[SOLVED] Downgrading OpenSSL due to Bro install

DebianUserAmin · 10-11-2018, 01:21 PM

Hi all,

I'm trying to install Bro (IDS) on my Debian system, but due to Bro not supporting OpenSSL 1.1 i had to downgrade to 1.0. I did so by downloading the correct version and:

Code:

./configure
make
make install

Now when running:

Code:

openssl version

I get:

Code:

openssl: /usr/lib/x86_64-linux-gnu/libssl.so.1.1: version `OPENSSL_1_1_1' not found (required by openssl)
openssl: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1: version `OPENSSL_1_1_1' not found (required by openssl)

How do i fix this?

ondoho · 10-12-2018, 01:59 AM

i do not recommend this at all, esp. with such an important package.
backporting a newer version might be possible, but downgrading? :shakes_head:

what is this software, what does it do, maybe there are alternatives?

DebianUserAmin · 10-12-2018, 04:23 AM

Hi, thank you for your answer!

Bro is an Intruision detection system, see bro.org, there are not really any viable alternatives.

What do you exactly mean by not recommending? Do i have to make a complete reinstall of the system, installing the correct version the first time?

ondoho · 10-12-2018, 11:45 AM

oh, i'm sorry i misread that for being openssh.
but it doesn't really change what i said.
look at all the packages that depend on openssl:

Quote:

bind-tools borg coreutils curl dillo encfs git hexchat iputils ldns
lib32-openssl libarchive libevent libgit2 libmariadbclient libsasl libshout
libsrtp libssh libssh2 libvncserver lynx mupdf net-snmp nmap nodejs
openssh opusfile perl-net-ssleay postgresql-libs python python2 ruby s-nail
srt tcpdump testdisk unshield virtualbox w3m xmlsec

and these are only those i have installed!
now you circumvented debian package management and installed a different version on top of the one already provided by the system!
ouch ouch.

forget about installing intrusion detection software for now; we now need to make sure you didn't break your system.
not sure where to start;
maybe you can issue "make uninstall" or make install --uninstall" in the same place you issued "make install".
and

Code:

apt install --reinstall openssl

Quote:

What do you exactly mean by not recommending? Do i have to make a complete reinstall of the system, installing the correct version the first time?

it doesn't work like that.
on debian stable, you can only use the version provided by debian stable repositories.

idk; i see here pretty straight installation instructions; where exactly does it say that it needs a particular version of openssl?

DebianUserAmin · 10-12-2018, 12:49 PM

Thank you!

Code:

make uninstall
apt install --reinstall openssl

did the job!

Code:

openssl version

now returns:

Code:

OpenSSL 1.1.0f  25 May 2017

When i teturn to the Bro installer it now stops at 30% (before et stopped in the 80's), claiming this error:

Code:

fatal error: openssl/md5.h: No such file or directory

Something teels me I'm not out of the wood yet! Any ideas?

With regards to your question about Bro not supporting 1.1 then i can't gave an answer before recreating the installer stop at around 80%, I can't remember the error code now, but it lead me to a forum claiming it didn't support 1.1.

p.s. i did a reboot too

ondoho · 10-13-2018, 01:41 AM

i think you should delete the Bro directory and start afresh.
are you following the instructions here?

have you tried some of the binary releases?

looks like debian 9 is not supported, only debian 8 - and many many different ubuntu releases.

Quote:

Originally Posted by DebianUserAmin

With regards to your question about Bro not supporting 1.1 then i can't gave an answer before recreating the installer stop at around 80%, I can't remember the error code now, but it lead me to a forum claiming it didn't support 1.1.

seems legit.
but you should show us regardless.

DebianUserAmin · 10-13-2018, 06:43 AM

Yes, that is exactly the instructions I where following, I think I figured out a solution:
I wasn't aware that OpenSSL is preinstalled in Debian. So When I ran the

Code:

./configure

in the bro dir and got:

Code:

Could not find prerequisite package 'OpenSSL'

I figured it wasen't installed.

So I went to http://www.openssl.org as described and downloaded/installed the latest version.
This managed to get me past the earlier described error code of missing OpenSSL.
Great success i thought!
So I ran:

Code:

make

Where it stopped in the 80's (Actually 72%) with the error who lead me to believe I had to downgrade.

Now to the solution:
All along OpenSSL was 'sleeping' and all I had to do was install the package libssl-dev. By:

Code:

apt-get install libssl-dev

So far so good!

I'm now back to the original error that led me off course:

Code:

error: invalid use of incomplete type ‘X509 {aka struct x509_st}’
  if ( ! i2t_ASN1_OBJECT(buf, 255, ssl_cert->cert_info->key->algor->algorithm) )
                                           ^~
In file included from /usr/include/openssl/x509.h:20:0,
                 from /home/anon/Downloads/bro-2.5.5/src/file_analysis/analyzer/x509/X509.h:12,
                 from /home/anon/Downloads/bro-2.5.5/src/file_analysis/analyzer/x509/X509.cc:5:
/usr/include/openssl/ossl_typ.h:119:16: note: forward declaration of ‘X509 {aka struct x509_st}’
 typedef struct x509_st X509;

That lead me to this site claiming that the module in question does not support OpenSSl 1.1 and thus I would have to downgrade.

ondoho, thank you so much for your assistance. I would never have gotten this far without you!

Do you know how to fix this (hopefully) last issue?

ondoho · 10-14-2018, 05:26 AM

since bro does not seem to support the newest debian version (9), it stands to reason that it also does not support its (newer) version of openssl.

i forgot that on debian distro you alwys need to install -dev packages if you want to compile something, sorry about that.

all in all i'm not quite sure where you stand and what happened to your
a) debian install
b) Bro sources.

i repeat, i think you should start from scratch and be much more careful about system packages.
https://wiki.debian.org/DontBreakDebian

PS: if something in your system changes, you need to re-run ./configure before trying to compile again.
it's also possible to look at different options with ./configure --help