[Bro-Dev] [JIRA] (BIT-1214) Updating Root CAs used for ssl.log
[ https://bro-tracker.atlassian.net/browse/BIT-1214?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Johanna Amann reassigned BIT-1214: -- Assignee: Johanna Amann > Updating Root CAs used for ssl.log > -- > > Key: BIT-1214 > URL: https://bro-tracker.atlassian.net/browse/BIT-1214 > Project: Bro Issue Tracker > Issue Type: Task > Components: Bro > Environment: Running on RHEL 6.5 >Reporter: Robert W >Assignee: Johanna Amann > Labels: logging > > Need assistance confirming how to update the root CAs that Bro uses for the > ssl.log. When list of websites are visited from the logs that have used a > self-signed cert but within that list a number of sites are actually trusted. > I found some documentation that states you need to take a DER formatted > version of your root public key and convert it to Bro's hex string, etc. > http://comments.gmane.org/gmane.comp.security.detection.bro/4117 > Could you confirm the steps to take to resolve this specific issue? I am > trying to ensure there isn't a specific location in a local config that will > allow me to set the path. Please advise if you need any additional > information. -- This message was sent by Atlassian JIRA (v6.3-OD-08-005-WN#6328) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1213) broccoli/bindings/broccoli-python not building correctly
[
https://bro-tracker.atlassian.net/browse/BIT-1213?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robin Sommer updated BIT-1213:
--
Resolution: Merged (was: Fixed)
Status: Closed (was: Merge Request)
> broccoli/bindings/broccoli-python not building correctly
>
>
> Key: BIT-1213
> URL: https://bro-tracker.atlassian.net/browse/BIT-1213
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: broccoli-python
>Affects Versions: 2.3
> Environment: OS-X 10.9.3
>Reporter: Nicholas Weaver
>Assignee: Robin Sommer
>
> The setup.py routine fails due to path changes in 2.3, namely that the
> broccoli.h file is now in ../../build/src, as is the resulting library.
> This patch appears to work:
> diff --git a/setup.py b/setup.py
> index 8a017f1..9cd19ae 100755
> --- a/setup.py
> +++ b/setup.py
> @@ -12,8 +12,8 @@ setup(name="broccoli-python",
> py_modules=['broccoli'],
> ext_modules = [
> Extension("_broccoli_intern", ["broccoli_intern_wrap.c"],
> - include_dirs=["../../src"],
> - library_dirs=["../../src/.libs"],
> + include_dirs=["../../build/src"],
> + library_dirs=["../../build/src"],
>libraries=["broccoli"])]
> )
--
This message was sent by Atlassian JIRA
(v6.3-OD-08-005-WN#6328)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1215) bro-cut should be rewritten in C for speed and to not depend on gawk
Daniel Thayer created BIT-1215: -- Summary: bro-cut should be rewritten in C for speed and to not depend on gawk Key: BIT-1215 URL: https://bro-tracker.atlassian.net/browse/BIT-1215 Project: Bro Issue Tracker Issue Type: Improvement Components: bro-aux Reporter: Daniel Thayer Fix For: 2.4 The current implementation of bro-cut is too slow when processing large log files (takes more than a minute to process a single log file a few hundred MB in size). Justin Azoff rewrote bro-cut in C and found that it runs an order of magnitude faster. Another benefit of a C version of bro-cut is that we will no longer depend on gawk for anything (and some of Bro's supported platforms do not include gawk by default). -- This message was sent by Atlassian JIRA (v6.3-OD-08-005-WN#6328) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1216) Add Modbus record documentation
grigorescu created BIT-1216: --- Summary: Add Modbus record documentation Key: BIT-1216 URL: https://bro-tracker.atlassian.net/browse/BIT-1216 Project: Bro Issue Tracker Issue Type: Improvement Components: Bro Affects Versions: git/master Reporter: grigorescu Priority: Low Modbus records aren't documented: http://www.bro.org/sphinx-git/scripts/base/init-bare.bro.html#type-ModbusCoils While uid, tid, pid might mean something in Modbus terminology, it'd be nice to at least mention what they are (even something like: Modbus transaction ID). -- This message was sent by Atlassian JIRA (v6.3-OD-08-005-WN#6328) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1215) bro-cut should be rewritten in C for speed and to not depend on gawk
[ https://bro-tracker.atlassian.net/browse/BIT-1215?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Thayer updated BIT-1215: --- Component/s: Bro > bro-cut should be rewritten in C for speed and to not depend on gawk > > > Key: BIT-1215 > URL: https://bro-tracker.atlassian.net/browse/BIT-1215 > Project: Bro Issue Tracker > Issue Type: Improvement > Components: Bro, bro-aux >Reporter: Daniel Thayer > Fix For: 2.4 > > > The current implementation of bro-cut is too slow when processing large log > files (takes more than a minute to process a single log file a few hundred MB > in size). Justin Azoff rewrote bro-cut in C and found that it runs an order > of magnitude faster. Another benefit of a C version of bro-cut is that we > will no longer depend on gawk for anything (and some of Bro's supported > platforms do not include gawk by default). -- This message was sent by Atlassian JIRA (v6.3-OD-08-005-WN#6328) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1215) bro-cut should be rewritten in C for speed and to not depend on gawk
[ https://bro-tracker.atlassian.net/browse/BIT-1215?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17102#comment-17102 ] Daniel Thayer commented on BIT-1215: Branch topic/dnthayer/ticket1215 in bro and bro-aux repos contains the new bro-cut, and a couple of doc changes (remove gawk from list of optional Bro dependencies, and update btest sphinx PATH so that the documentation examples that use bro-cut can find the new bro-cut). > bro-cut should be rewritten in C for speed and to not depend on gawk > > > Key: BIT-1215 > URL: https://bro-tracker.atlassian.net/browse/BIT-1215 > Project: Bro Issue Tracker > Issue Type: Improvement > Components: Bro, bro-aux >Reporter: Daniel Thayer > Fix For: 2.4 > > > The current implementation of bro-cut is too slow when processing large log > files (takes more than a minute to process a single log file a few hundred MB > in size). Justin Azoff rewrote bro-cut in C and found that it runs an order > of magnitude faster. Another benefit of a C version of bro-cut is that we > will no longer depend on gawk for anything (and some of Bro's supported > platforms do not include gawk by default). -- This message was sent by Atlassian JIRA (v6.3-OD-08-005-WN#6328) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1215) bro-cut should be rewritten in C for speed and to not depend on gawk
[ https://bro-tracker.atlassian.net/browse/BIT-1215?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Thayer updated BIT-1215: --- Status: Merge Request (was: Open) > bro-cut should be rewritten in C for speed and to not depend on gawk > > > Key: BIT-1215 > URL: https://bro-tracker.atlassian.net/browse/BIT-1215 > Project: Bro Issue Tracker > Issue Type: Improvement > Components: Bro, bro-aux >Reporter: Daniel Thayer > Fix For: 2.4 > > > The current implementation of bro-cut is too slow when processing large log > files (takes more than a minute to process a single log file a few hundred MB > in size). Justin Azoff rewrote bro-cut in C and found that it runs an order > of magnitude faster. Another benefit of a C version of bro-cut is that we > will no longer depend on gawk for anything (and some of Bro's supported > platforms do not include gawk by default). -- This message was sent by Atlassian JIRA (v6.3-OD-08-005-WN#6328) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1214) Updating Root CAs used for ssl.log
[ https://bro-tracker.atlassian.net/browse/BIT-1214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17103#comment-17103 ] Johanna Amann commented on BIT-1214: So - this question has two different answers, depending on what exactly is happening in your case. You mention that Bro does not validate certificates of sites that are actually trusted. In case the root-certificates that those sites chain back to are listed on http://www.mozilla.org/en-US/about/governance/policies/security-group/certs/included, this almost certainly means that the server is not sending one of the necessary intermediate certificates needed to verify the chain. Many browsers either cache those intermediate certificates or download them on-the-fly, so this kind of server configuration can go unnoticed for quite a while. You can use sites like https://www.ssllabs.com/ssltest/ to check your servers for this. In case the server is using a root certificate that is not included in the Mozilla root store (and hence not shipped with Bro), you have to add the extra root certificate to the list of root certificates known to Bro. The steps in the email thread should still be applicable - you can add your extra certificate to SSL::root_certs by adding it to local.bro like suggested in that thread. > Updating Root CAs used for ssl.log > -- > > Key: BIT-1214 > URL: https://bro-tracker.atlassian.net/browse/BIT-1214 > Project: Bro Issue Tracker > Issue Type: Task > Components: Bro > Environment: Running on RHEL 6.5 >Reporter: Robert W >Assignee: Johanna Amann > Labels: logging > > Need assistance confirming how to update the root CAs that Bro uses for the > ssl.log. When list of websites are visited from the logs that have used a > self-signed cert but within that list a number of sites are actually trusted. > I found some documentation that states you need to take a DER formatted > version of your root public key and convert it to Bro's hex string, etc. > http://comments.gmane.org/gmane.comp.security.detection.bro/4117 > Could you confirm the steps to take to resolve this specific issue? I am > trying to ensure there isn't a specific location in a local config that will > allow me to set the path. Please advise if you need any additional > information. -- This message was sent by Atlassian JIRA (v6.3-OD-08-005-WN#6328) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [Auto] Merge Status
Open Merge Requests === IDComponentReporter AssigneeUpdated For Version PrioritySummary --- - -- -- - -- BIT-1215 [1] Bro,bro-aux Daniel Thayer - 2014-07-102.4 Normal bro-cut should be rewritten in C for speed and to not depend on gawk [1] BIT-1215 https://bro-tracker.atlassian.net/browse/BIT-1215 ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
