Splunk Cloud Platform

Receiving a Splunk app permission issue?

mala_fmr
Engager

We have an custom app which contains just props and transforms configs...
When we try to upload app.tgz file. it throws below failures
Need some insights on this.

Source code and binaries standards
[ failure ] Check that files outside of the bin/ and appserver/controllers directory do not have execute permissions and are not .exe files. On Unix platform, Splunk recommends 644 for all app files outside of the bin/ directory, 644 for scripts within the bin/ directory that are invoked using an interpreter (e.g. python my_script.py or sh my_script.sh), and 755 for scripts within the bin/ directory that are invoked directly (e.g. ./my_script.sh or ./my_script). On Windows platform, Splunk recommends removing user's FILE_GENERIC_EXECUTE for all app files outside of the bin/ directory except users in ['Administrators', 'SYSTEM', 'Authenticated Users', 'Administrator'].
  • This file has execute permissions for owners, groups, or others. File: default/transforms.conf
  • This file has execute permissions for owners, groups, or others. File: metadata/default.meta
  • This file has execute permissions for owners, groups, or others. File: default/props.conf
  • This file has execute permissions for owners, groups, or others. File: default/app.conf
Labels (1)
0 Karma

mala_fmr
Engager

I could resolve this issue following package app method explained in this link.
Package apps | Documentation | Splunk Developer Program

0 Karma

mala_fmr
Engager

@richgalloway thanks for the solution..
I tried to change the mode in linux box. I see these failures. Any idea on this?

 

mala_fmr_0-1666216596584.png

 



0 Karma

richgalloway
SplunkTrust
SplunkTrust

Vetting apps is an iterative process.  You fix errors, re-package and re-submit then see what new errors are reported.  Repeat the process until the app passes.

Most error messages are fairly self-explanatory.  You can find some helpful information about them at https://dev.splunk.com/enterprise/reference/appinspect/appinspectcheck/

As for file permissions, directories should be set to 644 and other files to 600.

---
If this reply helps you, Karma would be appreciated.
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Don't use Windows to package apps for Splunk Cloud.  This will happen every time.  The only workaround is to package on a Linux box or a Mac.  You don't have to have Splunk installed on it.  Just transfer the .tgz file, explode it, fix the permissions, and re-tar it.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...