https://community.splunk.com/t5/Security/Redis-security-requirepass/m-p/676308#M17591 <P>I'm assuming the redis is packaged with your product. Here is the process we run. The splunk id could've been anything. However, the team that manages splunk platform in VZW also uses id splunk to identity original source software. I talked to the splunk team in VZW and he directed me to here.</P><P>1. Do you have redis included in one of the splunk products.</P><P>If yes, please show us how to set the password in one of the clients that connects to redis.</P><PRE>splunk 3839 1 0 Dec05 ? 00:31:12 splunkd -p 8089 start splunk 3845 3839 0 Dec05 ? 00:00:00 [splunkd pid=3839] splunkd -p 8089 start [process-runner] splunk 24625 24266 0 Dec06 pts/5 00:00:26 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf splunk 24631 24266 0 Dec06 pts/5 00:08:20 php k2_serverDaemon.php splunk 24637 24266 0 Dec06 pts/5 00:04:48 php k2_serverMonitor.php splunk 24643 24266 0 Dec06 pts/5 00:28:43 redis-server *:6379 splunk 24666 24625 0 Dec06 pts/5 00:00:01 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf splunk 24667 24625 0 Dec06 pts/5 00:00:02 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf splunk 24668 24625 0 Dec06 pts/5 00:00:01 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf splunk 24669 24625 0 Dec06 pts/5 00:00:01 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf splunk 24670 24625 0 Dec06 pts/5 00:00:02 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf splunk 26301 24625 0 Dec07 pts/5 00:00:01 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf splunk 26825 24625 0 Dec07 pts/5 00:00:01 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf splunk 46601 24625 0 Dec07 pts/5 00:00:02 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf splunk 52124 24625 0 Dec07 pts/5 00:00:01 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf</PRE><P>&nbsp;</P> Thu, 01 Feb 2024 18:08:15 GMT weicc84 2024-02-01T18:08:15Z https://community.splunk.com/t5/Security/Redis-security-requirepass/m-p/675789#M17577 <P>My company flagged redis being vulnerable to security because requirepass is not enabled. How do I enable it and give the password to the clients that connect to the redis?</P> Mon, 29 Jan 2024 15:49:14 GMT https://community.splunk.com/t5/Security/Redis-security-requirepass/m-p/675789#M17577 weicc84 2024-01-29T15:49:14Z https://community.splunk.com/t5/Security/Redis-security-requirepass/m-p/676297#M17590 <P>OK, and how is your question connected to Splunk?</P> Thu, 01 Feb 2024 17:02:51 GMT https://community.splunk.com/t5/Security/Redis-security-requirepass/m-p/676297#M17590 PickleRick 2024-02-01T17:02:51Z https://community.splunk.com/t5/Security/Redis-security-requirepass/m-p/676308#M17591 <P>I'm assuming the redis is packaged with your product. Here is the process we run. The splunk id could've been anything. However, the team that manages splunk platform in VZW also uses id splunk to identity original source software. I talked to the splunk team in VZW and he directed me to here.</P><P>1. Do you have redis included in one of the splunk products.</P><P>If yes, please show us how to set the password in one of the clients that connects to redis.</P><PRE>splunk 3839 1 0 Dec05 ? 00:31:12 splunkd -p 8089 start splunk 3845 3839 0 Dec05 ? 00:00:00 [splunkd pid=3839] splunkd -p 8089 start [process-runner] splunk 24625 24266 0 Dec06 pts/5 00:00:26 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf splunk 24631 24266 0 Dec06 pts/5 00:08:20 php k2_serverDaemon.php splunk 24637 24266 0 Dec06 pts/5 00:04:48 php k2_serverMonitor.php splunk 24643 24266 0 Dec06 pts/5 00:28:43 redis-server *:6379 splunk 24666 24625 0 Dec06 pts/5 00:00:01 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf splunk 24667 24625 0 Dec06 pts/5 00:00:02 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf splunk 24668 24625 0 Dec06 pts/5 00:00:01 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf splunk 24669 24625 0 Dec06 pts/5 00:00:01 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf splunk 24670 24625 0 Dec06 pts/5 00:00:02 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf splunk 26301 24625 0 Dec07 pts/5 00:00:01 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf splunk 26825 24625 0 Dec07 pts/5 00:00:01 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf splunk 46601 24625 0 Dec07 pts/5 00:00:02 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf splunk 52124 24625 0 Dec07 pts/5 00:00:01 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf</PRE><P>&nbsp;</P> Thu, 01 Feb 2024 18:08:15 GMT https://community.splunk.com/t5/Security/Redis-security-requirepass/m-p/676308#M17591 weicc84 2024-02-01T18:08:15Z https://community.splunk.com/t5/Security/Redis-security-requirepass/m-p/676313#M17592 <P>No. Splunk distribution does not include redis. Just as it doesn't include Apache httpd. Just because there are several processes on your box running with the same user that is used to run Splunk doesn't necessarily mean they are one software package.</P><P>Your listing shows that indeed splunk user is used to run several pieces of software but they are independent of Splunk and you should rather ask the person who deployed your server what is going on there (typically you don't use other stuff as splun user so it's a relatively unusual situation).</P> Thu, 01 Feb 2024 19:16:19 GMT https://community.splunk.com/t5/Security/Redis-security-requirepass/m-p/676313#M17592 PickleRick 2024-02-01T19:16:19Z https://community.splunk.com/t5/Security/Redis-security-requirepass/m-p/676319#M17593 <P>Thank you.</P> Thu, 01 Feb 2024 19:25:28 GMT https://community.splunk.com/t5/Security/Redis-security-requirepass/m-p/676319#M17593 weicc84 2024-02-01T19:25:28Z