Installation

Why does the OpenSSL library not load on Mac OS X 10.9?

andrewbohman
Explorer

I'm running the splunk UF on a Mac Mini running OS X 10.9.5 and any script that calls on the splunk binary for openSSL crashes with the error:
dyld: Library not loaded: /Users/eserv/wrangler/build-home/6.2.1/lib/libssl.1.0.0.dylib
Referenced from: /Applications/splunkforwarder/bin/openssl
Reason: image not found
Trace/BPT trap: 5

The scripts reference the library path but it still crashes.
EX: CMD='eval date ; eval LD_LIBRARY_PATH=$SPLUNK_HOME/lib $SPLUNK_HOME/bin/openssl sha1 $PASSWD_FILE ; cat $PASSWD_FILE'

The scripts will work if ran using OS X openssl bin instead of the splunk one.
EX: CMD='eval date ; openssl sha1 $PASSWD_FILE ; cat $PASSWD_FILE'

I don't what the scripts to use the non-splunk bin as that could cause troubles in the future as either the openssl bin\library or the splunk install get changed as that would require re-editing the scripts.

Labels (2)
0 Karma

yannK
Splunk Employee
Splunk Employee

Please call the openssl command in the context of splunk, to have the proper variables.

example
/opt/splunkforwarder/bin/splunk cmd openssl sha1 /etc/passwd

0 Karma

andrewbohman
Explorer

it works when I run the command as in the example /opt/splunkforwarder/bin/splunk cmd openssl sha1 /etc/passwd
but the shell scripts that invoke the openssl command do not work. I stopped and restarted Splunk using sudo /Application/splunkforwarder/bin/splunk stop and then* sudo /Application/splunkforwarder/bin/splunk start* but the scripts still fail should I edit the scripts to change $SPLUNK_HOME/bin/openssl sha1 to $SPLUNK_HOME/bin/splunk cmd openssl sha1

0 Karma

yannK
Splunk Employee
Splunk Employee

yes use the cms and put the path to the .../bin/splunk

0 Karma

andrewbohman
Explorer

That works though I would not think that it should be necessary since the splunk process is calling the cmd that then has to call the splunk bin and then cmd again to get openssl to work.

0 Karma

yannK
Splunk Employee
Splunk Employee

Yes, the context is not clear, splunk is supposed to call the script as himself.
The "splunk cmd" command must do an additional thing, maybe forcing the script to use the splunk openssl binary, instead of the openssl from the system.

I cannot tell.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...