Security
Highlighted

Is mgmtHostPort secure?

Explorer

Hello,
As most large companies do these days, I've been placed on a naughty list for my lab instance of Splunk, running on winServer. I've tracked it down to the mgmtHostPort.

How do I secure that port to use SSL/TLS?

FYI, my web interface is secured and using port 8000, it's this darn internal mgmt port.

Per the doc, I disable it via service.conf, Splunk basically is not usable for searching.

Tags (3)
0 Karma
Highlighted

Re: Is mgmtHostPort secure?

Influencer

By default the management port uses self-signed certs, but it absolutely is SSL (TLS) enabled. If you'd like to secure it with properly signed, or locally signed by your company's CA, there are lots of docs out there. This was a great presentation by splunk legend Dwaddle a few years back.

https://conf.splunk.com/session/2015/conf2015_DWaddle_DefensePointSecurity_deploying_SplunkSSLBestPr...

0 Karma