TLS issuer and subject fingerprints #225
Conversation
|
I should have the rspec failures sorted out later today. |
|
Thanks HD. I'll try to take a look at this later today. @ me to catch my attention earlier |
|
@tsellers-r7 thanks! it should be good for a first review |
xml/x509_subjects.xml
Outdated
| </fingerprint> | ||
|
|
||
|
|
||
| <!-- iDRAC with a MAC --> |
There was a problem hiding this comment.
for these (and perhaps other fingerprint groups) it would be better to put this differentiation in the description field as it will help more readily identify the difference between two fingerprints that would otherwise just be described as "Dell iDRAC Remote Access Controller"
xml/x509_subjects.xml
Outdated
| <param pos="0" name="hw.vendor" value="Dell"/> | ||
| <param pos="0" name="hw.product" value="iDRAC"/> | ||
| <param pos="1" name="dell.service_tag"/> | ||
| </fingerprint> |
There was a problem hiding this comment.
minor, here and elsewhere there is some inconsistent indentation.
xml/x509_issuers.xml
Outdated
| <param pos="0" name="os.product" value="Android" /> | ||
| <param pos="0" name="hw.device" value="Media Server" /> | ||
| <param pos="0" name="hw.vendor" value="ASUS" /> | ||
| <param pos="0" name="hw.product" value="Nexus Player" /> |
There was a problem hiding this comment.
minor, but the style regarding spaces before the close of a tag seems to vary in this file. I'd suggest a xmllint --format
xml/x509_issuers.xml
Outdated
| <param pos="0" name="hw.vendor" value="APC" /> | ||
| </fingerprint> | ||
|
|
||
| <fingerprint pattern="^CN=Temporary CA [a-fA-F0-9]{8}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{12},OU=Temporary CA"> |
|
The feedback provided so far should be resolved, thanks! |
xml/x509_issuers.xml
Outdated
| <param pos="0" name="os.vendor" value="VMWare"/> | ||
| <param pos="0" name="os.product" value="ESX"/> | ||
| <param pos="0" name="os.device" value="Hypervisor"/> | ||
| <param pos="0" name="os.cpe23" value="cpe:/o:vmware:esx:-"/> |
There was a problem hiding this comment.
Any indication that this is ESX cpe:/o:vmware:esx:- and not ESXi cpe:/o:vmware:esxi:-?
As a note, once this lands I'll try to add the ESXi host from my lab.
There was a problem hiding this comment.
These were indeed ESXi not ESX, updating.
|
@hdm - Unless you have anything you'd like to add to this before we land this I expect we will land this and release this afternoon. |
|
Excellent, thanks! I have piles of more fingerprints, but happy to let this one land first. |
|
Up to you |
|
Probably good to have this land first and then keep rolling things up for a bigger future PR (following any standardization changes were making, etc). |
This is a first run at fingerprints for TLS issuer and subject fields. I plan to keep updating this for a while, but would appreciate any feedback on the current state. Coverage-wise, this is about 50% of the systems that I am trying to match, but that doesn't include any Sonar scans.