[Zeek] Bro 2.5/2.6 on FIPS-enabled Host
Johanna Amann
johanna at icir.org
Tue Feb 5 02:01:31 PST 2019
Hi Stephen,
a pull request about this was actually just merged; see
https://github.com/zeek/zeek/pull/232 and
https://github.com/zeek/zeek/pull/255.
This will be in the 2.7 version once it is released. For 2.6 and
earlier, the easiest is probably to set the magic “MD5 is allowed”
environment variable that most distributions that I know offer and to
note in your security policy that this is ok because Zeek does not use
MD5 for security, only to output hash information.
Johanna
On 5 Feb 2019, at 11:03, Stephen Neyens wrote:
> I have tried my Google-fu far and wide, but I have not found a
> solution yet to operate Bro on a FIPS-enabled host. When FIPS is
> enabled via the kernel, Bro refuses to start because of its use of
> MD5. Any assistance in the matter would be appreciated.
>
> - Stephen
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
More information about the Zeek
mailing list