I'm trying to configure the Duo Splunk Connector on a Splunk heavy forwarder to leverage the web proxy configuration I have in Splunk's server.conf. This configuration works for all Splunk web communication, but doesn't seem to apply for the Duo inputs.
This is a very "hacky" way but it works. I.e. fixing the app is beyond my scope of capabilities. Any updates to the app will almost certainly wipeout these modifications.
The Add-On uses the python module "duo_client" to make its api calls to DUO. I am modifying the duo_input.py file with an addition line of code in two if its functions. The file is located here:
Look for #Added the below line for the additional code in each code snippet.
Replace "proxyaddr" and "proxyport" with your proxy details.
First function: validate_arguments
def validate_arguments(ikey, skey, host, interval, offset_seconds=-140): ''' Ensures that the provided credentials have access to different log types Also check that the interval is >= 120 seconds to avoid rate limiting. ''' logger = logging.getLogger() if interval < 120: logger.error("User entered an interval under 120 seconds") print_error('The interval needs to be greater than or equal to 120 ' 'seconds') raise ValueError("User entered an interval under 120 seconds") admin = duo_client.admin.Admin( ikey=ikey, skey=skey, host=host, ca_certs=duo_client.client.DEFAULT_CA_CERTS, ) #Added the below line admin.set_proxy("proxyaddr", "proxyport") current_unix_ts = int(utils.get_time())
Second Function: run_script
def run_script(): """Method will instantiate a duo_client.Admin object with the configured ikey/skey/api_host. In addition, it will call each log collector class to poll the Duo adminapi for JSON encoded data that gets written to stdout. """ config = get_config() admin_api = duo_client.Admin( ikey=config['ikey'], skey=config['skey'], host=config['api_host'], ca_certs=None, ) #Added the below line admin_api.set_proxy("proxyaddr", "proxyport") logclasses = ( PaginatedAccountLog, PaginatedTelephonyLog, PaginatedAdministratorLog, PaginatedAuthenticationLog, PaginatedEndPointLog )
Hopefully the app is updated to include configuring a proxy via the UI.