Splunk Free and authentication protection

From Bitbull Wiki
Jump to navigation Jump to search

get latest splunk verstion from:
http://www.splunk.com

install/update splunk

rpm -Uhv splunk*.rpm

install apache (rhel5)

yum -y install httpd

add config to httpd.conf 

NameVirtualHost *:80

<virtualhost *:80>
        ServerAlias lompetier.tc.corp
        ProxyPass / http://127.0.0.1:8000/
        ProxyPassReverse / http://127.0.0.1:8000/
</virtualhost>

<proxy http://127.0.0.1:8000/*>
        Order deny,allow
        Deny from all
        Allow from all
        AuthName "Splunk DTA Login"
        AuthType Basic
        AuthUserFile /var/www/html/.htpasswd
        Require valid-user
</proxy>

create a user and password for protection of splunk 

htpasswd -c /var/www/html/.htpasswd admin

make spkunk boot save 

ln -s /opt/splunk/bin/splunk /etc/init.d/splunk
ln -s /opt/splunk/bin/splunk /etc/rc5.d/S99splunk
ln -s /opt/splunk/bin/splunk /etc/rc5.d/K01splunk
ln -s /opt/splunk/bin/splunk /etc/rc6.d/K01splunk
ln -s /opt/splunk/bin/splunk /etc/rc0.d/K01splunk
/opt/splunk/bin/splunk start
chkconfig httpd on
service httpd restart

that's it

of course you have also to turn iptables on and open up port 80

Retrieved from "http://www.bitbull.ch/wiki/index.php?title=Splunk_Free_and_authentication_protection&oldid=5389"