Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Unhash password found on Slave-apps

jaracan
Communicator
‎02-26-2019 11:38 PM

Hi Team,

We had an app for called "org_full_license_server_ssl" and it contains a server.conf
This server.conf has a parameter called "sslPassword".

Let say, the sslPassword is abcd1234 on this example.

So we had deploy the "org_full_license_server_ssl" using the CM's master-apps, and it was push to the Peer nodes/IDX slave-apps.
We notice that the server.conf's parameter value for sslPassword is a readable "abcd1234". Do we have insights why it did not got hash on the first place?

Or is the best practice to move the "org_full_license_server_ssl" from etc/slave-apps to etc/apps?
I am thinking, it might be the splunk.secret did not take effect if its on the etc/slave-apps

Any thoughts/insights?

Thanks

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

dkeck
Influencer
‎02-27-2019 12:31 AM

HI,

its normal that passwords do not get hashed in slave-apps or deplyomentapps.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎06-14-2020 01:49 PM

Hi

have you try to put those passwords under local not to default directory? At least some times this has fixed it.

r. Ismo

0 Karma
Reply
Solved! Jump to solution
Solution

dkeck
Influencer
‎02-27-2019 12:31 AM

HI,

its normal that passwords do not get hashed in slave-apps or deplyomentapps.

0 Karma
Reply
Solved! Jump to solution

jaracan
Communicator
‎02-27-2019 12:52 AM

Hi dkeck,

so the best practice to move the "org_full_license_server_ssl" from etc/slave-apps to etc/apps and then restart it so it will be hash, correct?

0 Karma
Reply
Solved! Jump to solution

dkeck
Influencer
‎02-27-2019 01:20 AM

Have to be configured on each peer in etc/apps to be hashed yes.

0 Karma
Reply
Solved! Jump to solution

weicai88
Path Finder
‎06-12-2020 07:56 AM

I am having the same issue. Probably you can get the hash value on the CM, assuming it has the same certificate and splunk secret (which is used to encrypt the password), and plug the hash in the master app, then deploy the bundle to peers.

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...