Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

PYTHONHTTPSVERIFY

yohhpark
Path Finder
‎07-07-2023 06:32 AM

hi Expert Splunkers,

really appriciate if you take a look at bottom.

 

splunkforwarder running on UBUNTU

Warning: Attempting to revert the SPLUNK_HOME ownership
Warning: Executing "chown -R root /opt/splunkforwarder"

Splunk> Now with more code!

Checking prerequisites...
Management port has been set disabled; cli support for this configuratio n is currently incomplete.
Checking conf files for problems...
Invalid key in stanza [webhook] in /opt/splunkforwarder/etc/syst em/default/alert_actions.conf, line 229: enable_allowlist (value: false).
Your indexes and inputs configurations are not internally consis tent. For more information, run 'splunk btool check --debug'
Done
Checking default conf files for edits...
Validating installed files against hashes from '/opt/splunkforwarder/spl unkforwarder-9.0.5-e9494146ae5c-linux-2.6-x86_64-manifest'
All installed files intact.
Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
PYTHONHTTPSVERIFY is set to 0 in splunk-launch.conf disabling certificate valida tion for the httplib and urllib libraries shipped with the embedded Python inter preter; must be set to "1" for increased security
Done

 

 

 

1. installed splunk with root user

2. keep on getting that lines at the end start with PYTHONHTTPSVERIFY (first time seeing it)

3. inputs issue can be ignored.

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎07-07-2023 07:49 AM

1. Running Splunk as root is not advised for security reasons.

2. The PYTHONHTTPSVERIFY warning can be ignored if you're willing to accept the risk.  See https://docs.splunk.com/Documentation/Splunk/9.0.5/Security/EnableTLSCertHostnameValidation#Configur... for more information.  There is a known issue with enabling this feature so you may want to leave it off for now.  See https://docs.splunk.com/Documentation/Splunk/9.1.0/ReleaseNotes/Knownissues#Authentication_and_autho...

3. What is the "inputs issue"?

Btool is reporting an invalid setting in alert_actions.conf.  Verify the "enable_allowlist" setting is correct.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎07-07-2023 07:49 AM

1. Running Splunk as root is not advised for security reasons.

2. The PYTHONHTTPSVERIFY warning can be ignored if you're willing to accept the risk.  See https://docs.splunk.com/Documentation/Splunk/9.0.5/Security/EnableTLSCertHostnameValidation#Configur... for more information.  There is a known issue with enabling this feature so you may want to leave it off for now.  See https://docs.splunk.com/Documentation/Splunk/9.1.0/ReleaseNotes/Knownissues#Authentication_and_autho...

3. What is the "inputs issue"?

Btool is reporting an invalid setting in alert_actions.conf.  Verify the "enable_allowlist" setting is correct.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

yohhpark
Path Finder
‎07-07-2023 08:04 AM

thank you helps a lot!

 

but 1. how can I undo the running on root?

what would be the recommendation?

2. thank you for clarifying those

3. I understand this issue, cthis one can be ignore from our end.

thank you

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎07-07-2023 08:27 AM

To change Splunk to run as user 'splunk' follow these steps.

1) Stop Splunk

2) Edit the init.d or splunk.service file to set the user to be 'splunk'

For init.d, use command like these:

USER=splunk
...
splunk_start() {
  echo Starting Splunk...
  su - ${USER} -c '"/opt/splunk/bin/splunk" start --no-prompt --answer-yes'
  RETVAL=$?
  [ $RETVAL -eq 0 ] && touch /var/lock/subsys/splunk
}

3) Change the ownership of all files in $SPLUNK_HOME to 'splunk'

chown -r splunk:splunk /opt/splunk

4) Start Splunk

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!

The Splunk Community Dashboard Challenge is still happening, and it's not too late to enter for the week of ...

Join Us at the Builder Bar at .conf24 – Empowering Innovation and Collaboration

What is the Builder Bar? The Builder Bar is more than just a place; it's a hub of creativity, collaboration, ...

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...