[Gloucs] Snort!
Jill Tovey
gloucs at mailman.lug.org.uk
Thu Apr 10 13:46:02 2003
For those that are interested, I have written a short summary of the
story so far...
The snortcenter uses curl to grab data from the sensor rather than using
httpd, so when I was adding my certificates to httpd it wasn't making
any difference.
Snort generates its own certificate for authenticating itself to itself,
however, a little while ago a bug was discovered in the CA process and
was subsequently patched in curl (apparently curl wouldn't accept
certificates that it couldn't verify against its own ca-bundle.crt).
So the problem is that the cert isn't signed by one of the Certificate
Authorities that curl recognises, unless they are from a recognised CA.
And even if they were from a recognised CA, they still are not being
used by snortcenter.
The current beta-test version of snort checks the curl version and uses
a -k option, but anything older than that has problems!!
To overcome this problem with my version of snort I am currently adding
a -k option into the files that are calling curl (db_pars.php,
sensor.inc.php, sensor.php).
Fingers crossed it might work!
Jill