Dear Michael (@jkat54),
we successfully use your Splunk Addon SSL Certificate Checker Version 4.0.2 with the internal Splunk Certificates. Thank you for sharing.
Now we had the idea also to check some external Certificates, means certs on same server but not splunk certs.
Unfortunately I don’t get this up and runnig.
I tried to run the commands manually (see results below).
ssl_checker3 worked
ssl_checker2 failed
I configured the location manually and through the UI. It seems a python module is missing, but I cannot find it. I run a fresh install of Splunk 8.1 on a Test System.
splunk@ultra:~/etc/apps/ssl_checker/bin$ python3 ssl_checker3.py cert="/opt/splunk/etc/auth/cacert.pem" b'expires="Jan 28 20:26:54 2027 GMT\n'
cert="/opt/splunk/etc/auth/appsCA.pem" b'expires="Jan 28 12:00:00 2028 GMT\n'
cert="/opt/splunk/etc/auth/appsLicenseCA.pem" b'expires="Mar 8 12:00:00 2023 GMT\n'
cert="/opt/splunk/etc/auth/server.pem" b'expires="Nov 5 12:20:38 2023 GMT\n'
cert="/opt/splunk/etc/auth/splunkweb/cert.pem" b'expires="Nov 5 12:20:40 2023 GMT\n'
So if python is installed in the system, we can also use the app on UF. Thats fine! 😉
splunk@ultra:~/etc/apps/ssl_checker/bin$ python3 ssl_checker2.py Traceback (most recent call last):
File "ssl_checker2.py", line 19, in <module>
import splunk.mining.dcutils as dcu
ModuleNotFoundError: No module named 'splunk'
Okay, the splunk python modules are missing. When I run with the splunk internal python it shows me the following.
splunk@ultra:~/etc/apps/ssl_checker/bin$ /opt/splunk/bin/python3 ssl_checker2.py 'str' object has no attribute 'decode'
The config Files look like this:
splunk@ultra:~/etc/apps/ssl_checker/bin$ cat ../local/ssl.conf
[SSLConfiguration]
disabled = 0
certPaths = /cribl/local/cribl/auth/server.pem
splunk@ultra:~/etc/apps/ssl_checker/bin$ cat ../local/inputs.conf
[script://./bin/ssl_checker2.py]
disabled = 0
[script://./bin/ssl_checker3.py]
disabled = 0
splunk@ultra:~/etc/apps/ssl_checker/bin$
So the problem seems to be with script ”ssl_checker2.py” and the error: “'str' object has no attribute 'decode'”
Do you have an idea, what could go wrong and how we could track that down? Your help would be really appreciated.
Kind Regards
Thilo
Since there was no reply, we simply added a scripted input to workaround this. It works as expected.
i changed
- from -
message = 'cert="' + sslPath + '" ' + dates.replace('=','="').replace('\n','"|').replace('|',' ')
- to -
message = 'cert="' + sslPath + '" ' + dates.replace('b\'','').replace('=','="').replace('\\n\'','"')
in ssl_checker3.py for version 4.0.2 to get rid of outputs like:
cert="/opt/splunk/etc/auth/appsCA.pem" b'expires="Jan 28 12:00:00 2028 GMT\n'
Since there was no reply, we simply added a scripted input to workaround this. It works as expected.