[Zeek] Errors trying to implement the detection on CVE-2020-0601
Kayode Enwerem
Kayode_Enwerem at ao.uscourts.gov
Thu Mar 5 10:43:16 PST 2020
Hello,
I am trying to implement the detection of CVE-2020-0601 with zeek (https://blog.zeek.org/2020/01/detecting-cve-2020-0601-with-zeek.html) using the first package (https://github.com/0xxon/cve-2020-0601) but I keep encountering some errors.
Version for bro in my environment: bro version 2.5.5
First thing I did was add this to our local.bro file: redef CVE_2020_0601::log_certs = T;
But when I ran "broctl check" I got the following error message: error in /usr/local/bro/share/bro/site/local.bro, line 13: "redef" used but not previously defined (CVE_ 2020_0601::log_certs)
So I created the following file in "share/bro/base/frameworks/notice/cve-2020-0601.bro" and added the script from: https://github.com/0xxon/cve-2020-0601/blob/master/scripts/cve-2020-0601.bro
And also edited the following file "share/bro/base/frameworks/notice/__load__.bro" and added: @load ./cve-2020-0601
Now when I run "broctl check" I am getting the following error message:
error in /usr/local/bro/share/bro/base/frameworks/notice/./cve-2020-0601.bro, line 5: syntax error, at or near "option"
When I comment out line 5 line I get:
error in /usr/local/bro/share/bro/base/frameworks/notice/./cve-2020-0601.bro, line 26: unknown identifier Version::at_least, at or near "Version::at_least"
When I comment out line 26 I get:
error in /usr/local/bro/share/bro/base/frameworks/notice/./cve-2020-0601.bro, line 35: unknown identifier f, at or near "f"
Can someone please help me with this? Am I setting it up right?
Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200305/bff62660/attachment.html
More information about the Zeek
mailing list