Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to set maintenance mode for indexer cluster with hashed password?

leonaheidern2
Loves-to-Learn Everything
‎05-27-2022 02:37 AM

Hi all

I am having issues trying to script enabling and disabling maintenance mode with a hashed password.

The command is /opt/splunk/bin/splunk enable maintenance -mode - auth admin: somepassword

Is there a way I can hash the password. I have tried the hash-passwd and user-seed.conf but it does not seem to hash my clear text password upon restarting splunk

 

Labels (5)
0 Karma
Reply

leonaheidern2
Loves-to-Learn Everything
‎05-27-2022 04:13 AM

I actually do. It's usually because of kernel patches that's why I have to reboot. Hence was thinking of an automated way to deal with the indexer cluster and master node. Currently I am doing this manually monthly.

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎05-27-2022 04:46 AM

So any way of authentication that can be used in such batch operation has to rely on stored authentication data. Whether it's a plaintext password, password hash, ssh key, x509 certificate, you still have to "show" something to the entity you want to authenticate yourself to. That's a common problem with all "static" authentication mechanisms. You'd have to have some completely different authentication schema to avoid the possible impersonation problem.

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎05-27-2022 02:54 AM

Even if you could, that wouldn't increase your script security. As long as you're storing authentication data which can be provided in the clear to authenticate your user, it's prone to leakage and abuse. Storing it as "hashed" value if you can authenticate yourself with this hashed value effectively makes it cleartext.

Anyway, you can use REST to put cluster in maintenance mode. https://docs.splunk.com/Documentation/Splunk/8.2.6/RESTREF/RESTcluster#cluster.2Fmanager.2Fcontrol.2...

0 Karma
Reply

leonaheidern2
Loves-to-Learn Everything
‎05-27-2022 03:27 AM

I am actually trying to do this as a shell script for yum update.

Probably schedule maintenance mode on the master node first then set hourly intervals per indexer to offline and yum update and reboot

I have enable boot start for the Splunk so technically the splunk service starts up automatically on reboot

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎05-27-2022 04:02 AM

Typically yum update should not require stopping splunkd as such. There is almost no real important dependencies that could interfere with splunk as the packages are updated. Of course if you need to reboot to upgrade kernel or systemd (why would you want to reboot otherwise?) you want to use maintenance mode.

0 Karma
Reply
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...