Security

Will vulnerabilities disappear if management port 8089 is disabled on universal forwarders?

basketballah21
Engager

Getting these vulnerabilities on a my splunkforwarders all on port 8089. To resolve the certificate issue I have a paid certificate I want to replace the default splunk certs with.

If I was to simply disable the management port on the forwarders with the stanza below inside server.conf would it get rid of all these vulnerabilities?

[httpServer]
disableDefaultPort = true

Vulnerabilities:
SSL Certificate Expiry
SSL Certificate Signed Using Weak Hashing Algorithm
SSL Certificate Cannot Be Trusted
SSL Certificate Chain Contains RSA Keys Less Than 2048 bits
TLS Version 1.1 Protocol Detection

Labels (1)
0 Karma

PavelP
Motivator

Hello @basketballah21

yes, if you disable the management port the vulnerability scanner will not find these vulnerabilities. You will lose some functionality which you potentially need, so check this first. Additionally, instead of paying for a certificate, you can check if you can use your company's PKI to issue an internal certificate. Regarding TLS Version 1.1 - it can be disabled on forwarder with sslVersions = 1.2

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!