Re: AWS AMI leads to rooted out of Splunk

vman_me · ‎07-07-2015

I just installed the AWS AMI for Splunk and it worked fine, till I tried to run CLIs through $SPLUNK_HOME/bin and add scripted data input by customizing inputs.conf
The $SPLUNK_HOME directory is not accessible by ec2-user so I am wondering if there is a way to gain access to that...
Any pointers appreciated,

V

sudarshan0204 · ‎05-16-2020

Got to /opt/splunk
if you logged in as ec2-user, you cannot edit or make directory, so you need to sudo su as root.
sudo su root

Now you are all set

martin_mueller · ‎07-07-2015

The ec2-user should be a sudoer, so try sudo su the-user-running-splunk

acharlieh · ‎07-07-2015

$SPLUNK_HOME refers to the installation directory, which is not necessarily the same as the home directory of the user. On Linux by default the installation directory is /opt/splunk

vman_me · ‎07-07-2015

I guess its not about root access, but some kind of AWS Authorization.
When I go into the folder /home/splunk , there are only dot files and .splunk.
Within .splunk only one token:
authToken_ip-

perhaps its more about AWS IAM... any ideas?

Thanks...

V

AWS AMI leads to rooted out of Splunk

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?