- Splunk Answers
- :
- Using Splunk
- :
- Splunk Dev
- :
- Developing Splunk app in Add-On Builder using pyop...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I am trying to build a new app using the Add-On Builder and am having problems getting OpenSSL functioning with my input. Has anyone successfully accomplished this and has the commands they can share?
This is the command I am using to import the module to "myapp/bin/lib"
/Applications/Splunk/bin/splunk cmd pip3 install pyopenssl --target /Applications/Splunk/etc/apps/myapp/bin/lib --trusted-host pypi.org --trusted-host files.pythonhosted.orgI then use this in myapp's code:
from lib.OpenSSL import SSL This is the error I get when testing:
File "/Applications/Splunk/etc/apps/myapp/bin/lib/OpenSSL/__init__.py", line 8, in <module>
from OpenSSL import crypto, SSL
ModuleNotFoundError: No module named 'OpenSSL'
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It looks like the cryptography module, when installed, becomes specific to your OS's security considerations. In addition, I was unable to get OpenSSL to install on my Mac without having issues with the cryptography module's trust. This would have caused problems trying to package this up for migration to other machines, so I pivoted to using popen and the OS's version of pyOpenSSL.
Here is the code from the modular input:
ta_home = os.path.dirname(os.path.dirname(__file__))
cert_crawler=ta_home+"/bin/certificate_crawler.py"
python_path="/usr/bin/python3"
openssl_reply = Popen([helper.get_arg('python_path'), cert_crawler]+host_args, stdin=PIPE, stdout=PIPE, stderr=PIPE)
output,error = openssl_reply.communicate()
certificate_crawler.py
Then accepts the arguments, passing them to a readCerts() function to perform the socket.do_handshake()
from optparse import OptionParser
#Parse options passed by the calling modular input
parser = OptionParser()
(options, args) = parser.parse_args()
host = args[0]
ip = args[1]
port = args[2]
timeout_seconds = args[3]
result = readCerts(host,ip,port,timeout_seconds)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It looks like the cryptography module, when installed, becomes specific to your OS's security considerations. In addition, I was unable to get OpenSSL to install on my Mac without having issues with the cryptography module's trust. This would have caused problems trying to package this up for migration to other machines, so I pivoted to using popen and the OS's version of pyOpenSSL.
Here is the code from the modular input:
ta_home = os.path.dirname(os.path.dirname(__file__))
cert_crawler=ta_home+"/bin/certificate_crawler.py"
python_path="/usr/bin/python3"
openssl_reply = Popen([helper.get_arg('python_path'), cert_crawler]+host_args, stdin=PIPE, stdout=PIPE, stderr=PIPE)
output,error = openssl_reply.communicate()
certificate_crawler.py
Then accepts the arguments, passing them to a readCerts() function to perform the socket.do_handshake()
from optparse import OptionParser
#Parse options passed by the calling modular input
parser = OptionParser()
(options, args) = parser.parse_args()
host = args[0]
ip = args[1]
port = args[2]
timeout_seconds = args[3]
result = readCerts(host,ip,port,timeout_seconds)
Archived Metrics Now Available for APAC and EMEA realms
Detecting Remote Code Executions With the Splunk Threat Research Team
Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!
