Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to stop access to Port 8089 in Splunk or change password on Universal Forwarder?

dbatts
Explorer
‎06-14-2017 09:51 AM

On all the Universal Forwarders, any user has the ability to access REST API called Splunk ATOM Feed:Splunkd. They can access this on any Universal Forwarder by putting in https:localhost:8089 or loopback 127.0.0.1:8089. I am trying to disable this feature or at the very least change the default password. The research that I’ve done informed me that this is not being used since we are not running a deployment server and we currently don’t have plans to use one in the future. The interface itself seems to be locked down and you can’t make any changes to it just view.

Reply
1 Solution
Solved! Jump to solution
Solution

dbatts
Explorer
‎06-15-2017 08:01 AM

I contacted Splunk Engineering and the best way is disable port 8089 is

Go to: c:/splunkforwarder/etc/system/local/server.conf
Add: [httpServer]
disableDefaultPort=true

Restart: splunkforwarder in services

View solution in original post

Reply
Solved! Jump to solution
Solution

dbatts
Explorer
‎06-15-2017 08:01 AM

I contacted Splunk Engineering and the best way is disable port 8089 is

Go to: c:/splunkforwarder/etc/system/local/server.conf
Add: [httpServer]
disableDefaultPort=true

Restart: splunkforwarder in services

Reply
Solved! Jump to solution

esix_splunk
Splunk Employee
Splunk Employee
‎06-14-2017 11:39 PM

You can change the password for UF (and HF) from the cli very easily, via :

 ./splunk edit user admin -password newpassword -role admin -auth admin:changeme

This changes the password to 'newpassword'.

You can run this via installation scripts, or post-installation.

As for access to localhost:8089, best practice would be to use a localhost based firewall to restrict access to 8089 from outside of the box. ( Iptables, ipfw etc..)

0 Karma
Reply
Solved! Jump to solution

teunlaan
Contributor
‎06-14-2017 10:50 PM

You can change the default password by putting in a different 'passwd' file. But you have to do it @installation time, this van never be pushed with a deployment server.

0 Karma
Reply
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...