All Apps and Add-ons

Limit DB Connect Query Seever to localhost

afx
Contributor

Hi,
after installing DB Connect and configuring it, I now have Java listening on all interfaces (Port 9999, 1090).
How can this be restricted to localhost?

thx
afx

spunk_enthusias
Path Finder

What a crazy oversight, right? This isn't just some authenticated port that you can't do anything with or something someone would ever actually normally connect to from the outside. No, this thing opens up a very direct tunnel into the java server to the whole network using the Splunk custom command protocol. What?!?!

Splunk has been negatively impressing me regarding everything surrounding custom search commands (the DB Connect commands are implemented as such) and DB Connect is an especially hard-to-predict-hard-to-debug example.

While I can't answer your question directly, I can tell you what didn't work for me. I was hoping that setting the vmopts option -Daddress=127.0.0.1 or -Dserver.address=127.0.0.1 would help, since that's what works for some Spring Boot applications (which I'm not sure DB Connect is, but it might be).

Perhaps firewalling would work or network namespaces/containerization.

0 Karma
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...