./splunk enable boot-start -user splunk
returns error:
This account is currently not available.
First-time-run has not finished. Ignore this error when previewing migration – exiting.
Cause for error is the specified user has no shell.
Fix – set the shell for the splunk user (“splunk” in this case), to /bin/bash.
Run in the terminal:
usermod -s /bin/bash splunk
./splunk enable boot-start -user splunk
If all goes well enabling boot-start you should see splunk return:
Adding system startup for /etc/init.d/splunk …
/etc/rc0.d/K20splunk -> ../init.d/splunk
/etc/rc1.d/K20splunk -> ../init.d/splunk
/etc/rc6.d/K20splunk -> ../init.d/splunk
/etc/rc2.d/S20splunk -> ../init.d/splunk
/etc/rc3.d/S20splunk -> ../init.d/splunk
/etc/rc4.d/S20splunk -> ../init.d/splunk
/etc/rc5.d/S20splunk -> ../init.d/splunk
Init script installed at /etc/init.d/splunk.
Init script is configured to run at boot.
This is for an Ubuntu 12.04 LTS system.
To avoid the security risk of having another account with shell access, you can remove ssh access for the account by adding the following line to /etc/ssh/sshd_config:
DenyUsers splunk
Then restart SSH daemon:
. /etc/init.d/ssh restart
This specifically blocks the user splunk from logging in via SSH. Even though the username/password challenge still works for this account, it will never successfully login to a shell, even with the correct password. And splunk’s stormforwarder actually needs shell access from this user in order to start at boot time.
Alternatively you can block SSH login access to all accounts except the one you specify with this line:
AllowUsers chosenaccount
Where chosenaccount will be the only user that can login via SSH, using password or keys.
Leave a Reply