Posts Tagged ‘sguil’

OpenSSL creates CA serial file

Saturday, April 12th, 2008

Sguil Logo I have encountered error below when I followed the Sguil OPENSSL.README to generate a certificate with a local CA for my Sguil 0.7.0 installation on FreeBSD 7.0 Release.

[root@nsm]# openssl x509 -req -in sguild.req -CA CA.pem -CAkey privkey.pem -CAserial file.sr1 -out sguild.pem
Signature ok
Getting CA Private Key
Enter pass phrase for privkey.pem:
file.sr1: No such file or directory
82464:error:02001002:system library:fopen:No such file or directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:352:fopen('file.sr1','r')
82464:error:20074002:BIO routines:FILE_CTRL:system lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:354:

OpenSSL Logo From the error message, it is obvious that I did not have the file.sr1 there. Since this was the first time I used the CA to sign the certificate, I would need to create serial key containing serial key. So I run -CAcreateserial as below:

[root@nsm]# openssl x509 -req -in sguild.req -CA CA.pem -CAkey privkey.pem -CAcreateserial -out sguild.pem

This created a new file ( containing a serial number. The next time I have to use the -CAserial option when I create new certificate, and specify the path to this file name. The serial number will be incremented each time a new certificate is created.

Sguil 0.70 and Wireshark 1.0.0 Released

Monday, March 31st, 2008

Sguil LogoIt seems a bit late to announce both releases. After a long development process and beta testing, Sguil 0.7.0 has finally been released. It does not take long for modsec2sguil to work with the latest release as well. I have not upgraded my Sguil installation to 0.70 yet, but it won’t take a long time for me to do that because I plan to upgrade the hard disk as well, so every thing will be fresh installation, including the OS - FreeBSD 7.0.

Wireshark LogoIn my opinion, every network analysts should get familiar with these 2 tools, especially Wireshark. In this new version, Wireshark team has fixed few security vulnerabilities, and there is an experimental package for Mac OSX Intel as well.

Other than these releases, I have done a small upgrade from FreeBSD 6.2R to FreeBSD 6.3R recently, which I refer to here. This is only applicable if you are running GENERIC FreeBSD kernel.

[root@nsm /]# fetch

[root@nsm /]# fetch

[root@nsm /]# gpg --verify freebsd-update-upgrade.tgz.asc freebsd-update-upgrade.tgz

[root@nsm /]# tar -xf freebsd-update-upgrade.tgz

[root@nsm /]# sh -f freebsd-update.conf -r 6.3-RELEASE upgrade
Looking up mirrors... 1 mirrors found.
Fetching metadata signature for 6.2-RELEASE from done.
Fetching metadata index... done.
Fetching 1 metadata files... done.
Inspecting system... done.

WARNING: This system is running a "nsm-smpkernel-generic" kernel, which is not a
kernel configuration distributed as part of FreeBSD 6.2-RELEASE.
This kernel will not be updated: you MUST update the kernel manually
before running " install".

The following components of FreeBSD seem to be installed:
src/base src/bin src/contrib src/crypto src/etc src/games src/gnu
src/include src/krb5 src/lib src/libexec src/release src/rescue src/sbin
src/secure src/share src/sys src/tools src/ubin src/usbin world/base
world/catpages world/manpages

The following components of FreeBSD do not seem to be installed:
kernel/generic kernel/smp world/dict world/doc world/games world/info

Does this look reasonable (y/n)? y

Fetching metadata signature for 6.3-RELEASE from done.
Fetching metadata index... done.
Fetching 1 metadata patches. done.
Applying metadata patches... done.
Fetching 1 metadata files... done.
Inspecting system... done.
Preparing to download files... done.
Fetching 6233 patches.....10....20....30.................6230. done.
Applying patches... done.
Fetching 647 files... done.

The following files will be removed as part of updating to 6.3-RELEASE-p1:

[root@nsm /]# sh -f freebsd-update.conf install
[root@nsm /]# shutdown -r now

[root@nsm /]# sh -f freebsd-update.conf install
[root@nsm /]# shutdown -r now