Splunk - Change Default Password on Forwarder
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is the latest version.

1Splunk - Change Default Username and Password on Forwarder3/20/2015 5:36:10 AM
2Splunk - Change Default Password on Forwarder3/20/2015 6:39:51 AM

Description

Important Notes

  • You must enter a password in order to take an action
  • Because of the way secure parameters work, you cannot use this task in a baseline or target dynamically by property (e.g., automatic groups).

Note: For this aciton to work, the "remote-server" name needs to be the same as the "hostname" in case (i.e. capitalization) or the script will fail. To check the "remote-server" name, check the "splunkd.log" during start-up of the forwarder. The line you're looking for will look like this:

ServerConfig - Using REMOTE_SERVER_NAME=hostname

Special thanks to jbt8 for the layout of the "Description" tab and the REST API code used to pass the password into the action.


Property Details

ID4005
StatusQA - Ready for Production Level Testing
TitleSplunk - Change Default Password on Forwarder
DomainBESC
SourceInternal
Source Release Date2/19/2015 12:00:00 AM
Keywordssplunk forwarder, password, default
Added by on 3/20/2015 6:39:51 AM
Last Modified by on 3/20/2015 6:42:21 AM
Counters 3763 Views / 1 Download
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Used in 2 fixlets   * Results in a true/false
Show indented relevance
if name of operating system contains "Win" then exists service "SplunkForwarder" else if name of operating system contains "Linux" then exists package "splunkforwarder" of rpm else if name of operating system contains "Sun" then exists pkinfo "splunkforwarder" of pkgdb else false
Used in 1 fixlet   * Results in a true/false
Show indented relevance
not exists file "splunkadmin.log" of folder "C:\Program Files\SplunkUniversalForwarder\etc\users" OR not exists file "splunkadmin.log" of folder "/opt/splunkforwarder/etc/users"

Actions

Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script
//Define path to splunkadmin.log location
if {name of operating system contains "Win"}
parameter "filePath"="C:\Program Files\SplunkUniversalForwarder\etc\users\"
elseif {name of operating system does not contain "Win"}
parameter "filePath"="/opt/splunkforwarder/etc/users/"
endif

//Send password change command to server
if {name of operating system contains "Win"}
waithidden cmd.exe /C "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" edit user admin -password {parameter "secret" of action} -auth admin:changeme
continue if {exit code of action = 0}
elseif {name of operating system does not contain "Win"}
wait ./splunk edit user admin -password {parameter "secret" of action} -auth admin:changeme
endif

delete __appendfile
delete "{parameter "filePath" as string & "splunkadmin.log"}"
appendfile Splunk Forwarder admin password was last changed on {(month of current date as two digits as string) & (day_of_month of current date as two digits as string) & (year of current date as string)} by IEM Action {id of action}.
copy __appendfile "{parameter "filePath" as string & "splunkadmin.log"}"
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!