Splunk Enterprise

Does Splunk auto update the etc/password file?

human96
Communicator

Hi, Splunkers,

I have a doubt. now currently using Splunk enterprise 8.2.5, today morning the etc/password file auto-updated and detected by a third party software ( confidential ).

I never changed the file, so my question is-- does Splunk auto-update the $SPLUNK_HOME/etc/password file?

please provide any Splunk documentation 

Labels (3)
0 Karma
1 Solution

VatsalJagani
SplunkTrust
SplunkTrust

* If you mean passwd file of Linux system (/etc/passwd) - No Splunk does not touch any file outside its the home directory.

* If you mean passwd file of Splunk ($SPLUNK_HOME/etc/passwd) - Splunk stores user information there so if you have done any modification regarding user or role or user-password on Splunk then Splunk might have updated the file.

View solution in original post

VatsalJagani
SplunkTrust
SplunkTrust

* If you mean passwd file of Linux system (/etc/passwd) - No Splunk does not touch any file outside its the home directory.

* If you mean passwd file of Splunk ($SPLUNK_HOME/etc/passwd) - Splunk stores user information there so if you have done any modification regarding user or role or user-password on Splunk then Splunk might have updated the file.

human96
Communicator

Thanks for the quick response

yes i meant $SPLUNK_HOME/etc/passwd

but recently i did not change any user information,  roles, password. 

but still the file automatically updated itself. 

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust
Can you please explain why Splunk updating its own file is a problem?
0 Karma

human96
Communicator

no, i'm not saying it's a problem. i just want to know.

does splunk very often update the password file ?

 

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

I know User changes (password, name, roles update) could trigger the file to update but not without any reason.

* Check with Splunk support if you think it is happening regularly and without any reason.

* Though I personally have not seen such a bug with any version of Splunk.

0 Karma
Get Updates on the Splunk Community!

Monitoring MariaDB and MySQL

In a previous post, we explored monitoring PostgreSQL and general best practices around which metrics to ...

Financial Services Industry Use Cases, ITSI Best Practices, and More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Splunk Federated Analytics for Amazon Security Lake

Thursday, November 21, 2024  |  11AM PT / 2PM ET Register Now Join our session to see the technical ...