SSL for FreeBSD/bro

Greetings

In an effort to get a working bro+broccoli installation, I have installed FreeBSD v5.4 on a local server. I also installed bro and broccoli. I started bro with ./bro -i xl0 -f tcp broconn.bro. (I found xl0 with ifconfig and I'm guessing it's the same thing as eth0.) I tried to run the broconn program, but it has a dependancy on libssl.so that goes wanting. I'm not trying to do secure communication, it's been tough enough without it :wink: but I'm guessing it still wants the library.

I don't see anything relevant on the FreeBSD distribution disks with 'ssl' in the name. Can you point me to a source?

Thanks

Mike

Mike Muratet wrote:

Greetings

In an effort to get a working bro+broccoli installation, I have
installed FreeBSD v5.4 on a local server. I also installed bro and
broccoli. I started bro with ./bro -i xl0 -f tcp broconn.bro. (I found
xl0 with ifconfig and I'm guessing it's the same thing as eth0.) I tried
to run the broconn program, but it has a dependancy on libssl.so that
goes wanting. I'm not trying to do secure communication, it's been tough
enough without it :wink: but I'm guessing it still wants the library.

I don't see anything relevant on the FreeBSD distribution disks with
'ssl' in the name. Can you point me to a source?

Thanks

Mike
_______________________________________________
Bro mailing list
bro@bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

It is looking for the openssl library. Try running ldd on the broconn
binary:

[scottc@8-0-46-6a-dd-e3 test]$ ldd ./broconn
        libssl.so.4 => /lib/libssl.so.4 (0x00937000)
        libcrypto.so.4 => /lib/libcrypto.so.4 (0x00b2d000)
        libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00823000)
        libc.so.6 => /lib/tls/libc.so.6 (0x00111000)
        libgssapi_krb5.so.2 => /usr/kerberos/lib/libgssapi_krb5.so.2 (0x00f97000)
        libkrb5.so.3 => /usr/kerberos/lib/libkrb5.so.3 (0x0044c000)
        libcom_err.so.3 => /usr/kerberos/lib/libcom_err.so.3 (0x004c1000)
        libk5crypto.so.3 => /usr/kerberos/lib/libk5crypto.so.3 (0x002ef000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x003f0000)
        libdl.so.2 => /lib/libdl.so.2 (0x00249000)
        libz.so.1 => /usr/lib/libz.so.1 (0x008be000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x005fa000)

now make sure that the libssl.so that it wants is actually there. The
numbered version of the library (in this case 4) should be a symbolic
link to the libssl.so that the application is looking for.

There is a configure time option for Broccoli to set openssl location
info (try ./configure --help). You may also want to make sure that the
path to the library is in your LD_LIBRARY_PATH environmental variable.

good luck!

scott

Hi Mike,

Christian

Hi Mike,

Greetings

In an effort to get a working bro+broccoli installation, I have installed
FreeBSD v5.4 on a local server. I also installed bro and broccoli. I
started bro with ./bro -i xl0 -f tcp broconn.bro. (I found xl0 with ifconfig
and I'm guessing it's the same thing as eth0.) I tried to run the broconn
program, but it has a dependancy on libssl.so that goes wanting. I'm not
trying to do secure communication, it's been tough enough without it :wink: but
I'm guessing it still wants the library.

I don't see anything relevant on the FreeBSD distribution disks with 'ssl'
in the name. Can you point me to a source?

that's weird -- Broccoli's configure script does pretty detailed checks
for OpenSSL (it tries to link a program using SSL_new() before it trusts
libssl.so to work). Can you please send me the output of your configure
run, config.log, and, as Scott suggested, the ldd output. Thanks!

I have some good news, and some more good news. I checked the output from ldd broconn and it wanted libssl.so.4 and I have ver 3 on the FreeBSD system. I think what happened was that I left off the necessary flag when I untar'd your broccoli snapshot into my existing directory and so I still had the version that I copied over from the Linux box. I deleted the broccoli directory on the FreeBSD machine, untar'd your snapshot and rebuilt broccoli. It executes just fine. More importantly, it now communicates with its bro peer. Outstanding.

Having killed all the alligators I can now proceed to drain the swamp. Thanks for all your (and Scott and others) patient help. All I can figure is that the extra layer in Linux that gives you things like iptables fouls up the communication between bro and broccoli. I have not tried broccoli on a Linux box to the bro on the FreeBSD box, but it's really not a requirement for the experiments I'm doing.

I don't get out to the Bay area much anymore, but if and when I do the first round is on me.

Cheers

Mike

I have some good news, and some more good news. I checked the output from

Ooooh ...

ldd broconn and it wanted libssl.so.4 and I have ver 3 on the FreeBSD
system. I think what happened was that I left off the necessary flag when I
untar'd your broccoli snapshot into my existing directory and so I still had
the version that I copied over from the Linux box. I deleted the broccoli
directory on the FreeBSD machine, untar'd your snapshot and rebuilt
broccoli. It executes just fine. More importantly, it now communicates with
its bro peer. Outstanding.

YAY! Excellent news. Kudos for fighting hard! :slight_smile:

Beware of the cache issue I pointed out the other day. Robin says he's
already got a patch in the queue for it.

Having killed all the alligators I can now proceed to drain the swamp.
Thanks for all your (and Scott and others) patient help. All I can figure is
that the extra layer in Linux that gives you things like iptables fouls up
the communication between bro and broccoli. I have not tried broccoli on a
Linux box to the bro on the FreeBSD box, but it's really not a requirement
for the experiments I'm doing.

Interesting. If you find out more, we'll definitely be keen to hear the
details.

I don't get out to the Bay area much anymore, but if and when I do the first
round is on me.

Sounds like a plan. :wink:

Cheers,
Christian.