From 3dfbce5e6fd5e81bedac8cf5e6bddb610b7a8205 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 7 Jan 2025 21:58:22 +0100 Subject: [PATCH] Update --- apps/Splunk_TA_nix/default/app.conf | 2 +- apps/Splunk_TA_nix/default/inputs.conf | 270 ------------------------- 2 files changed, 1 insertion(+), 271 deletions(-) delete mode 100644 apps/Splunk_TA_nix/default/inputs.conf diff --git a/apps/Splunk_TA_nix/default/app.conf b/apps/Splunk_TA_nix/default/app.conf index 52645bab..aee3cb59 100644 --- a/apps/Splunk_TA_nix/default/app.conf +++ b/apps/Splunk_TA_nix/default/app.conf @@ -11,7 +11,7 @@ build = 1720176219 [ui] setup_view = ta_nix_configuration -is_visible = true +is_visible = false label = Splunk Add-on for Unix and Linux docs_section_override = AddOns:released diff --git a/apps/Splunk_TA_nix/default/inputs.conf b/apps/Splunk_TA_nix/default/inputs.conf deleted file mode 100644 index 9e0eeb7c..00000000 --- a/apps/Splunk_TA_nix/default/inputs.conf +++ /dev/null @@ -1,270 +0,0 @@ -## -## SPDX-FileCopyrightText: 2024 Splunk, Inc. -## SPDX-License-Identifier: LicenseRef-Splunk-8-2021 -## -## - -[script://./bin/vmstat_metric.sh] -sourcetype = vmstat_metric -source = vmstat -interval = 60 -disabled = 1 - -[script://./bin/iostat_metric.sh] -sourcetype = iostat_metric -source = iostat -interval = 60 -disabled = 1 - -[script://./bin/ps_metric.sh] -sourcetype = ps_metric -source = ps -interval = 30 -disabled = 1 - -[script://./bin/df_metric.sh] -sourcetype = df_metric -source = df -interval = 300 -disabled = 1 - -[script://./bin/interfaces_metric.sh] -sourcetype = interfaces_metric -source = interfaces -interval = 60 -disabled = 1 - -[script://./bin/cpu_metric.sh] -sourcetype = cpu_metric -source = cpu -interval = 30 -disabled = 1 - -################################################ -############### Event Inputs ################### -################################################ - -[script://./bin/vmstat.sh] -interval = 60 -sourcetype = vmstat -source = vmstat -disabled = 1 - -[script://./bin/iostat.sh] -interval = 60 -sourcetype = iostat -source = iostat -disabled = 1 - -[script://./bin/nfsiostat.sh] -interval = 60 -sourcetype = nfsiostat -source = nfsiostat -disabled = 1 - -[script://./bin/ps.sh] -interval = 30 -sourcetype = ps -source = ps -disabled = 1 - -[script://./bin/top.sh] -interval = 60 -sourcetype = top -source = top -disabled = 1 - -[script://./bin/netstat.sh] -interval = 60 -sourcetype = netstat -source = netstat -disabled = 1 - -[script://./bin/bandwidth.sh] -interval = 60 -sourcetype = bandwidth -source = bandwidth -disabled = 1 - -[script://./bin/protocol.sh] -interval = 60 -sourcetype = protocol -source = protocol -disabled = 1 - -[script://./bin/openPorts.sh] -interval = 300 -sourcetype = openPorts -source = openPorts -disabled = 1 - -[script://./bin/time.sh] -interval = 21600 -sourcetype = time -source = time -disabled = 1 - -[script://./bin/lsof.sh] -interval = 600 -sourcetype = lsof -source = lsof -disabled = 1 - -[script://./bin/df.sh] -interval = 300 -sourcetype = df -source = df -disabled = 1 - -# Shows current user sessions -[script://./bin/who.sh] -sourcetype = who -source = who -interval = 150 -disabled = 1 - -# Lists users who could login (i.e., they are assigned a login shell) -[script://./bin/usersWithLoginPrivs.sh] -sourcetype = usersWithLoginPrivs -source = usersWithLoginPrivs -interval = 3600 -disabled = 1 - -# Shows last login time for users who have ever logged in -[script://./bin/lastlog.sh] -sourcetype = lastlog -source = lastlog -interval = 300 -disabled = 1 - -# Shows stats per link-level Etherner interface (simply, NIC) -[script://./bin/interfaces.sh] -sourcetype = interfaces -source = interfaces -interval = 60 -disabled = 1 - -# Shows stats per CPU (useful for SMP machines) -[script://./bin/cpu.sh] -sourcetype = cpu -source = cpu -interval = 30 -disabled = 1 - -# This script reads the auditd logs translated with ausearch -[script://./bin/rlog.sh] -sourcetype = auditd -source = auditd -interval = 60 -disabled = 1 - -# Run package management tool collect installed packages -[script://./bin/package.sh] -sourcetype = package -source = package -interval = 3600 -disabled = 1 - -[script://./bin/hardware.sh] -sourcetype = hardware -source = hardware -interval = 36000 -disabled = 1 - -[monitor:///Library/Logs] -disabled = 1 - -[monitor:///var/log] -whitelist=(\.log|log$|messages|secure|auth|mesg$|cron$|acpid$|\.out) -blacklist=(lastlog|anaconda\.syslog) -disabled = 1 - -[monitor:///var/adm] -whitelist=(\.log$|messages) -disabled = 1 - -[monitor:///etc] -whitelist=(\.(conf|cfg|ini|init|cf|cnf|profile|rc|rules|tab|login)$|(config|shrc|tab|policy)$|^ifcfg) -disabled = 1 - -### bash history -[monitor:///root/.bash_history] -disabled = true -sourcetype = bash_history - -[monitor:///home/*/.bash_history] -disabled = true -sourcetype = bash_history - - - -##### Added for ES support -# Note that because the UNIX app uses a single script to retrieve information -# from multiple OS flavors, and is intended to run on Universal Forwarders, -# it is not possible to differentiate between OS flavors by assigning -# different sourcetypes for each OS flavor (e.g. Linux:SSHDConfig), as was -# the practice in the older deployment-apps included with ES. Instead, -# sourcetypes are prefixed with the generic "Unix". - -# May require Splunk forwarder to run as root on some platforms. -[script://./bin/openPortsEnhanced.sh] -disabled = true -interval = 3600 -source = Unix:ListeningPorts -sourcetype = Unix:ListeningPorts - -[script://./bin/passwd.sh] -disabled = true -interval = 3600 -source = Unix:UserAccounts -sourcetype = Unix:UserAccounts - -# Only applicable to Linux -[script://./bin/selinuxChecker.sh] -disabled = true -interval = 3600 -source = Linux:SELinuxConfig -sourcetype = Linux:SELinuxConfig - -# Currently only supports SunOS, Linux, OSX. -# May require Splunk forwarder to run as root on some platforms. -[script://./bin/service.sh] -disabled = true -interval = 3600 -source = Unix:Service -sourcetype = Unix:Service - -# Currently only supports SunOS, Linux, OSX. -# May require Splunk forwarder to run as root on some platforms. -[script://./bin/sshdChecker.sh] -disabled = true -interval = 3600 -source = Unix:SSHDConfig -sourcetype = Unix:SSHDConfig - -# Currently only supports Linux, OSX. -# May require Splunk forwarder to run as root on some platforms. -[script://./bin/update.sh] -disabled = true -interval = 86400 -source = Unix:Update -sourcetype = Unix:Update - -[script://./bin/uptime.sh] -disabled = true -interval = 86400 -source = Unix:Uptime -sourcetype = Unix:Uptime - -[script://./bin/version.sh] -disabled = true -interval = 86400 -source = Unix:Version -sourcetype = Unix:Version - -# This script may need to be modified to point to the VSFTPD configuration file. -[script://./bin/vsftpdChecker.sh] -disabled = true -interval = 86400 -source = Unix:VSFTPDConfig -sourcetype = Unix:VSFTPDConfig