Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why does the OpenSSL library not load on Mac OS X 10.9?

andrewbohman
Explorer
‎01-22-2015 07:07 AM

I'm running the splunk UF on a Mac Mini running OS X 10.9.5 and any script that calls on the splunk binary for openSSL crashes with the error:
dyld: Library not loaded: /Users/eserv/wrangler/build-home/6.2.1/lib/libssl.1.0.0.dylib
Referenced from: /Applications/splunkforwarder/bin/openssl
Reason: image not found
Trace/BPT trap: 5

The scripts reference the library path but it still crashes.
EX: CMD='eval date ; eval LD_LIBRARY_PATH=$SPLUNK_HOME/lib $SPLUNK_HOME/bin/openssl sha1 $PASSWD_FILE ; cat $PASSWD_FILE'

The scripts will work if ran using OS X openssl bin instead of the splunk one.
EX: CMD='eval date ; openssl sha1 $PASSWD_FILE ; cat $PASSWD_FILE'

I don't what the scripts to use the non-splunk bin as that could cause troubles in the future as either the openssl bin\library or the splunk install get changed as that would require re-editing the scripts.

Labels (2)
Labels
0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎01-22-2015 09:28 AM

Please call the openssl command in the context of splunk, to have the proper variables.

example
/opt/splunkforwarder/bin/splunk cmd openssl sha1 /etc/passwd

0 Karma
Reply

andrewbohman
Explorer
‎01-22-2015 02:13 PM

it works when I run the command as in the example /opt/splunkforwarder/bin/splunk cmd openssl sha1 /etc/passwd
but the shell scripts that invoke the openssl command do not work. I stopped and restarted Splunk using sudo /Application/splunkforwarder/bin/splunk stop and then* sudo /Application/splunkforwarder/bin/splunk start* but the scripts still fail should I edit the scripts to change $SPLUNK_HOME/bin/openssl sha1 to $SPLUNK_HOME/bin/splunk cmd openssl sha1

0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎01-22-2015 06:15 PM

yes use the cms and put the path to the .../bin/splunk

0 Karma
Reply

andrewbohman
Explorer
‎01-27-2015 04:08 AM

That works though I would not think that it should be necessary since the splunk process is calling the cmd that then has to call the splunk bin and then cmd again to get openssl to work.

0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎01-27-2015 05:09 PM

Yes, the context is not clear, splunk is supposed to call the script as himself.
The "splunk cmd" command must do an additional thing, maybe forcing the script to use the splunk openssl binary, instead of the openssl from the system.

I cannot tell.

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...