Security
Highlighted

Hardening: \en-US\Modules

New Member

Adding this to the end of my SPlunk URl allows standard users to see all the modules loaded. I do not want the end users to be able to see what is loaded. Does anyone know how to harden splunk to only allow access to the URl provided?

I created an App and locked the user to that app but it seems like it dod not work for this.

Tags (1)
0 Karma
Highlighted

Re: Hardening: \en-US\Modules

SplunkTrust
SplunkTrust

You could take an axe to $SPLUNK_HOME/Python-2.7/Lib/site-packages/splunk/appserver/mrsparkle/controllers/top.py and for example add a redirect to its modules page at around L150:

@expose_page(must_login=True)
def modules(self, **kwargs):
    self.redirect_to_url('/') # added
    return                    # added
    """
    Generates an HTML page documenting all registered modules
    """
    ...

That's not a very pretty approach, and obviously not update-safe... but should do the job. Remember to restart splunkweb after making changes.

0 Karma