Is it possible to restrict the "splunk enable listen" command so that it only listens to certain IP addresses? Or better yet, uses an API?
You could add TLS certs there and validate that those are correct before accept connection. See https://docs.splunk.com/Documentation/Splunk/9.0.1/Security/AboutsecuringyourSplunkconfigurationwith...
r. Ismo