All Apps and Add-ons

There are several issues to be fixed in the current app release of CIS Critical Security Controls.

SplunkTrust
SplunkTrust

Hello,

There are several things to be corrected within the current version of the application:

  • metdadata/local.meta

There should not be local.meta files when you publish the application in Splunk base, any stanza would need to migrated to default.meta and this file should removed from the package

Finally, the default.meta should be cleaned, removing references to SPlunk versions, setting up properly parents Meta and removing childs metata if not useful

  • metadata/local.meta Git conflict unleaned

There is an unclean Git conflict in both file, with lines:

<<<<<<< HEAD

Which will generates huge number of WARN messages in splunkd.

03-21-2018 10:16:44.658 +0000 WARN  IniFile - /opt/splunk/etc/apps/cis-controls-app-for-splunk/metadata/local.meta, line 148: Cannot parse into key-value pair: <<<<<<< HEAD
03-21-2018 10:16:44.658 +0000 WARN  IniFile - /opt/splunk/etc/apps/cis-controls-app-for-splunk/metadata/local.meta, line 360: Cannot parse into key-value pair: <<<<<<< HEAD
03-21-2018 10:17:05.418 +0000 WARN  ConfObjectManagerDB - /opt/splunk/etc/apps/cis-controls-app-for-splunk/metadata/local.meta, line 8: Error parsing setting:  = ======

And there are others errors like the usage of deprecated features and syntax in xml files, wrong authorisations on csv files, etc.

I would kindly suggest to use appinspect when building your package, such that you can automatically be informed of these issues and perform unit testing for code quality improvements.

http://dev.splunk.com/view/SP-CAAAFAK

Many thanks,

Regards,

Guilhem

0 Karma
1 Solution

Splunk Employee
Splunk Employee

Thanks for your kind words @guilmxm.

Please know that these issues (and others) are in the queue for correction in my repo when the next iteration is released.

Many thanks again.

View solution in original post

0 Karma

Splunk Employee
Splunk Employee

Thanks for your kind words @guilmxm.

Please know that these issues (and others) are in the queue for correction in my repo when the next iteration is released.

Many thanks again.

View solution in original post

0 Karma

Splunk Employee
Splunk Employee

Hi @guilmxm - app developer here.

Thanks for your note. Searching before posting would've turned this up as a known item.

Hopefully realworld usage of the app is useful for you despite these nuisance lines in splunkd.log.

Cheers.

0 Karma

SplunkTrust
SplunkTrust

Hello !

And it's because it is a very good application, and an amazing work you've done, and because it is useful to many that I wanted to post in case you wouldn't be aware of that 😉

Cheers,

0 Karma