Security

Checking http port [80]: already bound ERROR: The http port [80] is already bound. Splunk needs to use this port. Would you like to change ports? [y/n]:

bwooden
Splunk Employee
Splunk Employee

On a Solaris machine, I modified $SLUNK_HOME/etc/system/local/web.conf to use httpport = 80
The below error was then presented when trying to start splunk-web:

 Checking prerequisites...
 Checking http port [80]: already bound
 ERROR: The http port [80] is already bound. Splunk needs to use this port.
 Would you like to change ports? [y/n]: n
 Exiting....

The following did not reveal any other port 80 uses

> netstat -an | grep 80
---
> telnet 127.0.0.1 80
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
telnet: Unable to connect to remote host

I was also unable to telnet to port 80 from another machine TO this machine. Port 80 was not in use. What else might have caused Splunk to report port 80 was already bound?

1 Solution

bwooden
Splunk Employee
Splunk Employee

Splunk was not installed by or being started by root.
Splunk was being started by splunkuser.
splunkuser could not start any service on a privileged port (port < 1024)

Resolution:

> usermod -K defaultpriv=basic,net_privaddr splunkuser

This updated the file /etc/user_attr and allowed splunkuser to start a splunk-web instance on port 80.

What if you can't do this due to governance? Check out these alternatives

View solution in original post

bwooden
Splunk Employee
Splunk Employee

Splunk was not installed by or being started by root.
Splunk was being started by splunkuser.
splunkuser could not start any service on a privileged port (port < 1024)

Resolution:

> usermod -K defaultpriv=basic,net_privaddr splunkuser

This updated the file /etc/user_attr and allowed splunkuser to start a splunk-web instance on port 80.

What if you can't do this due to governance? Check out these alternatives

bwooden
Splunk Employee
Splunk Employee
0 Karma

bwooden
Splunk Employee
Splunk Employee

Yes it is. I started the question with "On a Solaris machine" but should have peppered that in a few more places for clarity.

0 Karma

gkanapathy
Splunk Employee
Splunk Employee

This is rather OS-specific. What particular operating system are these instructions valid for?

0 Karma

bwooden
Splunk Employee
Splunk Employee

Additionally, "loopback" was being resolved by DNS to another host which was listening on port 80. This was remedied by mapping 127.0.0.1 to loopback in /etc/hosts as well as confirming that the hosts file took precedence over DNS queries in /etc/nsswitch.conf

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...