Switch Splunk SSL to TLS1.2 v2.0
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is the latest version.

1 Switch Splunk SSL to TLS1.211/19/2021 1:55:36 AM
2Switch Splunk SSL to TLS1.2 v2.011/19/2021 2:19:50 AM

Description

This fixlet will modify the server.conf, input.conf and web.conf to include a configuration line for TLS 1.2 to be applied.

https://docs.splunk.com/Documentation/Splunk/8.2.2/Security/SetyourSSLversion


Property Details

ID26884
StatusProduction - Fully Tested and Ready for Production
TitleSwitch Splunk SSL to TLS1.2 v2.0
DomainBESC
CategorySecurity
SourceJohn McKenzie
Source Release Date10/21/2021 12:00:00 AM
Keywordssplunk, tls
Added by on 11/19/2021 2:19:50 AM
Last Modified by on 11/19/2021 2:19:50 AM
Counters 67 Views / 0 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

ServiceInstalled (Relevance 2996904)
Used in 3 fixlets   * Results in a true/false
Show indented relevance
exists service "SplunkForwarder"
Used in 2 fixlets   * Results in a true/false
Show indented relevance
exists file "server.conf" of folders "C:/Program Files/SplunkUniversalForwarder/etc/system/local/"
Used in 2 fixlets   * Results in a true/false
Show indented relevance
exists file "web.conf" of folders "C:/Program Files/SplunkUniversalForwarder/etc/system/local/"
Used in 2 fixlets   * Results in a true/false
Show indented relevance
exists file "input.conf" of folders "C:/Program Files/SplunkUniversalForwarder/etc/system/local/"

Actions

Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script
//Modify Server Conf File
parameter "server" = "C:/Program Files/SplunkUniversalForwarder/etc/system/local/server.conf"
// add some new text
appendfile {concatenation "%0d%0a" of lines of file (parameter "server") & "%0d%0a" & "[sslConfig]" & "%0d%0a" & "enableSplunkdSSL = true" & "%0d%0a" & "sslVersions = tls1.2" & "%0d%0a"}
// backup the old file (first delete any old backup files)
delete "{parameter "server"}.bak"
move "{parameter "server"}" "{parameter "server"}.bak"
// replace with the new file
move __appendfile "{parameter "server"}"


//Modify Web Conf File
parameter "web" = "C:/Program Files/SplunkUniversalForwarder/etc/system/local/web.conf"
// add some new text
appendfile {concatenation "%0d%0a" of lines of file (parameter "web") & "%0d%0a" & "sslVersions = tls1.2" & "%0d%0a"}
// backup the old file (first delete any old backup files)
delete "{parameter "web"}.bak"
move "{parameter "web"}" "{parameter "web"}.bak"
// replace with the new file
move __appendfile "{parameter "web"}"


//Modify Input Conf File
parameter "input" = "C:/Program Files/SplunkUniversalForwarder/etc/system/local/input.conf"
// add some new text
appendfile {concatenation "%0d%0a" of lines of file (parameter "input") & "%0d%0a" & "sslVersions = tls1.2" & "%0d%0a"}
// backup the old file (first delete any old backup files)
delete "{parameter "input"}.bak"
move "{parameter "input"}" "{parameter "input"}.bak"
// replace with the new file
move __appendfile "{parameter "input"}"

//Restart the Splunk Forwarder Service
waithidden cmd /C net stop "SplunkForwarder"
waithidden cmd /C net start "SplunkForwarder"
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!
FatScottishGuy -
For some reason the success criteria isn't being added here - please use: exists file "C:/Program Files/SplunkUniversalForwarder/etc/system/local/server.conf" whose ( not exists (lines whose ( it contains "sslConfig") of it as string )) AND exists file "C:/Program Files/SplunkUniversalForwarder/etc/system/local/web.conf" whose ( not exists (lines whose ( it contains "sslVersions") of it as string )) AND exists file "C:/Program Files/SplunkUniversalForwarder/etc/system/local/input.conf" whose ( not exists (lines whose ( it contains "sslVersions") of it as string ))