Hey Splunkers,
I have a question about Splunk security itself. I was told by one of my customer that cherrypy (Splunk Python based web server) returns with version info like this "CherryPy httpd 3.1.4" which showing the version of the server is a vurnerabilty. The customer told me to disable the httpd server info at connection.
Is there anyone know hows to disable "Cherrypy httpd" version info from cherrypy web requests?
Hi,
I had a specific case with the same need and got success by changing the file:
$SPLUNK_HOME/lib/python2.7/site-packages/splunk/appserver/mrsparkle/root.py
Find the line:
'tools.staticdir.strip_version' : False,
Change to:
'tools.staticdir.strip_version' : True,
Good luck
Hi,
I had a specific case with the same need and got success by changing the file:
$SPLUNK_HOME/lib/python2.7/site-packages/splunk/appserver/mrsparkle/root.py
Find the line:
'tools.staticdir.strip_version' : False,
Change to:
'tools.staticdir.strip_version' : True,
Good luck
I think it is debatable that showing the version of a component is a "vulnerability". Trying to hide it is little more than security by obscurity. That said, sometimes it is far, far easier to just hide the version than convince a stupid vulnerability scanner of its false positives.
To my knowledge, Splunk provides no out-of-the-box way of doing this. If this is necessary, I would recommend filing an Enhancement Request with Splunk support. Describe why this functionality is important to you, as this helps Splunk project management prioritize work.