Archive

Splunk's Cherrypy httpd server version info disable

Communicator

Hey Splunkers,

I have a question about Splunk security itself. I was told by one of my customer that cherrypy (Splunk Python based web server) returns with version info like this "CherryPy httpd 3.1.4" which showing the version of the server is a vurnerabilty. The customer told me to disable the httpd server info at connection.

Is there anyone know hows to disable "Cherrypy httpd" version info from cherrypy web requests?

Tags (1)
0 Karma

Communicator

Hi,

I had a specific case with the same need and got success by changing the file:

$SPLUNK_HOME/lib/python2.7/site-packages/splunk/appserver/mrsparkle/root.py

Find the line:

'tools.staticdir.strip_version' : False,

Change to:

'tools.staticdir.strip_version' : True,

Good luck

0 Karma

Communicator

Hi,

I had a specific case with the same need and got success by changing the file:

$SPLUNK_HOME/lib/python2.7/site-packages/splunk/appserver/mrsparkle/root.py

Find the line:

'tools.staticdir.strip_version' : False,

Change to:

'tools.staticdir.strip_version' : True,

Good luck

0 Karma

SplunkTrust
SplunkTrust

I think it is debatable that showing the version of a component is a "vulnerability". Trying to hide it is little more than security by obscurity. That said, sometimes it is far, far easier to just hide the version than convince a stupid vulnerability scanner of its false positives.

To my knowledge, Splunk provides no out-of-the-box way of doing this. If this is necessary, I would recommend filing an Enhancement Request with Splunk support. Describe why this functionality is important to you, as this helps Splunk project management prioritize work.

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!