Security

Will vulnerabilities disappear if management port 8089 is disabled on universal forwarders?

basketballah21
Engager

Getting these vulnerabilities on a my splunkforwarders all on port 8089. To resolve the certificate issue I have a paid certificate I want to replace the default splunk certs with.

If I was to simply disable the management port on the forwarders with the stanza below inside server.conf would it get rid of all these vulnerabilities?

[httpServer]
disableDefaultPort = true

Vulnerabilities:
SSL Certificate Expiry
SSL Certificate Signed Using Weak Hashing Algorithm
SSL Certificate Cannot Be Trusted
SSL Certificate Chain Contains RSA Keys Less Than 2048 bits
TLS Version 1.1 Protocol Detection

Labels (1)
0 Karma

PavelP
Motivator

Hello @basketballah21

yes, if you disable the management port the vulnerability scanner will not find these vulnerabilities. You will lose some functionality which you potentially need, so check this first. Additionally, instead of paying for a certificate, you can check if you can use your company's PKI to issue an internal certificate. Regarding TLS Version 1.1 - it can be disabled on forwarder with sslVersions = 1.2

0 Karma
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...