Getting Data In

"splunk offline" command prompts for username and password. How to bypass it without providing the password in an rc script?

sim_tcr
Communicator

Hello,

I am trying to setup a rc script on our indexer so that Splunk does 'splunk offline' whenever the indexer is being shutdown or rebooted.

Issue is, when 'splunk offline' is issued, it is prompting for username and password. I know I can provide -auth admin:password, but then I end up hard coding that in my rc script. Is there some other way?

Thanks,
Simon Mandy

0 Karma

guilmxm
SplunkTrust
SplunkTrust

Hi,

A good practice is to share the same secret key in your Splunk environment.

Then you can encrypt / decrypt hash password using the secret key.
In your script development, you can just load the hash password value from a config file of your own, or even store it in splunk-launch.conf, then undecrypt its value in the script and finally launch your command

sim_tcr
Communicator

are you referring to pass4SymmKey under [general] in server.conf? I do have this setup as same across servers.
Now how do i perform encrypt and decrypt in my shell script? using openssl ?
Can you give me an example please?

0 Karma

guilmxm
SplunkTrust
SplunkTrust

Sure:

To encrypt a password:

echo -n "myclearpassword" |openssl bf -e -a -pass file:/opt/splunk/etc/auth/splunk.secret

To decrypt:

echo "myhashed_password" | openssl enc -base64 -d | openssl bf -d -pass file:/opt/splunk/etc/auth/splunk.secret

Regards,

Guilhem

0 Karma

woodcock
Esteemed Legend

There used to be a hack that worked but it was a bug and Splunk fixed it. I know of no way to access splunk's "passworded" capabilities without giving a password. I would look at setting up an account that does not auto-logoff and then see if you can federate Splunk with Single-Sign-On. That way you can sign on once, and never sign out and keep using this user.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...