Splunk Enterprise

Does Splunk auto update the etc/password file?

human96
Communicator

Hi, Splunkers,

I have a doubt. now currently using Splunk enterprise 8.2.5, today morning the etc/password file auto-updated and detected by a third party software ( confidential ).

I never changed the file, so my question is-- does Splunk auto-update the $SPLUNK_HOME/etc/password file?

please provide any Splunk documentation 

Labels (3)
0 Karma
1 Solution

VatsalJagani
SplunkTrust
SplunkTrust

* If you mean passwd file of Linux system (/etc/passwd) - No Splunk does not touch any file outside its the home directory.

* If you mean passwd file of Splunk ($SPLUNK_HOME/etc/passwd) - Splunk stores user information there so if you have done any modification regarding user or role or user-password on Splunk then Splunk might have updated the file.

View solution in original post

VatsalJagani
SplunkTrust
SplunkTrust

* If you mean passwd file of Linux system (/etc/passwd) - No Splunk does not touch any file outside its the home directory.

* If you mean passwd file of Splunk ($SPLUNK_HOME/etc/passwd) - Splunk stores user information there so if you have done any modification regarding user or role or user-password on Splunk then Splunk might have updated the file.

human96
Communicator

Thanks for the quick response

yes i meant $SPLUNK_HOME/etc/passwd

but recently i did not change any user information,  roles, password. 

but still the file automatically updated itself. 

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust
Can you please explain why Splunk updating its own file is a problem?
0 Karma

human96
Communicator

no, i'm not saying it's a problem. i just want to know.

does splunk very often update the password file ?

 

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

I know User changes (password, name, roles update) could trigger the file to update but not without any reason.

* Check with Splunk support if you think it is happening regularly and without any reason.

* Though I personally have not seen such a bug with any version of Splunk.

0 Karma
Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...