail.com
Wed Jan 9 09:06:22 PST 2013


Im looking to add our internal domain CA to Bro so it can validate certs
that are generated from the server.  I am new to Bro, so Im not sure where
to start.

I found this:
http://www.bro-ids.org/bro-workshop-2011/solutions/extending/index.html

Which sounds like it is exactly what I need to do, Im just not sure how to
go about it.

My SO deployment is a distributed setup (1 Master, 2 sensors so far).  On
the sensors, I have checked /opt/bro/share/bro/site/local.bro and found the
following:

# This script enables SSL/TLS certificate validation.
@load protocols/ssl/validate-certs

Checking the protocols/ssl directory, I don't see that script.  My question
is, will it get loaded if I created the validate-certs script its looking
for?

Any help will be appreciated.

Thanks!

-- 

Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130109/041a1723/attachment.html 


More information about the Bro mailing list