[Bro] Adding trusted cert to Bro (Security Onion)

Michael Bower mbower2 at gmail.com
Wed Jan 9 10:01:14 PST 2013 

Cool, thanks for the help!


On Wed, Jan 9, 2013 at 12:59 PM, Scott Runnels <srunnels at gmail.com> wrote:

> Michael,
>
> There isn't.  You'll need to place it manually on each sensor.
>
> v/r
> Scott
>
>
> On Wed, Jan 9, 2013 at 12:49 PM, Michael Bower <mbower2 at gmail.com> wrote:
>
>> Also, creating something like this will work too?
>>
>> http://www.bro-ids.org/bro-workshop-2011/solutions/extending/mytrust.bro
>>
>>
>> On Wed, Jan 9, 2013 at 12:44 PM, Michael Bower <mbower2 at gmail.com> wrote:
>>
>>> Any way to push that bro script out from my SO master?
>>>
>>>
>>> On Wed, Jan 9, 2013 at 12:39 PM, Scott Runnels <srunnels at gmail.com>wrote:
>>>
>>>> Hi Michael,
>>>>
>>>> Were it me, I would place it in /opt/bro/share/bro/site/
>>>>
>>>>  then issue install and restart from within broctl.
>>>>
>>>> v/r
>>>> Scott Runnels
>>>>
>>>>
>>>>
>>>>
>>>> On Wed, Jan 9, 2013 at 12:34 PM, Michael Bower <mbower2 at gmail.com>wrote:
>>>>
>>>>> ugh, sorry...it IS there.  I was in base.  So where do I add the cert?
>>>>> Dump it here? share/bro/base/protocols/ssl/
>>>>>
>>>>>
>>>>> On Wed, Jan 9, 2013 at 12:24 PM, Scott Runnels <srunnels at gmail.com>wrote:
>>>>>
>>>>>> Michael,
>>>>>>
>>>>>> In my recent (read: default) build for Security Onion, I have
>>>>>> validate-certs.bro.
>>>>>>
>>>>>> scott at SO-511:/opt/bro$ find . -iname "*validate*"
>>>>>> ./share/bro/policy/protocols/ssl/validate-certs.bro
>>>>>>
>>>>>> Do you not have the same?
>>>>>>
>>>>>> v/r
>>>>>> Scott
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Jan 9, 2013 at 12:06 PM, Michael Bower <mbower2 at gmail.com>wrote:
>>>>>>
>>>>>>> Im looking to add our internal domain CA to Bro so it can validate
>>>>>>> certs that are generated from the server.  I am new to Bro, so Im not sure
>>>>>>> where to start.
>>>>>>>
>>>>>>> I found this:
>>>>>>> http://www.bro-ids.org/bro-workshop-2011/solutions/extending/index.html
>>>>>>>
>>>>>>> Which sounds like it is exactly what I need to do, Im just not sure
>>>>>>> how to go about it.
>>>>>>>
>>>>>>> My SO deployment is a distributed setup (1 Master, 2 sensors so
>>>>>>> far).  On the sensors, I have checked /opt/bro/share/bro/site/local.bro and
>>>>>>> found the following:
>>>>>>>
>>>>>>> # This script enables SSL/TLS certificate validation.
>>>>>>> @load protocols/ssl/validate-certs
>>>>>>>
>>>>>>> Checking the protocols/ssl directory, I don't see that script.  My
>>>>>>> question is, will it get loaded if I created the validate-certs script its
>>>>>>> looking for?
>>>>>>>
>>>>>>> Any help will be appreciated.
>>>>>>>
>>>>>>> Thanks!
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> Mike
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Bro mailing list
>>>>>>> bro at bro-ids.org
>>>>>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Scott Runnels
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> Mike
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Scott Runnels
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>> Mike
>>>
>>
>>
>>
>> --
>>
>> Mike
>>
>
>
>
> --
> Scott Runnels
>
>


-- 

Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130109/d8b274c2/attachment.html

More information about the Bro mailing list