×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
ejohns
Loves-to-Learn
Member since: ‎09-19-2024
‎09-20-2024
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎09-19-2024
Activity Feed
Topics I've Started
View All

Re: Attack Range Local (ubuntu 22.04)

by in Security
‎09-20-2024 11:34 AM
‎09-20-2024 11:34 AM
I did fix the restart issue But in the $HOME/attack_range/terraform/ansible/roles/splunk_server_post/tasks/install_enterprise_security.yml, the following stanza fails: - name: Run es post-install setup command: "/opt/splunk/bin/splunk search '| essinstall --ssl_enablement auto' -auth admin:{{ general.attack_range_password }}" become: yes async: 600 poll: 60   It seems that the OWNERSHIP OF THE splunk install path is either root or the uid/gid (10777) of the person that built the tar ball. How can I get the path ownership to be owned by my user (aradmin) ? Is this done with the "become:true" flag? Where do I need to update the scripts? ... View more

Attack Range Local (ubuntu 22.04)

by in Security
‎09-19-2024 09:54 AM
‎09-19-2024 09:54 AM
I'm trying to build a Local Attack Range but it fails when it tries to restart the splunk.service. The Splunk instance does restart but fails when the systemctl command is implemented. I did insure that THPs was disabled, seLinux was disabled and ulimits were set properly on the host. It did increate the timeout but it fails to restart even after 30 minutes. The "python attack_range.py build" does successfully create the Splunk instance and installs all the required apps & TAs. It just fails to restart once the Splunk Enterprise as a systemd service within the Vagrant VM.  Any feedback would be appreciated!!! TASK [splunk_server_post : change password splunk] ***************************** changed: [ar-splunk-attack-range-key-pair-ar] TASK [splunk_server_post : restart splunk] ************************************* fatal: [ar-splunk-attack-range-key-pair-ar]: FAILED! => {"changed": false, "msg": "Unable to restart service splunk: Job for splunk.service failed because a timeout was exceeded.\nSee \"systemctl status splunk.service\" and \"journalctl -xe\" for details.\n"} RUNNING HANDLER [splunk_server_post : restart splunk] ************************** PLAY RECAP ********************************************************************* ar-splunk-attack-range-key-pair-ar : ok=139 changed=64  unreachable=0    failed=1    skipped=0    rescued=0    ignored=0    Ansible failed to complete successfully. Any error output should be visible above. Please fix these errors and try again. 2024-09-19 16:22:49,709 - ERROR - attack_range - vagrant failed to build (attack-range-py3.8) aradmin@attackrange:~/attack_range$ Here is my attack_range yml file: general: attack_range_password: "xxxxx" cloud_provider: local use_prebuilt_images_with_packer: "0" ingest_bots3_data: "1" local: splunk_server: # Enable Enterprise Security install_es: "1" # Save to the apps folder from Attack Range splunk_es_app: "splunk-enterprise-security_732.spl" phantom_server: phantom_server: "0" # Enable/Disable Phantom Server kali_server: kali_server: "1" windows_servers: - hostname: ar-win-dc windows_image: windows-server-2022 create_domain: '1' install_red_team_tools: '1' bad_blood: '1' - hostname: ar-win-2 windows_image: windows-2019-v3-0-0 join_domain: '1' install_red_team_tools: '1' linux_servers: - hostname: ar-linux ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎09-20-2024 02:55 PM