Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed least priv mode #144

Merged
merged 5 commits into from
Nov 17, 2022
Merged

Fixed least priv mode #144

merged 5 commits into from
Nov 17, 2022

Conversation

jewnix
Copy link
Collaborator

@jewnix jewnix commented Nov 16, 2022

No description provided.

@jewnix jewnix requested a review from dtwersky November 16, 2022 03:00
jewnix
jewnix commented Nov 17, 2022
View reviewed changes
roles/splunk/tasks/configure_facl.yml
when:
- least_privileged == false or "'full' in group_names"
- splunk_nix_user != 'root'
when: not least_privileged
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moved over the conditional to main.yml so it can be re-used if needed.

jewnix
jewnix commented Nov 17, 2022
View reviewed changes
roles/splunk/tasks/main.yml
@@ -51,7 +51,9 @@
- name: Setting least priviledged mode
set_fact:
least_privileged: true
when: splunk_package_version is version(9.0, '>=')
when: >
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In version 9.0.0, a least privileged mode was introduced aromatically adding CAP_DAC_READ_SEARCH to the systemd unit file, which allows the forwarder to read all files on the filesystem, even it is running as a non-root user, therefore we don't need the configure_facl.yml task for those instances.

This feature is currently only available on the Universal Forwarder, therefore a full install will only be in least_privileged if it is running as root.

@dtwersky dtwersky merged commit ec6846a into splunk:master Nov 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anelson-splunk anelson-splunk anelson-splunk approved these changes

@dtwersky dtwersky Awaiting requested review from dtwersky

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jewnix @anelson-splunk @dtwersky