All Apps and Add-ons

Splunk Add-on for Citrix XenServer: How do I fix passwords being stored in plain text in xsconfig.conf?

bertjo
Explorer

I was configuring the Splunk Add-On for Citrix XenServer and noticed the passwords are stored in plaintext in the xsconfig.conf file. How do I fix this?

1 Solution

cgardiner
Explorer
  I have downloaded and looked at the TA and the code being used and the simple answer to your question is no. It will not encrypt the password. The file in question is a plain text file for the TA developers own making and not something Splunk is even aware of. It would never be able to encrypt this password. If the app developer had made use of the build in password functionality and a setup.xml, this could have been handled easily. Optionally, the password could have been encrypted using his own algorithm if he so desired in the same way that DB connect does or did, but that was not done here.  
 Additionally, if you attempt to encrypt the password in the xsconfig.conf file on your own, you will break the app because the script is expecting a plain text string. IF you have any python development background and a few hours, you could make some changes to the xsUtils.py script where the user and password are read from the config and the session creation is performed. If you wrote your own encryption and decryption function into this script, all the individual input scripts would be able to make use of it. 
 Outside of this, your best bet is to try and contact the developer and ask if they would be open to adding some manner of encryption for the password on disk. Sorry I don't have a better option for you.

View solution in original post

cgardiner
Explorer
  I have downloaded and looked at the TA and the code being used and the simple answer to your question is no. It will not encrypt the password. The file in question is a plain text file for the TA developers own making and not something Splunk is even aware of. It would never be able to encrypt this password. If the app developer had made use of the build in password functionality and a setup.xml, this could have been handled easily. Optionally, the password could have been encrypted using his own algorithm if he so desired in the same way that DB connect does or did, but that was not done here.  
 Additionally, if you attempt to encrypt the password in the xsconfig.conf file on your own, you will break the app because the script is expecting a plain text string. IF you have any python development background and a few hours, you could make some changes to the xsUtils.py script where the user and password are read from the config and the session creation is performed. If you wrote your own encryption and decryption function into this script, all the individual input scripts would be able to make use of it. 
 Outside of this, your best bet is to try and contact the developer and ask if they would be open to adding some manner of encryption for the password on disk. Sorry I don't have a better option for you.

adonio
Ultra Champion

did you restart splunk?

0 Karma

bertjo
Explorer

Yes, it doesn't do anything. The best thing I can think of is that Splunk only looks for standard files (inputs.conf,etc.) and not something with the weird names like xsconfig.conf. If splunk wont do it automatically is there a way to manually do it?

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...