Hi Danny-
Most companies are going to be very tight-lipped about what OS details they are using. Let's just say that I am replying to this because we are in the same "ballpark". 🙂
7.7 is using the same kernel version (3.10) with the only difference from any other version of 7 being the build number. Since kernel.org is at the latest 5.x, RHEL and CentOS go for stability. However, CentOS8 makes a big jump to 4.18.0-80 from the 3.10 build, so there's something there that should be evaluated. It seems, however, that 3.10 is still the most stable and secure, at least for the 7.x setups.
SELinux is highly recommended, with the ability to have customized app access and better ACL control. The firewallD app is great as well.
Tanium is a good security app to keep an eye on things in addition to others I cannot mention.
Sometimes the best defense is staying on top of security patches, daily scanning, and patch evaluation is also critical. Don't scan the index filesystem for your indexers though! 🙂
I also highly recommend using Workload Management which gives you Control Groups (built into RHEL and CENTOS) which allows much more power over the Splunk processes (even allowing to allocate resources to searches or indexing, or both in varying degrees). This could be helpful in security evaluation situations (I allocate x% to splunkd and nothing else can take that).
Hope this helps,
Mike
... View more