All Apps and Add-ons

Limit DB Connect Query Seever to localhost

afx
Contributor

Hi,
after installing DB Connect and configuring it, I now have Java listening on all interfaces (Port 9999, 1090).
How can this be restricted to localhost?

thx
afx

spunk_enthusias
Path Finder

What a crazy oversight, right? This isn't just some authenticated port that you can't do anything with or something someone would ever actually normally connect to from the outside. No, this thing opens up a very direct tunnel into the java server to the whole network using the Splunk custom command protocol. What?!?!

Splunk has been negatively impressing me regarding everything surrounding custom search commands (the DB Connect commands are implemented as such) and DB Connect is an especially hard-to-predict-hard-to-debug example.

While I can't answer your question directly, I can tell you what didn't work for me. I was hoping that setting the vmopts option -Daddress=127.0.0.1 or -Dserver.address=127.0.0.1 would help, since that's what works for some Spring Boot applications (which I'm not sure DB Connect is, but it might be).

Perhaps firewalling would work or network namespaces/containerization.

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...