Security

admin password on command line

steinerdani
Engager

The splunkweb front end (webserver) is disabled. How can I check the admin password from the command line?

Tags (1)
1 Solution

MarioM
Motivator

Do you mean changing the admin password? For example:

./splunk edit user admin -password foo -role admin -auth admin:changeme

This command changes the admin password from changeme to foo.

Note: Passwords with special characters that would be interpreted by the shell (for example $ or !) must be either escaped or single-quoted:

./splunk edit user admin -password 'fflanda$' -role admin -auth admin:changeme

or

./splunk edit user admin -password fflanda\$ -role admin -auth admin:changeme

View solution in original post

southeringtonp
Motivator

You can't decrypt the password if that's what you're asking.

You can reset it: http://answers.splunk.com/questions/834/how-could-i-reset-the-admin-password

Or just try logging in from the command line:

splunk login

Another option would be to try logging in via the REST API. Here's an example: http://answers.splunk.com/questions/8940/how-can-i-run-searches-against-the-splunk-api

MarioM
Motivator

Do you mean changing the admin password? For example:

./splunk edit user admin -password foo -role admin -auth admin:changeme

This command changes the admin password from changeme to foo.

Note: Passwords with special characters that would be interpreted by the shell (for example $ or !) must be either escaped or single-quoted:

./splunk edit user admin -password 'fflanda$' -role admin -auth admin:changeme

or

./splunk edit user admin -password fflanda\$ -role admin -auth admin:changeme

View solution in original post

suttonj
Engager

this process will expose the new password in clear text in the servers history. Is there a way of doing this without exposing the password? (other than doing it on one server then deleteing the history and then copy the passwd file to all other servers than need their password changed from the default)

ThomasControlw1
Explorer

history -c will deleate all your CLI history 😄
cheers

0 Karma

corydodt
Engager

Try this

# read -s 'pw?password: '; echo; splunk edit user admin -password "$pw" -role admin -auth admin:changeme
password: 
User admin edited.