Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Does Splunk auto update the etc/password file?

human96
Communicator
‎03-21-2022 09:53 PM

Hi, Splunkers,

I have a doubt. now currently using Splunk enterprise 8.2.5, today morning the etc/password file auto-updated and detected by a third party software ( confidential ).

I never changed the file, so my question is-- does Splunk auto-update the $SPLUNK_HOME/etc/password file?

please provide any Splunk documentation 

Labels (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

VatsalJagani
SplunkTrust
SplunkTrust
‎03-21-2022 10:36 PM

* If you mean passwd file of Linux system (/etc/passwd) - No Splunk does not touch any file outside its the home directory.

* If you mean passwd file of Splunk ($SPLUNK_HOME/etc/passwd) - Splunk stores user information there so if you have done any modification regarding user or role or user-password on Splunk then Splunk might have updated the file.

View solution in original post

Reply
Solved! Jump to solution
Solution

VatsalJagani
SplunkTrust
SplunkTrust
‎03-21-2022 10:36 PM

* If you mean passwd file of Linux system (/etc/passwd) - No Splunk does not touch any file outside its the home directory.

* If you mean passwd file of Splunk ($SPLUNK_HOME/etc/passwd) - Splunk stores user information there so if you have done any modification regarding user or role or user-password on Splunk then Splunk might have updated the file.

Reply
Solved! Jump to solution

human96
Communicator
‎03-21-2022 10:41 PM

Thanks for the quick response

yes i meant $SPLUNK_HOME/etc/passwd

but recently i did not change any user information,  roles, password. 

but still the file automatically updated itself. 

0 Karma
Reply
Solved! Jump to solution

VatsalJagani
SplunkTrust
SplunkTrust
‎03-21-2022 11:16 PM
Can you please explain why Splunk updating its own file is a problem?
0 Karma
Reply
Solved! Jump to solution

human96
Communicator
‎03-22-2022 12:11 AM

no, i'm not saying it's a problem. i just want to know.

does splunk very often update the password file ?

 

0 Karma
Reply
Solved! Jump to solution

VatsalJagani
SplunkTrust
SplunkTrust
‎03-22-2022 06:03 AM

I know User changes (password, name, roles update) could trigger the file to update but not without any reason.

* Check with Splunk support if you think it is happening regularly and without any reason.

* Though I personally have not seen such a bug with any version of Splunk.

0 Karma
Reply
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...