Installation

PYTHONHTTPSVERIFY

yohhpark
Path Finder

hi Expert Splunkers,

really appriciate if you take a look at bottom.

 

splunkforwarder running on UBUNTU

Warning: Attempting to revert the SPLUNK_HOME ownership
Warning: Executing "chown -R root /opt/splunkforwarder"

Splunk> Now with more code!

Checking prerequisites...
Management port has been set disabled; cli support for this configuratio n is currently incomplete.
Checking conf files for problems...
Invalid key in stanza [webhook] in /opt/splunkforwarder/etc/syst em/default/alert_actions.conf, line 229: enable_allowlist (value: false).
Your indexes and inputs configurations are not internally consis tent. For more information, run 'splunk btool check --debug'
Done
Checking default conf files for edits...
Validating installed files against hashes from '/opt/splunkforwarder/spl unkforwarder-9.0.5-e9494146ae5c-linux-2.6-x86_64-manifest'
All installed files intact.
Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
PYTHONHTTPSVERIFY is set to 0 in splunk-launch.conf disabling certificate valida tion for the httplib and urllib libraries shipped with the embedded Python inter preter; must be set to "1" for increased security
Done

 

 

 

1. installed splunk with root user

2. keep on getting that lines at the end start with PYTHONHTTPSVERIFY (first time seeing it)

3. inputs issue can be ignored.

Labels (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

1. Running Splunk as root is not advised for security reasons.

2. The PYTHONHTTPSVERIFY warning can be ignored if you're willing to accept the risk.  See https://docs.splunk.com/Documentation/Splunk/9.0.5/Security/EnableTLSCertHostnameValidation#Configur... for more information.  There is a known issue with enabling this feature so you may want to leave it off for now.  See https://docs.splunk.com/Documentation/Splunk/9.1.0/ReleaseNotes/Knownissues#Authentication_and_autho...

3. What is the "inputs issue"?

Btool is reporting an invalid setting in alert_actions.conf.  Verify the "enable_allowlist" setting is correct.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

1. Running Splunk as root is not advised for security reasons.

2. The PYTHONHTTPSVERIFY warning can be ignored if you're willing to accept the risk.  See https://docs.splunk.com/Documentation/Splunk/9.0.5/Security/EnableTLSCertHostnameValidation#Configur... for more information.  There is a known issue with enabling this feature so you may want to leave it off for now.  See https://docs.splunk.com/Documentation/Splunk/9.1.0/ReleaseNotes/Knownissues#Authentication_and_autho...

3. What is the "inputs issue"?

Btool is reporting an invalid setting in alert_actions.conf.  Verify the "enable_allowlist" setting is correct.

---
If this reply helps you, Karma would be appreciated.

yohhpark
Path Finder

thank you helps a lot!

 

but 1. how can I undo the running on root?

what would be the recommendation?

2. thank you for clarifying those

3. I understand this issue, cthis one can be ignore from our end.

thank you

0 Karma

richgalloway
SplunkTrust
SplunkTrust

To change Splunk to run as user 'splunk' follow these steps.

1) Stop Splunk

2) Edit the init.d or splunk.service file to set the user to be 'splunk'

For init.d, use command like these:

USER=splunk
...
splunk_start() {
  echo Starting Splunk...
  su - ${USER} -c '"/opt/splunk/bin/splunk" start --no-prompt --answer-yes'
  RETVAL=$?
  [ $RETVAL -eq 0 ] && touch /var/lock/subsys/splunk
}

3) Change the ownership of all files in $SPLUNK_HOME to 'splunk'

chown -r splunk:splunk /opt/splunk

4) Start Splunk

---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...