Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

SUID - running as non root but use port 80

thiru25
Explorer
‎11-15-2012 01:55 PM

I wanted to splunk searchead to run as nonroot but to use port 80. I tried to suid on splunk binary but it's having problems finding the libaries. I setup LD_LIBRARY_PATH but it's not using external LD_LIBRARY_PATH. Is there a way to set LD_LIBRARY_PATH before starting splunk?

I used following commands for suid.
chown root /opt/splunk/bin/splunk
chmod 4755 /opt/splunk/bin/splunk

Thanks,
Thiru.

Tags (1)
Reply

Ayn
Legend
‎11-15-2012 02:32 PM

Splunk will need root privileges to be able to listen to port 80. You could either mess around with suid bits and in the end miss the point of why you'd want Splunk not to run as root anyway, or you could have Splunk run completely as non-root and use iptables for redirecting incoming traffic on port 80 to whatever non-privileged port you configure Splunk to use.

For instance, with Splunk listening to port 8000:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8000
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...