=================================
This package provides an analyzer for Lightweight Directory Access Protocol write operations. The following operations will be written to ldap.log after running the analyzer:
- modifyRequest and modifyResponse
- modifyDNRequest and modifyDNResponse
- addRequest and addResponse
- deleteRequest and deleteResponse
- bindRequest and bindResponse
Additionally, the analyzer will deliver GSSAPI GSS-SPNEGO authentication data in LDAP bindRequests to the gssapi analyzer to be written to the Kerberos or NTLM logs.
- Install bro-pkg manager
$ pip install bro-pkg- (Recommended: latest version)
$ pip install git+git://github.com/bro/package-manager@master
- Configure bro-pkg & environment
- Bro-pkg needs PATH to bro-config:
$ export PATH=$PATH:/path_to/bro/build(modify /path/to) - Run the autoconfiguration:
$ bro-pkg autoconfig - Setup Bro's environment to match bro-pkgl
$ eval $(bro-pkg env)
- Run the plugin straight from git:
$ bro-pkg install ldap-analyzer- Test to make sure the plugin is loaded
$ bro -N | grep LDAP(you should see the plugin loaded) $ bro -C -r your_ldap.pcap( -C is optional and used if the pcap contains checksums. This must come before the -r )
$ git clone https://github.com/SoftwareConsultingEmporium/ldap-analyzer.git$ cd ldap-analyzer$ ./configure --bro-dist=/path/to/bro && make$ export BRO_PLUGIN_PATH=$BRO_PLUGIN_PATH/path/to/ldap-analyzer- Check if plugin got loaded
$ bro -N | grep LDAP - Run it :
$ bro -r your_ldap.pcap
- Testing script produces an error. It attempts to access a non-existent file.