I have few linux servers reporting to a splunk indexer. While installing the UF on the linux servers, the splunk user has been created automatically and we are running the splunk service using that splunk user. As it created the splunk user with home directory as /opt/splunkforwarder, we need to maintain it for security reason. Can someone please advise in which of the following category this UF splunk user should considered?
Category a: user with ssh shell access
Category b: user with scp/sftp access
Category c: access with su to non-root users
Category d: access with su to root
I do not think I can categorized with any of the above. If not, then how I can define the splunk user with respect to the linux servers where the UF has been installed.
By default the splunk user will not have any remote access to your server, and will have no sudo/root access.
It is by design a "standard" non privileged user.
Thanks for your respond; created a category 0 to accommodate the requirement.
By default the splunk user will not have any remote access to your server, and will have no sudo/root access.
It is by design a "standard" non privileged user.