https://community.splunk.com/t5/Security/New-forwarder-An-Admin-password-is-required/m-p/414989#M13117 <P>I would not leave it default...it may not be used often but it can be exploited for bad things. For example, somebody connecting to it with the default username/password, pointing it to a rogue deployment server, pushing down scripts to run in context of the splunk user and possibly owning the box. </P> <P>On the UF's, we set a random password for the admin account and disable the management port.</P> <P>Have a look at this .conf session from a couple years back:<BR /> <A href="https://conf.splunk.com/files/2016/recordings/universal-forwarder-security-dont-input-more-than-data-into-your-splunk-environment.mp4">https://conf.splunk.com/files/2016/recordings/universal-forwarder-security-dont-input-more-than-data-into-your-splunk-environment.mp4</A></P> Fri, 19 Apr 2019 17:17:43 GMT maciep 2019-04-19T17:17:43Z https://community.splunk.com/t5/Security/New-forwarder-An-Admin-password-is-required/m-p/414984#M13112 <P>Running V7.1, but just Installed a new forwarder and received this response: This appears to be your first time running this version of Splunk. An Admin password must be set before installation proceeds. Password must contain at least: * 8 total printable ASCII character(s). Please enter a new password: Please confirm new password:; Is this a new feature? What password is being requested? </P> Tue, 22 May 2018 17:06:23 GMT https://community.splunk.com/t5/Security/New-forwarder-An-Admin-password-is-required/m-p/414984#M13112 dpapenbro 2018-05-22T17:06:23Z https://community.splunk.com/t5/Security/New-forwarder-An-Admin-password-is-required/m-p/414985#M13113 <P>From v7.1, Splunk requires you to set the admin password, because else people tend to stick with <CODE>changeme</CODE> <span class="lia-unicode-emoji" title=":winking_face:">😉</span><BR /> You can put in whatever password you like, but make sure to remember it.</P> <P>Hope that helps - if it does I'd be happy if you would upvote/accept this answer, so others could profit from it. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Tue, 22 May 2018 19:20:40 GMT https://community.splunk.com/t5/Security/New-forwarder-An-Admin-password-is-required/m-p/414985#M13113 xpac 2018-05-22T19:20:40Z https://community.splunk.com/t5/Security/New-forwarder-An-Admin-password-is-required/m-p/414986#M13114 <P>when do we even use this forwarder admin/pass?</P> Thu, 18 Apr 2019 20:00:08 GMT https://community.splunk.com/t5/Security/New-forwarder-An-Admin-password-is-required/m-p/414986#M13114 vvedanta 2019-04-18T20:00:08Z https://community.splunk.com/t5/Security/New-forwarder-An-Admin-password-is-required/m-p/414987#M13115 <P>On a forwarder it's rare that I've used it, other than checking the status of the tailingProcessor and such.</P> <P><A href="https://www.splunk.com/blog/2011/01/02/did-i-miss-christmas-2.html">https://www.splunk.com/blog/2011/01/02/did-i-miss-christmas-2.html</A></P> Thu, 18 Apr 2019 20:30:36 GMT https://community.splunk.com/t5/Security/New-forwarder-An-Admin-password-is-required/m-p/414987#M13115 mikelanghorst 2019-04-18T20:30:36Z https://community.splunk.com/t5/Security/New-forwarder-An-Admin-password-is-required/m-p/414988#M13116 <P>So its ok leave it to default in that case?</P> Fri, 19 Apr 2019 15:39:09 GMT https://community.splunk.com/t5/Security/New-forwarder-An-Admin-password-is-required/m-p/414988#M13116 vvedanta 2019-04-19T15:39:09Z https://community.splunk.com/t5/Security/New-forwarder-An-Admin-password-is-required/m-p/414989#M13117 <P>I would not leave it default...it may not be used often but it can be exploited for bad things. For example, somebody connecting to it with the default username/password, pointing it to a rogue deployment server, pushing down scripts to run in context of the splunk user and possibly owning the box. </P> <P>On the UF's, we set a random password for the admin account and disable the management port.</P> <P>Have a look at this .conf session from a couple years back:<BR /> <A href="https://conf.splunk.com/files/2016/recordings/universal-forwarder-security-dont-input-more-than-data-into-your-splunk-environment.mp4">https://conf.splunk.com/files/2016/recordings/universal-forwarder-security-dont-input-more-than-data-into-your-splunk-environment.mp4</A></P> Fri, 19 Apr 2019 17:17:43 GMT https://community.splunk.com/t5/Security/New-forwarder-An-Admin-password-is-required/m-p/414989#M13117 maciep 2019-04-19T17:17:43Z