Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

SUID - running as non root but use port 80

thiru25
Explorer
‎11-15-2012 01:55 PM

I wanted to splunk searchead to run as nonroot but to use port 80. I tried to suid on splunk binary but it's having problems finding the libaries. I setup LD_LIBRARY_PATH but it's not using external LD_LIBRARY_PATH. Is there a way to set LD_LIBRARY_PATH before starting splunk?

I used following commands for suid.
chown root /opt/splunk/bin/splunk
chmod 4755 /opt/splunk/bin/splunk

Thanks,
Thiru.

Tags (1)
Reply

Ayn
Legend
‎11-15-2012 02:32 PM

Splunk will need root privileges to be able to listen to port 80. You could either mess around with suid bits and in the end miss the point of why you'd want Splunk not to run as root anyway, or you could have Splunk run completely as non-root and use iptables for redirecting incoming traffic on port 80 to whatever non-privileged port you configure Splunk to use.

For instance, with Splunk listening to port 8000:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8000
Reply
Get Updates on the Splunk Community!

What the End of Support for Splunk Add-on Builder Means for You

Hello Splunk Community! We want to share an important update regarding the future of the Splunk Add-on Builder ...

Solve, Learn, Repeat: New Puzzle Channel Now Live

Welcome to the Splunk Puzzle PlaygroundIf you are anything like me, you love to solve problems, and what ...

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...