STIGQter: STIG Summary: Splunk Enterprise 7.x for Windows Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Splunk Enterprise 7.x for Windows Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:SV-221609r663930_rule
V-221609
SRG-APP-000172-AU-002550
SPLK-CL-000080
CAT I
10
If using SAML for authentication, this fix is N/A.
Select Settings >> Access Controls >> Authentication method.
Select LDAP Settings.
Select the LDAP strategy and check the option SSL enabled.
Set Port to 636.
Edit the following file in the installation to configure Splunk to use SSL certificates:
$SPLUNK_HOME/etc/openldap/ldap.conf
Add the following line:
TLS_CACERT <path to the DoD approved certificate in PEM format>
If the instance being checked is in a distributed environment and has the web interface disabled, this check is N/A.
If using SAML for authentication, this check is N/A.
Select Settings >> Access Controls >> Authentication method.
Select LDAP Settings.
Select the LDAP strategy and verify that SSL enabled is checked and the Port is set to 636.
If SSL enabled is not checked, and Port is not 636, this is a finding.
V-221609
False
SPLK-CL-000080
If the instance being checked is in a distributed environment and has the web interface disabled, this check is N/A.
If using SAML for authentication, this check is N/A.
Select Settings >> Access Controls >> Authentication method.
Select LDAP Settings.
Select the LDAP strategy and verify that SSL enabled is checked and the Port is set to 636.
If SSL enabled is not checked, and Port is not 636, this is a finding.
M
4082