How to Configure Splunk to use a Web Proxy Server

A Splunk server I installed was configured such that it could only communicate with hosts within the corporate network so it did not have direct internet access. This posed a problem when trying to use the “Browse Splunkbase” option in the Splunk administrator web interface. I also could not use the “iplocation” data-processing command.

This was the suggestion I got from Splunk Support which didn’t work for me for some reason. I am including it here for reference for someone where this solution may work for them:

You can set the environment variable HTTP_PROXY in the session shell.
You can set it in your /etc/bashrc or /etc/profile.

# Proxy Settings
http_proxy=http://proxy.domain.com:8080
https_proxy=https://proxy.domain.com:8080

I also found something in the forums:
http://www.splunk.com/support/forum:SplunkGeneral/2531

The Splunk install I was running was version 3.4.9 which was on a CentOS 5 server. The Splunk installation was configured to autostart on boot. I ended up getting this to work by editing the /etc/init.d/splunk startup script file by adding the following to it:

# Proxy settings
HTTP_PROXY="http://proxy.domain.com:8080"
export HTTP_PROXY

Change “proxy.domain.com:8080” to be the proxy server address and port for the proxy server that you want to use. So with the above lines added to my /etc/init.d/splunk file, the top portion of the file looked like this:

#!/bin/sh
#
# /etc/init.d/splunk
# init script for Splunk.
# generated by 'splunk enable boot-start'.
#
# chkconfig: 2345 90 60
# description: Splunk indexer service
#
SPLUNK_HOME="/opt/splunk"
RETVAL=0
# Proxy settings
HTTP_PROXY="http://proxy.domain.com:8080"
export HTTP_PROXY

I put the setting into effect by restarting my Splunk service with the command: /sbin/service splunk restart

Splunk Logo

Sendmail Hangs When Starting Up or When Using It with PHP

If you notice Sendmail hanging up for many minutes while starting up at boot or while being used such as sending an email from a PHP script, it is probably a DNS lookup problem. Ensure your /etc/hosts file has the appropriate entries for your server that sendmail is running on:

127.0.0.1       localhost localhost.localdomain
192.168.1.80    www.foo.com www
192.168.1.80    www.foo.com.

Replace “www.foo.com” and “www” with your server’s fully qualified domain name and host name respectively. Replace “192.168.1.80” with the IP address of your server. The last entry with the “.” at the end is critical so don’t forget it.

Terminal


	

How to Block an IP Range with IPTables

If you want to block a range of IP addresses from accessing your CentOS server you can issue the following IPTables firewall command:

/sbin/iptables -I INPUT -m iprange --src-range 192.168.1.1-192.168.1.2.100 -j DROP

Replace “192.168.1.1-192.168.1.2.100” with the IP range you want to block. This command only works with the IPTables firewall so if your operating system is using a different firewall then this command will not work.

Here is another example which uses CIDR notation to specify the IP range:

/sbin/iptables -I INPUT -s 192.168.1.1/25 -j DROP

If you restart your server, the drop command will be removed. If you want this command to persist through reboots, then you’ll need to add it to a startup script.

VSFTPD Error “500 OOPS: reading non-root config file”

After setting up a new Linux server I kept getting the following error whenever I tried to upload something with the VSFTPD ftp service:

500 OOPS: reading non-root config file

It turns out that I had the following setting in the /etc/vsftpd/vsftpd.conf file:

user_config_dir=/etc/vsftpd/virtual_users

I commented out that setting and restarted the vsftpd service and the problem went away. I then checked to make sure I had spelled the “user_config_dir” directory name correctly and it turns out that I had created the directory with the name “virtual_user” without the “s” at the end. So that error appears to be caused by the “user_config_dir” not being present or accessible to the VSFTPD service. If you get this error make sure the directory you specify for the “user_config_dir” exists and is accessible.