Security

PassAuth not working in Splunk 6.2

srobinsonxtl
Path Finder

I am writing a script were I need to pass authentication to access storage password. I update the commands.conf and added the passAuth = True as well as updated the inputs.conf with passAuth = admin, but I can't seem to get the sessionKey.

This code does work, sessionKey = splunk.auth.getSessionKey('admin','changeme') but when I do sessionKey= sys.stdin.readline().strip() it doesn't work. Am I missing something?

Here is my code:

import splunk.entity as entity
import splunk.auth, splunk.search
import sys, os


def getCredentials(sessionKey):
    myapp = 'test'
    try:
        # list all credentials
        entities = entity.getEntities(
            ['admin', 'passwords'], namespace=myapp,
            owner='nobody', sessionKey=sessionKey)
    except Exception, e:
        raise Exception(
            "Could not get %s credentials from splunk."
            "Error: %s" % (myapp, str(e)))
    credentials = []
    # return credentials
    for i, c in entities.items():
        credentials.append((c['username'], c['clear_password']))
    return credentials
    raise Exception("No credentials have been found")
sessionKey = sys.stdin.readline().strip()
print sessionKey
credentials = getCredentials(sessionKey)
for username, password in credentials:
    print username
    print password

Thanks for your help,

Stephen Robinson

0 Karma
1 Solution

srobinsonxtl
Path Finder

After taking a break and thinking about it, I was able to get this to work.

from splunk import Intersplunk as si
import splunk.entity as entity
import splunk.auth, splunk.search
import sys, os


def getCredentials(sessionKey):
    myapp = 'your_app_name'
    try:
        # list all credentials
        entities = entity.getEntities(
            ['admin', 'passwords'], namespace=myapp,
            owner='nobody', sessionKey=sessionKey)
    except Exception, e:
        raise Exception(
            "Could not get %s credentials from splunk."
            "Error: %s" % (myapp, str(e)))
    credentials = []
    # return credentials
    for i, c in entities.items():
        if c['username'] == 'filter_username_ you_want_to_get':
            credentials.append((c['username'], c['clear_password']))
    return credentials
    raise Exception("No credentials have been found")


settings = dict()
si.readResults(settings = settings, has_header = True)
sessionKey = settings['sessionKey']
print "username"

credentials = getCredentials(sessionKey)
for username, password in credentials:
        print password

View solution in original post

srobinsonxtl
Path Finder

After taking a break and thinking about it, I was able to get this to work.

from splunk import Intersplunk as si
import splunk.entity as entity
import splunk.auth, splunk.search
import sys, os


def getCredentials(sessionKey):
    myapp = 'your_app_name'
    try:
        # list all credentials
        entities = entity.getEntities(
            ['admin', 'passwords'], namespace=myapp,
            owner='nobody', sessionKey=sessionKey)
    except Exception, e:
        raise Exception(
            "Could not get %s credentials from splunk."
            "Error: %s" % (myapp, str(e)))
    credentials = []
    # return credentials
    for i, c in entities.items():
        if c['username'] == 'filter_username_ you_want_to_get':
            credentials.append((c['username'], c['clear_password']))
    return credentials
    raise Exception("No credentials have been found")


settings = dict()
si.readResults(settings = settings, has_header = True)
sessionKey = settings['sessionKey']
print "username"

credentials = getCredentials(sessionKey)
for username, password in credentials:
        print password
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...