[Bro] Adding trusted cert to Bro (Security Onion)

Castle, Shane scastle at bouldercounty.org
Wed Jan 9 09:21:06 PST 2013

First, you need to look in policy/protocols/ssl, if you're checking the share/bro hierarchy.

Also, look at this: http://mailman.icsi.berkeley.edu/pipermail/bro/2012-February/005333.html 

Shane Castle
Data Security Mgr, Boulder County IT

-----Original Message-----
From: bro-bounces at bro-ids.org [mailto:bro-bounces at bro-ids.org] On Behalf Of Michael Bower
Sent: Wednesday, January 09, 2013 10:06
To: bro at bro-ids.org
Subject: [Bro] Adding trusted cert to Bro (Security Onion)

Im looking to add our internal domain CA to Bro so it can validate certs that are generated from the server.  I am new to Bro, so Im not sure where to start.

I found this: http://www.bro-ids.org/bro-workshop-2011/solutions/extending/index.html

Which sounds like it is exactly what I need to do, Im just not sure how to go about it.  

My SO deployment is a distributed setup (1 Master, 2 sensors so far).  On the sensors, I have checked /opt/bro/share/bro/site/local.bro and found the following: 

# This script enables SSL/TLS certificate validation.
@load protocols/ssl/validate-certs

Checking the protocols/ssl directory, I don't see that script.  My question is, will it get loaded if I created the validate-certs script its looking for?

Any help will be appreciated. 




More information about the Bro mailing list