Security

Will vulnerabilities disappear if management port 8089 is disabled on universal forwarders?

basketballah21
Engager

Getting these vulnerabilities on a my splunkforwarders all on port 8089. To resolve the certificate issue I have a paid certificate I want to replace the default splunk certs with.

If I was to simply disable the management port on the forwarders with the stanza below inside server.conf would it get rid of all these vulnerabilities?

[httpServer]
disableDefaultPort = true

Vulnerabilities:
SSL Certificate Expiry
SSL Certificate Signed Using Weak Hashing Algorithm
SSL Certificate Cannot Be Trusted
SSL Certificate Chain Contains RSA Keys Less Than 2048 bits
TLS Version 1.1 Protocol Detection

Labels (1)
0 Karma

PavelP
Motivator

Hello @basketballah21

yes, if you disable the management port the vulnerability scanner will not find these vulnerabilities. You will lose some functionality which you potentially need, so check this first. Additionally, instead of paying for a certificate, you can check if you can use your company's PKI to issue an internal certificate. Regarding TLS Version 1.1 - it can be disabled on forwarder with sslVersions = 1.2

0 Karma
Get Updates on the Splunk Community!

How I Instrumented a Rust Application Without Knowing Rust

As a technical writer, I often have to edit or create code snippets for Splunk's distributions of ...

Splunk Community Platform Survey

Hey Splunk Community, Starting today, the community platform may prompt you to participate in a survey. The ...

Observability Highlights | November 2022 Newsletter

 November 2022Observability CloudEnd Of Support Extension for SignalFx Smart AgentSplunk is extending the End ...