Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Does Splunk Forwarder need an interactive login?

danielteachesit
New Member
‎06-27-2022 04:28 PM

All, 

I've noticed by default that Splunk Forwarder gives itself /bin/bash  in /etc/passwd. 

e.g.

splunk:x:1001:1001:Splunk Server:/opt/splunkforwarder:/bin/bash

I changed it to the below and restarted:

splunk:x:1001:1001:Splunk Server:/opt/splunkforwarder:/sbin/nologin

Best I can tell there was no impact. Scripted inputs are working as it the monitor stanza's. 

Is there any reason I should leave Splunk user with a Shell? 

 

thanks!

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎06-27-2022 11:15 PM

Hi @danielteachesit,

the splunk user, assigned as owner to Splunk Universal Forwarders, doesn't need the Linux shell.

I usually disable it in my production installation.

Ciao.

Giuseppe

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎06-28-2022 05:03 AM

You should also lock splunk user not only set shell to nologin. If/when need to use e.g. btool to check what those configurations are, just use "sudo -usplunk bash" command to get shell.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-27-2022 05:12 PM

There is no need for the Splunk account to have a shell assigned to it.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcment

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...