Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-17 14:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge remote-tracking branch 'origin/topic/johanna/ssl-policy'

Browse source 
* origin/topic/johanna/ssl-policy:
  Extend the weak-keys policy file to also alert when encountering ssl connections with old versions as well as unsafe cipher suites.

BIT-1321 #merged
This commit is contained in:
Robin Sommer 2015-03-02 17:17:32 -08:00
commit 07222bb107
9 changed files with 108 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

9
CHANGES
View file

@ -1,4 +1,13 @@
2.3-493 | 2015-03-02 17:17:32 -0800
* Extend the SSL weak-keys policy file to also alert when
encountering SSL connections with old versions as well as unsafe
cipher suites. (Johanna Amann)
* Make the notice suppression handling of other SSL policy files a
tad more robust. (Johanna Amann)
2.3-491 | 2015-03-02 17:12:56 -0800 2.3-491 | 2015-03-02 17:12:56 -0800
* Updating docs for recent addition of local_resp. (Robin Sommer) * Updating docs for recent addition of local_resp. (Robin Sommer)

3
NEWS
View file

@ -58,6 +58,9 @@ New Functionality
C++11 mode with a corresponding compiler. Note that 2.4 will be the C++11 mode with a corresponding compiler. Note that 2.4 will be the
last version of Bro that compiles without C++11 support. last version of Bro that compiles without C++11 support.
- The SSL analysis now alert when encountering SSL connections with
old protocol versions or unsafe cipher suites.
Changed Functionality Changed Functionality
--------------------- ---------------------

2
VERSION
View file

@ -1 +1 @@
2.3-491 2.3-493

9
scripts/policy/protocols/ssl/validate-certs.bro
View file

@ -12,16 +12,16 @@ export {
## invalid. ## invalid.
Invalid_Server_Cert Invalid_Server_Cert
}; };
redef record Info += { redef record Info += {
## Result of certificate validation for this connection. ## Result of certificate validation for this connection.
validation_status: string &log &optional; validation_status: string &log &optional;
}; };
## MD5 hash values for recently validated chains along with the ## MD5 hash values for recently validated chains along with the
## validation status message are kept in this table to avoid constant ## validation status message are kept in this table to avoid constant
## validation every time the same certificate chain is seen. ## validation every time the same certificate chain is seen.
global recently_validated_certs: table[string] of string = table() global recently_validated_certs: table[string] of string = table()
&read_expire=5mins &synchronized &redef; &read_expire=5mins &synchronized &redef;
} }
@ -33,6 +33,7 @@ event ssl_established(c: connection) &priority=3
return; return;
local chain_id = join_string_vec(c$ssl$cert_chain_fuids, "."); local chain_id = join_string_vec(c$ssl$cert_chain_fuids, ".");
local hash = c$ssl$cert_chain[0]$sha1;
local chain: vector of opaque of x509 = vector(); local chain: vector of opaque of x509 = vector();
for ( i in c$ssl$cert_chain ) for ( i in c$ssl$cert_chain )
@ -57,7 +58,7 @@ event ssl_established(c: connection) &priority=3
local message = fmt("SSL certificate validation failed with (%s)", c$ssl$validation_status); local message = fmt("SSL certificate validation failed with (%s)", c$ssl$validation_status);
NOTICE([$note=Invalid_Server_Cert, $msg=message, NOTICE([$note=Invalid_Server_Cert, $msg=message,
$sub=c$ssl$subject, $conn=c, $sub=c$ssl$subject, $conn=c,
$identifier=cat(c$id$resp_h,c$id$resp_p,c$ssl$validation_status)]); $identifier=cat(c$id$resp_h,c$id$resp_p,hash,c$ssl$validation_status)]);
} }
} }

3
scripts/policy/protocols/ssl/validate-ocsp.bro
View file

@ -34,9 +34,10 @@ event ssl_stapled_ocsp(c: connection, is_orig: bool, response: string) &priority
event ssl_established(c: connection) &priority=3 event ssl_established(c: connection) &priority=3
{ {
if ( ! c$ssl?$cert_chain || |c$ssl$cert_chain| == 0 || !c$ssl?$ocsp_response ) if ( ! c$ssl?$cert_chain || |c$ssl$cert_chain| == 0 || ! c$ssl$cert_chain[0]?$x509 || !c$ssl?$ocsp_response )
return; return;
local hash = c$ssl$cert_chain[0]$sha1;
local chain: vector of opaque of x509 = vector(); local chain: vector of opaque of x509 = vector();
for ( i in c$ssl$cert_chain ) for ( i in c$ssl$cert_chain )
{ {

58
scripts/policy/protocols/ssl/weak-keys.bro
View file

@ -1,5 +1,5 @@
##! Generate notices when SSL/TLS connections use certificates or DH parameters ##! Generate notices when SSL/TLS connections use certificates, DH parameters,
##! that have potentially unsafe key lengths. ##! or cipher suites that are deemed to be insecure.
@load base/protocols/ssl @load base/protocols/ssl
@load base/frameworks/notice @load base/frameworks/notice
@ -11,17 +11,20 @@ export {
redef enum Notice::Type += { redef enum Notice::Type += {
## Indicates that a server is using a potentially unsafe key. ## Indicates that a server is using a potentially unsafe key.
Weak_Key, Weak_Key,
## Indicates that a server is using a potentially unsafe version
Old_Version,
## Indicates that a server is using a potentially unsafe cipher
Weak_Cipher
}; };
## The category of hosts you would like to be notified about which have ## The category of hosts you would like to be notified about which are using weak
## certificates that are going to be expiring soon. By default, these ## keys/ciphers/protocol_versions. By default, these notices will be suppressed
## notices will be suppressed by the notice framework for 1 day after a particular ## by the notice framework for 1 day after a particular host has had a notice
## certificate has had a notice generated. Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ## generated. Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS
## ALL_HOSTS, NO_HOSTS
const notify_weak_keys = LOCAL_HOSTS &redef; const notify_weak_keys = LOCAL_HOSTS &redef;
## The minimal key length in bits that is considered to be safe. Any shorter ## The minimal key length in bits that is considered to be safe. Any shorter
## (non-EC) key lengths will trigger the notice. ## (non-EC) key lengths will trigger a notice.
const notify_minimal_key_length = 2048 &redef; const notify_minimal_key_length = 2048 &redef;
## Warn if the DH key length is smaller than the certificate key length. This is ## Warn if the DH key length is smaller than the certificate key length. This is
@ -29,6 +32,17 @@ export {
## certificate key length. However, it is very common and cannot be avoided in some ## certificate key length. However, it is very common and cannot be avoided in some
## settings (e.g. with old jave clients). ## settings (e.g. with old jave clients).
const notify_dh_length_shorter_cert_length = T &redef; const notify_dh_length_shorter_cert_length = T &redef;
## Warn if a server negotiates a SSL session with a protocol version smaller than
## the specified version. By default, the minimal version is TLSv10 because SSLv2
## and v3 have serious security issued.
## See https://tools.ietf.org/html/draft-thomson-sslv3-diediedie-00
## To disable, set to SSLv20
const tls_minimum_version = TLSv10 &redef;
## Warn if a server negotiates an unsafe cipher suite. By default, we only warn when
## encountering old export cipher suites, or RC4 (see RFC7465).
const unsafe_ciphers_regex = /(_EXPORT_)|(_RC4_)/ &redef;
} }
# We check key lengths only for DSA or RSA certificates. For others, we do # We check key lengths only for DSA or RSA certificates. For others, we do
@ -43,6 +57,7 @@ event ssl_established(c: connection) &priority=3
local fuid = c$ssl$cert_chain_fuids[0]; local fuid = c$ssl$cert_chain_fuids[0];
local cert = c$ssl$cert_chain[0]$x509$certificate; local cert = c$ssl$cert_chain[0]$x509$certificate;
local hash = c$ssl$cert_chain[0]$sha1;
if ( !cert?$key_type || !cert?$key_length ) if ( !cert?$key_type || !cert?$key_length )
return; return;
@ -56,7 +71,32 @@ event ssl_established(c: connection) &priority=3
NOTICE([$note=Weak_Key, NOTICE([$note=Weak_Key,
$msg=fmt("Host uses weak certificate with %d bit key", key_length), $msg=fmt("Host uses weak certificate with %d bit key", key_length),
$conn=c, $suppress_for=1day, $conn=c, $suppress_for=1day,
$identifier=cat(c$id$resp_h, c$id$resp_h, key_length) $identifier=cat(c$id$resp_h, c$id$resp_h, hash, key_length)
]);
}
# Check for old SSL versions and weak connection keys
event ssl_server_hello(c: connection, version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count) &priority=3
{
if ( ! addr_matches_host(c$id$resp_h, notify_weak_keys) )
return;
if ( version < tls_minimum_version )
{
local minimum_string = version_strings[tls_minimum_version];
local host_string = version_strings[version];
NOTICE([$note=Old_Version,
$msg=fmt("Host uses protocol version %s which is lower than the safe minimum %s", host_string, minimum_string),
$conn=c, $suppress_for=1day,
$identifier=cat(c$id$resp_h, c$id$resp_h)
]);
}
if ( unsafe_ciphers_regex in c$ssl$cipher )
NOTICE([$note=Weak_Cipher,
$msg=fmt("Host established connection using unsafe ciper suite %s", c$ssl$cipher),
$conn=c, $suppress_for=1day,
$identifier=cat(c$id$resp_h, c$id$resp_h, c$ssl$cipher)
]); ]);
} }

33
testing/btest/Baseline/scripts.policy.protocols.ssl.weak-keys/notice-out.log Normal file
View file

@ -0,0 +1,33 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path notice
#open 2015-02-25-21-37-10
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double
1398558136.430417 CXWv6p3arKYeMETxOg 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::Weak_Key Host uses weak DH parameters with 1024 key bits - 192.168.18.50 162.219.2.166 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - -
1398558136.430417 CXWv6p3arKYeMETxOg 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::Weak_Key DH key length of 1024 bits is smaller certificate key length of 2048 bits - 192.168.18.50 162.219.2.166 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - -
1398558136.542637 CXWv6p3arKYeMETxOg 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::Weak_Key Host uses weak certificate with 2048 bit key - 192.168.18.50 162.219.2.166 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - -
#close 2015-02-25-21-37-10
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path notice
#open 2015-02-25-21-37-10
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double
1397165496.713940 CXWv6p3arKYeMETxOg 192.168.4.149 59062 91.227.4.92 443 - - - tcp SSL::Old_Version Host uses protocol version SSLv2 which is lower than the safe minimum TLSv10 - 192.168.4.149 91.227.4.92 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - -
#close 2015-02-25-21-37-11
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path notice
#open 2015-02-25-21-37-11
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double
1170717505.734145 CXWv6p3arKYeMETxOg 192.150.187.164 58868 194.127.84.106 443 - - - tcp SSL::Weak_Cipher Host established connection using unsafe ciper suite TLS_RSA_WITH_RC4_128_MD5 - 192.150.187.164 194.127.84.106 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - -
1170717505.934612 CXWv6p3arKYeMETxOg 192.150.187.164 58868 194.127.84.106 443 - - - tcp SSL::Weak_Key Host uses weak certificate with 1024 bit key - 192.150.187.164 194.127.84.106 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - -
#close 2015-02-25-21-37-11

12
testing/btest/Baseline/scripts.policy.protocols.ssl.weak-keys/notice.log
View file

@ -1,12 +0,0 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path notice
#open 2014-04-27-07-15-32
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double
1398558136.430417 CXWv6p3arKYeMETxOg 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::Weak_Key Host uses weak DH parameters with 1024 key bits - 192.168.18.50 162.219.2.166 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - -
1398558136.430417 CXWv6p3arKYeMETxOg 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::Weak_Key DH key length of 1024 bits is smaller certificate key length of 2048 bits - 192.168.18.50 162.219.2.166 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - -
1398558136.542637 CXWv6p3arKYeMETxOg 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::Weak_Key Host uses weak certificate with 2048 bit key - 192.168.18.50 162.219.2.166 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - -
#close 2014-04-27-07-15-32

7
testing/btest/scripts/policy/protocols/ssl/weak-keys.bro
View file

@ -1,5 +1,10 @@
# @TEST-EXEC: bro -r $TRACES/tls/dhe.pcap %INPUT # @TEST-EXEC: bro -r $TRACES/tls/dhe.pcap %INPUT
# @TEST-EXEC: btest-diff notice.log # @TEST-EXEC: cp notice.log notice-out.log
# @TEST-EXEC: bro -r $TRACES/tls/ssl-v2.trace %INPUT
# @TEST-EXEC: cat notice.log >> notice-out.log
# @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace %INPUT
# @TEST-EXEC: cat notice.log >> notice-out.log
# @TEST-EXEC: btest-diff notice-out.log
@load protocols/ssl/weak-keys @load protocols/ssl/weak-keys