Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What is the access/account type needed for splunk user in linux to use universal fowarder?

dban2005
New Member
‎01-18-2018 03:26 PM

I have few linux servers reporting to a splunk indexer. While installing the UF on the linux servers, the splunk user has been created automatically and we are running the splunk service using that splunk user. As it created the splunk user with home directory as /opt/splunkforwarder, we need to maintain it for security reason. Can someone please advise in which of the following category this UF splunk user should considered?

Category a: user with ssh shell access
Category b: user with scp/sftp access
Category c: access with su to non-root users
Category d: access with su to root

I do not think I can categorized with any of the above. If not, then how I can define the splunk user with respect to the linux servers where the UF has been installed.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

nickhills
Ultra Champion
‎01-19-2018 05:52 AM

By default the splunk user will not have any remote access to your server, and will have no sudo/root access.

It is by design a "standard" non privileged user.

If my comment helps, please give it a thumbs up!

View solution in original post

0 Karma
Reply
Solved! Jump to solution

dban2005
New Member
‎03-27-2018 12:20 PM

Thanks for your respond; created a category 0 to accommodate the requirement.

0 Karma
Reply
Solved! Jump to solution
Solution

nickhills
Ultra Champion
‎01-19-2018 05:52 AM

By default the splunk user will not have any remote access to your server, and will have no sudo/root access.

It is by design a "standard" non privileged user.

If my comment helps, please give it a thumbs up!
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...