https://community.splunk.com/t5/Splunk-Search/workaround-for-quot-unable-to-write-random-state-quot-when/m-p/351635#M161256 <P>What's happening is OpenSSL is trying to create/modify <CODE>~splunk/.rnd</CODE> and can't. </P> <P>To resolve, check <CODE>/etc/passwd</CODE> to see where the system thinks the home directory, and then make sure it exists with the correct permissions. In theory you could set splunk's home directory to your install location, but there may or may not be security implications of having the .rnd in <CODE>$SPLUNK_HOME</CODE>.</P> <P>I'm still working on grocking the full Splunk security model, but I'm sure the ultimate solution is to not user the self signed certificates and install real certificates.</P> Sat, 29 Apr 2017 20:16:05 GMT dslife_splunk 2017-04-29T20:16:05Z https://community.splunk.com/t5/Splunk-Search/workaround-for-quot-unable-to-write-random-state-quot-when/m-p/351634#M161255 <P>When installing latest version on Linux, with a splunk OS user set (SPLUNK_OS_USER=splunk) in etc/splunk-launch.conf, I get "unable to write 'random state'" when it's generating the keys. This means the ssh keys have been generated with inadequate randomisation.</P> <P>Is there a workaround?</P> Tue, 29 Sep 2020 13:51:27 GMT https://community.splunk.com/t5/Splunk-Search/workaround-for-quot-unable-to-write-random-state-quot-when/m-p/351634#M161255 JeToJedno 2020-09-29T13:51:27Z https://community.splunk.com/t5/Splunk-Search/workaround-for-quot-unable-to-write-random-state-quot-when/m-p/351635#M161256 <P>What's happening is OpenSSL is trying to create/modify <CODE>~splunk/.rnd</CODE> and can't. </P> <P>To resolve, check <CODE>/etc/passwd</CODE> to see where the system thinks the home directory, and then make sure it exists with the correct permissions. In theory you could set splunk's home directory to your install location, but there may or may not be security implications of having the .rnd in <CODE>$SPLUNK_HOME</CODE>.</P> <P>I'm still working on grocking the full Splunk security model, but I'm sure the ultimate solution is to not user the self signed certificates and install real certificates.</P> Sat, 29 Apr 2017 20:16:05 GMT https://community.splunk.com/t5/Splunk-Search/workaround-for-quot-unable-to-write-random-state-quot-when/m-p/351635#M161256 dslife_splunk 2017-04-29T20:16:05Z https://community.splunk.com/t5/Splunk-Search/workaround-for-quot-unable-to-write-random-state-quot-when/m-p/351636#M161257 <P>In practice, the most common reason for this happening seems to be that the .rnd file in your home directory is owned by root rather than your account.</P> <P>Easiest solution: <BR /> As Splunk user</P> <P><CODE>sudo rm ~/.rnd</CODE></P> <P><CODE>~/</CODE> is equivalent of "the current users home directory" which as @dslife suggested, is also shown in /etc/passwd.</P> <P><CODE>grep splunk /etc/passwd</CODE></P> <P>The splunk users home directory is typically one of the following:</P> <PRE><CODE>/home/splunk /opt/splunk /opt/splunkforwarder /applications/splunk /applications/splunkforwarder </CODE></PRE> <P>Therefore you could delete the .rnd file like this:</P> <PRE><CODE>rm /home/splunk/.rnd </CODE></PRE> <P>Or you could change ownership of it like this:</P> <PRE><CODE>chown -f splunk. /home/splunk/.rnd </CODE></PRE> Fri, 14 Sep 2018 16:35:40 GMT https://community.splunk.com/t5/Splunk-Search/workaround-for-quot-unable-to-write-random-state-quot-when/m-p/351636#M161257 jkat54 2018-09-14T16:35:40Z