Solved: Re: Splunk Add-on for Citrix XenServer: How do I f...

bertjo · ‎06-16-2017

I was configuring the Splunk Add-On for Citrix XenServer and noticed the passwords are stored in plaintext in the xsconfig.conf file. How do I fix this?

cgardiner · ‎06-16-2017

  I have downloaded and looked at the TA and the code being used and the simple answer to your question is no. It will not encrypt the password. The file in question is a plain text file for the TA developers own making and not something Splunk is even aware of. It would never be able to encrypt this password. If the app developer had made use of the build in password functionality and a setup.xml, this could have been handled easily. Optionally, the password could have been encrypted using his own algorithm if he so desired in the same way that DB connect does or did, but that was not done here.  
 Additionally, if you attempt to encrypt the password in the xsconfig.conf file on your own, you will break the app because the script is expecting a plain text string. IF you have any python development background and a few hours, you could make some changes to the xsUtils.py script where the user and password are read from the config and the session creation is performed. If you wrote your own encryption and decryption function into this script, all the individual input scripts would be able to make use of it. 
 Outside of this, your best bet is to try and contact the developer and ask if they would be open to adding some manner of encryption for the password on disk. Sorry I don't have a better option for you.

View solution in original post

cgardiner · ‎06-16-2017

  I have downloaded and looked at the TA and the code being used and the simple answer to your question is no. It will not encrypt the password. The file in question is a plain text file for the TA developers own making and not something Splunk is even aware of. It would never be able to encrypt this password. If the app developer had made use of the build in password functionality and a setup.xml, this could have been handled easily. Optionally, the password could have been encrypted using his own algorithm if he so desired in the same way that DB connect does or did, but that was not done here.  
 Additionally, if you attempt to encrypt the password in the xsconfig.conf file on your own, you will break the app because the script is expecting a plain text string. IF you have any python development background and a few hours, you could make some changes to the xsUtils.py script where the user and password are read from the config and the session creation is performed. If you wrote your own encryption and decryption function into this script, all the individual input scripts would be able to make use of it. 
 Outside of this, your best bet is to try and contact the developer and ask if they would be open to adding some manner of encryption for the password on disk. Sorry I don't have a better option for you.

adonio · ‎06-16-2017

did you restart splunk?

bertjo · ‎06-16-2017

Yes, it doesn't do anything. The best thing I can think of is that Splunk only looks for standard files (inputs.conf,etc.) and not something with the weird names like xsconfig.conf. If splunk wont do it automatically is there a way to manually do it?

Splunk Add-on for Citrix XenServer: How do I fix passwords being stored in plain text in xsconfig.conf?

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio