Hey everyone, just wanted to get some help with regards to some issues i am facing with resetting a Server Enterprise Password from Linux, i tried making a change onto the server.conf , from the local directory, specifically ,
"/opt/splunk/etc/system/local" ..server.conf
Here is the current directory:
┌──(root㉿kali)-[/opt/splunk/etc/system/local] └─# ls deploymentclient.conf migration.conf README server.conf web.conf
{
[sslConfig]
sslPassword =
[general]
pass4SymmKey =
[lmpool:auto_generated_pool_download-trial]
description = auto_generated_pool_download-trial
peers = *
quota = MAX
stack_id = download-trial
[lmpool:auto_generated_pool_forwarder]
description = auto_generated_pool_forwarder
peers = *
quota = MAX
stack_id = forwarder
[lmpool:auto_generated_pool_free]
description = auto_generated_pool_free
peers = *
quota = MAX
stack_id = free
}
From the above, i have also tried removing the SHA 256 algorithm Hash key under the, "pass4SymmKey =", as well as "sslPassword ="m but after restarting the server, these fields which i omitted, seem to be blank by now ..
As per some help, i was able to remove and also delete the, the server.conf, and prior to that i stopped the server with the following command ...
$ ./splunk stop
Then after, this i tried restarting the server with the following command , but the issue here it is not prompting me to create a new credentials, as per this page below :
┌──(root㉿kali)-[/opt/splunk/bin]
└─# ./splunk start {
Splunk> All batbelt. No tights. Checking prerequisites... Checking http port [8000]: open Checking mgmt port [8080]: open Checking appserver port [127.0.0.1:8065]: open Checking kvstore port [8191]: open Checking configuration... Done. Checking critical directories... Done
Checking kvstore port [8191]: open [223/1590] Checking configuration... Done. Checking critical directories... Done Checking indexes... Validated: _audit _configtracker _internal _introspection _metrics _metrics_rollup _telemetry _thefishbucket history main summary Done Checking filesystem compatibility... Done Checking conf files for problems... Invalid key in stanza [instrumentation.usage.tlsBestPractices] in /opt/splunk/etc/apps/splunk_instrumentation/default/savedsearches.conf, line 451: | append [| rest /services/configs/conf-pythonSslClientConfig | eval ssl VerifyServerCert (value: if(isnull(sslVerifyServerCert),"unset",sslVerifyServerCert), splunk_server=sha256(splunk_server) | stats values(eai:acl.app) as python_configuredApp values(sslVerifyServerCert) as python_sslVerifyServerCert by s plunk_server | eval python_configuredSystem=if(python_configuredApp="system","true","false") | fields python_sslVerifyServerCert, splunk_server, python_configuredSystem] | append [| rest /services/configs/conf-web/settings | eval mgmtHostPort=if(isnull(mgmtHostPort),"unset",mgmtHostPort), splunk_server=sha256(splunk_server) | stats values(eai:acl.app) as fwdrMgmtHostPort_configuredApp values(mgmtHostPor t) as fwdr_mgmtHostPort by splunk_server | eval fwdrMgmtHostPort_configuredSystem=if(fwdrMgmtHostPort_configuredApp="system","true","false") | fields fwdrMgmtHostPort_sslVerifyServerCert, splunk_server, fwdrMgmtHostPort_configuredSystem ] | append [| rest /services/configs/conf-server/sslConfig | eval cliVerifyServerName=if(isnull(cliVerifyServerName),"feature",cliVerifyServerName), splunk_server=sha256(splunk_server) | stats values(cliVerifyServerName) as servername_cli VerifyServerName values(eai:acl.app) as servername_configuredApp by splunk_server | eval cli_configuredSystem=if(cli_configuredApp="system","true","false") | fields cli_sslVerifyServerCert, splunk_server, cli_configuredSystem] | stats values(*) as * by splunk_server | eval date=now() | makejson output=data | eval _time=date, date=strftime(date,"%Y-%m-%d") | fields data date _time). Your indexes and inputs configurations are not internally consistent. For more information, run 'splunk btool check --debug' Done Checking default conf files for edits... Validating installed files against hashes from '/opt/splunk/splunk-9.0.3-dd0128b1f8cd-linux-2.6-x86_64-manifest' All installed files intact. Done All preliminary checks passed.
Starting splunk server daemon (splunkd)... PYTHONHTTPSVERIFY is set to 0 in splunk-launch.conf disabling certificate validation for the httplib and urllib libraries shipped with the embedded Python interpreter; must be set to "1" for increased security Enter PEM pass phrase: Done
}
Waiting for web server at http://127.0.0.1:webport to be available.................................................... Done
If you get stuck, we're here to help. Look for answers here: http://docs.splunk.com
The Splunk web interface is at http://kali::webport
Can someone help me to change the password, concurrently, i have both "Splunk forwarder" installed on the both machine , Windows Host as well as the Linux Machine.. But i will like to ingest data from my Linux Machine , this happened recently until i forgot the Server Enterprise password under the VMNET 1, Linux Machine, ,192.168.0.0/24 :the {http://ocalhost,:web port }, Windows is working fine at the local address 127.0.0.1:webport ..
Thanks for all the help in advance ..
... View more