[Bro] Adding trusted cert to Bro (Security Onion)
Scott Runnels
srunnels at gmail.com
Wed Jan 9 09:24:47 PST 2013
Michael,
In my recent (read: default) build for Security Onion, I have
validate-certs.bro.
scott at SO-511:/opt/bro$ find . -iname "*validate*"
./share/bro/policy/protocols/ssl/validate-certs.bro
Do you not have the same?
v/r
Scott
On Wed, Jan 9, 2013 at 12:06 PM, Michael Bower <mbower2 at gmail.com> wrote:
> Im looking to add our internal domain CA to Bro so it can validate certs
> that are generated from the server. I am new to Bro, so Im not sure where
> to start.
>
> I found this:
> http://www.bro-ids.org/bro-workshop-2011/solutions/extending/index.html
>
> Which sounds like it is exactly what I need to do, Im just not sure how to
> go about it.
>
> My SO deployment is a distributed setup (1 Master, 2 sensors so far). On
> the sensors, I have checked /opt/bro/share/bro/site/local.bro and found the
> following:
>
> # This script enables SSL/TLS certificate validation.
> @load protocols/ssl/validate-certs
>
> Checking the protocols/ssl directory, I don't see that script. My
> question is, will it get loaded if I created the validate-certs script its
> looking for?
>
> Any help will be appreciated.
>
> Thanks!
>
> --
>
> Mike
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
--
Scott Runnels
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130109/772dcfd9/attachment.html
More information about the Bro
mailing list