[Bro] Adding trusted cert to Bro (Security Onion)
Michael Bower
mbower2 at gmail.com
Wed Jan 9 09:34:12 PST 2013
ugh, sorry...it IS there. I was in base. So where do I add the cert? Dump
it here? share/bro/base/protocols/ssl/
On Wed, Jan 9, 2013 at 12:24 PM, Scott Runnels <srunnels at gmail.com> wrote:
> Michael,
>
> In my recent (read: default) build for Security Onion, I have
> validate-certs.bro.
>
> scott at SO-511:/opt/bro$ find . -iname "*validate*"
> ./share/bro/policy/protocols/ssl/validate-certs.bro
>
> Do you not have the same?
>
> v/r
> Scott
>
>
>
>
> On Wed, Jan 9, 2013 at 12:06 PM, Michael Bower <mbower2 at gmail.com> wrote:
>
>> Im looking to add our internal domain CA to Bro so it can validate certs
>> that are generated from the server. I am new to Bro, so Im not sure where
>> to start.
>>
>> I found this:
>> http://www.bro-ids.org/bro-workshop-2011/solutions/extending/index.html
>>
>> Which sounds like it is exactly what I need to do, Im just not sure how
>> to go about it.
>>
>> My SO deployment is a distributed setup (1 Master, 2 sensors so far). On
>> the sensors, I have checked /opt/bro/share/bro/site/local.bro and found the
>> following:
>>
>> # This script enables SSL/TLS certificate validation.
>> @load protocols/ssl/validate-certs
>>
>> Checking the protocols/ssl directory, I don't see that script. My
>> question is, will it get loaded if I created the validate-certs script its
>> looking for?
>>
>> Any help will be appreciated.
>>
>> Thanks!
>>
>> --
>>
>> Mike
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>
>
>
> --
> Scott Runnels
>
>
--
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130109/6432ee6d/attachment.html
More information about the Bro
mailing list