Adding this to the end of my SPlunk URl allows standard users to see all the modules loaded. I do not want the end users to be able to see what is loaded. Does anyone know how to harden splunk to only allow access to the URl provided?
I created an App and locked the user to that app but it seems like it dod not work for this.
You could take an axe to $SPLUNK_HOME/Python-2.7/Lib/site-packages/splunk/appserver/mrsparkle/controllers/top.py
and for example add a redirect to its modules
page at around L150:
@expose_page(must_login=True)
def modules(self, **kwargs):
self.redirect_to_url('/') # added
return # added
"""
Generates an HTML page documenting all registered modules
"""
...
That's not a very pretty approach, and obviously not update-safe... but should do the job. Remember to restart splunkweb after making changes.