diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS index 64a2c68c3ababda8d526d6cd995f02cd36f837ab..74d136c67e9af6faa695dd3b02e58e05930f2951 100644 --- a/.gitlab/CODEOWNERS +++ b/.gitlab/CODEOWNERS @@ -4,3 +4,6 @@ [Gitlab Configuration Files] .gitlab/* @ironbank-notifications/cht + +[ClamAV Whitelist File] +clamav-whitelist @ironbank-security-team diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..07c7c653b93645c36a590b7361f7f73642547bda --- /dev/null +++ b/Dockerfile @@ -0,0 +1,167 @@ +# Copyright 2021 Splunk +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#base setup +ARG BASE_REGISTRY=registry1.dso.mil +ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8-minimal +ARG BASE_TAG=8.4 + +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as base +#FROM registry.access.redhat.com/ubi8/ubi-minimal:8.3-291 as base + +#remove if there is no need to have scloud in this build +ARG SCLOUD_URL +ENV SCLOUD_URL=https://github.com/splunk/splunk-cloud-sdk-go/releases/download/v1.7.0/scloud_v4.0.0_linux_amd64.tar.gz +ENV PYTHON_VERSION=3.7.10 \ + PYTHON_GPG_KEY_ID=0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D + +COPY scripts/install.sh /install.sh + +RUN mkdir /licenses +COPY apache-2.0.txt /licenses/apache-2.0.txt +COPY EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf /licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf +COPY requests-2.25.1.tar.gz requests-2.25.1.tar.gz +COPY Jinja2-3.0.0.tar.gz Jinja2-3.0.0.tar.gz +COPY urllib3-1.26.4.tar.gz urllib3-1.26.4.tar.gz +COPY chardet-4.0.0.tar.gz chardet-4.0.0.tar.gz +COPY certifi-2020.12.5.tar.gz certifi-2020.12.5.tar.gz +COPY idna-3.1.tar.gz idna-3.1.tar.gz +COPY PyYAML-5.4.1.tar.gz PyYAML-5.4.1.tar.gz +COPY cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl +COPY MarkupSafe-2.0.1.tar.gz MarkupSafe-2.0.1.tar.gz +COPY six-1.16.0.tar.gz six-1.16.0.tar.gz +COPY cffi-1.14.5.tar.gz cffi-1.14.5.tar.gz +COPY pycparser-2.20.tar.gz pycparser-2.20.tar.gz +COPY Python-3.7.10.tgz /tmp/python.tgz +COPY wheel-0.36.2.tar.gz wheel-0.36.2.tar.gz +COPY jmespath-0.10.0.tar.gz jmespath-0.10.0.tar.gz +COPY PyYAML-5.4.1-cp37-cp37m-manylinux1_x86_64.whl PyYAML-5.4.1-cp37-cp37m-manylinux1_x86_64.whl +COPY ansible-4.0.0.tar.gz ansible-4.0.0.tar.gz +COPY ansible-core-2.11.1.tar.gz ansible-core-2.11.1.tar.gz +COPY packaging-20.9-py2.py3-none-any.whl packaging-20.9-py2.py3-none-any.whl +COPY resolvelib-0.5.4-py2.py3-none-any.whl resolvelib-0.5.4-py2.py3-none-any.whl +COPY pyparsing-2.4.7.tar.gz pyparsing-2.4.7.tar.gz + +RUN /install.sh && rm -rf /install.sh + +#Install scloud +COPY scloud_v7.1.0_linux_amd64.tar.gz /usr/bin/scloud.tar.gz +RUN tar -zxf /usr/bin/scloud.tar.gz -C /usr/bin/ && rm /usr/bin/scloud.tar.gz + +#end base setup + +ARG SPLUNK_PRODUCT=splunk +ARG SPLUNK_VERSION=8.2.0 +ARG SPLUNK_BUILD=e053ef3c985f +ARG SPLUNK_ARCH=x86_64 +ARG SPLUNK_LINUX_FILENAME=splunk-${SPLUNK_VERSION}-${SPLUNK_BUILD}-Linux-${SPLUNK_ARCH}.tgz + +# Get and unpack Splunk Enterprise +# +FROM base as package +COPY scripts/make-minimal-exclude.py /tmp +ENV SPLUNK_BUILD_URL=https://download.splunk.com/products/${SPLUNK_PRODUCT}/releases/${SPLUNK_VERSION}/linux/${SPLUNK_LINUX_FILENAME} +RUN python /tmp/make-minimal-exclude.py $SPLUNK_BUILD_URL > /tmp/splunk-minimal-exclude.list +COPY splunk-8.2.0-e053ef3c985f-Linux-x86_64.tgz /tmp/splunk.tgz +RUN mkdir -p /minimal/splunk/var /extras/splunk/var +RUN tar -C /minimal/splunk --strip 1 --exclude-from=/tmp/splunk-minimal-exclude.list -zxf /tmp/splunk.tgz +RUN tar -C /extras/splunk --strip 1 --wildcards --files-from=/tmp/splunk-minimal-exclude.list -zxf /tmp/splunk.tgz +RUN mv /minimal/splunk/etc /minimal/splunk-etc +RUN mv /extras/splunk/etc /extras/splunk-etc +RUN mkdir -p /minimal/splunk/etc /minimal/splunk/share/splunk/search_mrsparkle/modules.new +COPY splunk-ansible.tar.gz splunk-ansible.tar.gz +RUN tar -zxf splunk-ansible.tar.gz && mv splunk-ansible-8.2.0 splunk-ansible-develop && rm splunk-ansible.tar.gz + +# +# Minimal Splunk base image with many files excluded, intended for internal and experimental use +# +FROM base as minimal +ENV SPLUNK_HOME=/opt/splunk \ + SPLUNK_GROUP=splunk \ + SPLUNK_USER=splunk +ENV TMPSPLUNKDIR=${SPLUNK_HOME}/tmp +ENV TMPETCDIR=${TMPSPLUNKDIR}/etc + +# Currently kubernetes only accepts UID and not USER field to +# start a container as a particular user. So we create Splunk +# user with pre-determined UID. +ARG UID=41812 +ARG GID=41812 + +# Simple script used to populate/upgrade splunk/etc directory +COPY scripts/updateetc.sh /sbin/updateetc.sh + +# Setup users and groups +RUN groupadd -r -g ${GID} ${SPLUNK_GROUP} \ + && useradd -r -m -u ${UID} -g ${GID} ${SPLUNK_USER} \ + && chmod 755 /sbin/updateetc.sh + +COPY --from=package --chown=splunk:splunk /minimal /opt + +USER ${SPLUNK_USER} +WORKDIR ${SPLUNK_HOME} +EXPOSE 8000/tcp 8089/tcp + +# +# Bare Splunk Enterprise Image without Ansible (BYO entrypoint) +# +FROM minimal as bare +COPY --from=package --chown=splunk:splunk /extras /opt +#remove unneeded packages that were vulnerable +#RUN rm -fdr /opt/splunk/etc/apps/splunk_archiver /opt/splunk/bin/jars/thirdparty/hive /opt/splunk/bin/jars/thirdparty/hive_1_2 /opt/splunk/bin/jars/thirdparty/hive_3_1 /opt/splunk/bin/jars/vendors/spark /opt/splunk/bin/jars/thirdparty/common/commons-io-2.4.jar /opt/splunk/bin/jars/thirdparty/aws/commons-codec-1.7.jar +COPY scripts/delete_jquery.py /delete_jquery.py +RUN python /delete_jquery.py +EXPOSE 8000 8065 8088 8089 8191 9887 9997 +VOLUME [ "/opt/splunk/etc", "/opt/splunk/var" ] + +# +# Full Splunk Enterprise Image with Ansible +# +FROM bare + +ARG SPLUNK_DEFAULTS_URL + +ENV SPLUNK_ROLE=splunk_standalone \ + SPLUNK_DEFAULTS_URL=${SPLUNK_DEFAULTS_URL} \ + SPLUNK_ANSIBLE_HOME=/opt/ansible \ + ANSIBLE_USER=ansible \ + ANSIBLE_GROUP=ansible \ + CONTAINER_ARTIFACT_DIR=/opt/container_artifact + +USER root + +COPY [ "scripts/entrypoint.sh", "scripts/createdefaults.py", "scripts/checkstate.sh", "/sbin/" ] +COPY --from=package /splunk-ansible-develop ./splunk-ansible-develop + +# Set sudo rights +RUN echo 'Create the ansible user/group' \ + && groupadd -r ${ANSIBLE_GROUP} \ + && useradd -r -m -g ${ANSIBLE_GROUP} ${ANSIBLE_USER} \ + && usermod -aG sudo ${ANSIBLE_USER} \ + && usermod -aG ${ANSIBLE_GROUP} ${SPLUNK_USER} \ + && echo 'Container Artifact Directory is a place for all artifacts and logs that are generated by the provisioning process. The directory is owned by the user "ansible".' \ + && mkdir ${CONTAINER_ARTIFACT_DIR} \ + && chown -R ${ANSIBLE_USER}:${ANSIBLE_GROUP} ${CONTAINER_ARTIFACT_DIR} \ + && chmod -R 775 ${CONTAINER_ARTIFACT_DIR} \ + && mv splunk-ansible-develop ${SPLUNK_ANSIBLE_HOME} \ + && chmod -R 555 ${SPLUNK_ANSIBLE_HOME} \ + && chgrp ${ANSIBLE_GROUP} ${SPLUNK_ANSIBLE_HOME} ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \ + && chmod 775 ${SPLUNK_ANSIBLE_HOME} \ + && chmod 664 ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \ + && chmod 755 /sbin/entrypoint.sh /sbin/createdefaults.py /sbin/checkstate.sh + +USER ${SPLUNK_USER} +HEALTHCHECK --interval=30s --timeout=30s --start-period=3m --retries=5 CMD /sbin/checkstate.sh || exit 1 +ENTRYPOINT [ "/sbin/entrypoint.sh" ] +CMD [ "start-service" ] diff --git a/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf b/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf new file mode 100644 index 0000000000000000000000000000000000000000..3a32abd7580e3337c6851279a52bec45298b9614 Binary files /dev/null and b/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf differ diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000000000000000000000000000000000000..2caa8f35c8bc9641115812056331a3349e988a71 --- /dev/null +++ b/LICENSE @@ -0,0 +1,976 @@ +############################################################################### +################### Purchase License ################## +############################################################################### +For information on how to license this software, please email the following +address with your contact information: + +jconnelly@splunk.com + +Upon receipt you should be contacted within 24 business hours. + + +############################################################################### +################### EULA ##################### +############################################################################### + +SPLUNK SOFTWARE LICENSE AGREEMENT + + + +This Splunk Software License Agreement ("Agreement") governs your use of +Splunk software. By downloading and using Splunk software: (a) you are +indicating that you have read and understand this Agreement, and agree to be +legally bound by it on your behalf or on behalf of the entity for which you +are acting; and (b) you represent and warrant that you have the authority to +act on behalf of and bind this entity (if any). You, and the entity for which +you work (if any), acknowledge that by submitting an order for the Splunk +software, you and this entity (if any) have agreed to be bound by this +agreement. + +As used in this Agreement, "Splunk," refers to Splunk Inc., a Delaware +corporation, with its principal place of business at 270 Brannan Street, San +Francisco, California 94107, U.S.A.; and "Customer" refers to the company, +government, or other entity on whose behalf you have entered into this +Agreement or, if there is no such entity, you as an individual. + +1. DEFINITIONS. Capitalized terms used but not otherwise defined in this +Agreement are defined in Exhibit A. + +2. LICENSE TERMS. + + 2.1 License Grant. Subject to Customer's compliance with this Agreement, + including Customer's timely payment of all applicable fees, Splunk grants + to Customer a nonexclusive, worldwide, nontransferable, nonsublicensable + license during the Applicable Term to: + + 2.1.1 use the Purchased Software within the Licensed Capacity solely for + Customer's Internal Business Purposes; + + 2.1.2 use the Evaluation Software (if any) within the Licensed Capacity + solely to evaluate whether Customer wishes to purchase a commercial + license for the Software; + + 2.1.3 use the Test and Development Software (if any) within the Licensed + Capacity on a non-production system for non-production uses, including + product migration testing or pre-production staging, or testing new data + sources, types, or use cases. The Test and Development Software may not be + used for any revenue generation, commercial activity, or other productive + business or purpose; + +2.1.4 use the Free Software within the Licensed Capacity solely for Customer's +Internal Business Purposes; + +2.1.5 use subscribed content from a Content Subscription solely in connection +with the designated Purchased Software and solely for Customer's Internal +Business Purposes. The term for this license will be for the subscription +period included in the Order. This content will be treated as Purchased +Software under this Agreement except that the warranty in section 10 will not +apply; + +2.1.6 use Splunk Extensions solely in connection with applicable Software that +Customer has licensed from Splunk, subject to the same limitations and +restrictions (including with respect to Term and Licensed Capacity) that apply +to this Software. Notwithstanding the foregoing, if any Splunk Extension is +provided to Customer under a separate license agreement that grants Customer +broader rights with respect to the Splunk Extension, then that separate +license agreement, and not this Agreement, will govern Customer's use of the +Splunk Extension (but, for clarity, this Agreement will apply to all other +Splunk Extensions); and + +2.1.7 (a) to copy, modify and use the Splunk Developer Tools solely to develop +Extensions for use with the designated Software or Splunk Extensions +("Customer Extensions"), and (b) to distribute the Customer Extensions +exclusively for use with the designated Software or Splunk Extension. The +foregoing license is subject to the following conditions: (y) Customer may not +remove or alter any Splunk proprietary legends or notices; and (z) Customer +may not make any statement that Customer Extensions are certified, or that +their performance is guaranteed by Splunk. Customer retains title to Customer +Extensions, subject to Splunk's ownership stated in section 5. Customer may +license its end users of Customer Extensions to modify or distribute the +Customer Extensions only with the designated Software or Splunk Extension and +only if the license flows down the conditions in (y) and (z). Customer agrees +to assume full responsibility for the performance and distribution of Customer +Extensions. + + + + 2.2 Open Source Software. Certain Software may contain Open Source + Software identified in the end user documentation. Open Source Software + that is delivered as part of Purchased Software, which may not be removed + or used separately from the Purchased Software is covered by the warranty, + support and indemnification provisions applicable to Purchased Software. + Customer acknowledges that specific terms required by Open Source Software + licensors may apply its use. These terms will be included in the + documentation; however, these terms will not: (a) impose any additional + restrictions on Customer's use of the Software, or (b) negate or amend + Splunk's responsibilities with respect to Purchased Software. + + 2.3 License Restrictions. Unless otherwise expressly permitted by + Splunk, Customer will not and has no rights to: (a) copy any Splunk + Materials (except as required to run the Software and for reasonable + backup purposes); (b) modify, adapt, or create derivative works of any + Splunk Materials; (c) rent, lease, loan, resell, transfer, sublicense, + distribute, disclose or otherwise provide any Splunk Materials + (including Splunk license keys) to any third party; (d) decompile, + disassemble or reverse-engineer any Splunk Materials, or determine or + attempt to determine any source code, algorithms, methods or + techniques embodied in any Splunk Materials, except to the extent + expressly permitted by applicable law notwithstanding a contractual + prohibition to the contrary; (e) access or use any Disabled Materials; + (f) provide to any third party the results of any benchmark tests or + other evaluation of any Splunk Materials without Splunk's prior + written consent; (g) attempt to disable or circumvent any license key + or other technological mechanisms intended to prevent, limit, or + control use or copying of, or access to, any Splunk Materials or + Disabled Materials; (h) remove or obscure any copyright, trademark, + patent, or other proprietary notices, legends or symbols from any + Splunk Materials; (i) exceed the Licensed Capacity or violate other + license limitations identified in Exhibit B or elsewhere in this + Agreement; (j) separately use any of the applicable features and + functionalities of the Splunk Materials with external applications or + code not furnished by Splunk or any data not processed by the + Software, except as otherwise specifically permitted in the user + documentation; (k) misuse the Software or use the Software for any + illegal, harmful, fraudulent, or offensive purposes; (l) otherwise + access or use any Splunk Materials except as expressly authorized in + this Agreement; or (m) encourage or assist any third party to do any + of the foregoing. The Software may be configured to display warnings, + reduce available functionality, or cease functioning if unauthorized + or improper use is detected, including if the Term expires or the + Licensed Capacity is reached or exceeded. + + 2.4 Limitations. Notwithstanding anything to the contrary in this + Agreement, Splunk does not provide maintenance and support, + warranties, or indemnification for Evaluation Software, Test and + Development Software, or Free Software. + + 3. SERVICE PROVIDERS. Customer may permit its Service Providers to use + the Software solely on Customer's behalf in connection with providing + services to Customer, subject to the terms and conditions of this + Agreement. Customer will be jointly and severally liable for any + Service Provider's actions relating to or use of the Software. For + avoidance of doubt, the aggregate use by Customer and all of its + Service Providers must not exceed the Licensed Capacity and nothing in + this section 3 is intended to or will be deemed to increase any + Licensed Capacity. + + 4. OWNERSHIP. Splunk, its suppliers or licensors own all worldwide + right, title and interest in the Splunk Materials, including all + related Intellectual Property Rights. Except for the licenses + expressly granted to Customer in section 2, Customer will not acquire + or claim any right, title or interest in any Splunk Materials or + related Intellectual Property Rights, whether by implication, + operation of law or otherwise. Notwithstanding anything to the + contrary, the Software is licensed, not sold, to Customer. To the + extent that Customer provides any Feedback, Customer grants to Splunk + a perpetual, irrevocable, worldwide, nonexclusive, transferable, + sublicensable, royalty-free, fully paid-up right and license to use + and commercially exploit the Feedback in any manner Splunk deems fit. + + 5. LICENSE AND SUBSCRIPTION FEES. Customer will pay all License Fees and + Content Subscription fees listed in the Order (collectively the " Fees") + no later than 30 days after the date of Splunk's applicable invoice. + Without limitation of Splunk's other termination rights, Splunk may + terminate this Agreement and all licenses granted under this Agreement by + notice to Customer if Customer fails to pay the Fees when due. All Fees + are non-refundable once paid. Any fees and payment terms for Splunk + Extensions not included in the Order will be listed on the download page + for Splunk Extensions. + +6. MAINTENANCE AND SUPPORT. Splunk will provide the level of maintenance and +support included in the Order (the "Support Services") in accordance with the +terms and conditions in Exhibit C. + +7. CONFIGURATION SERVICES. Subject to Customer's payment of applicable fees, +Splunk will provide the deployment, usage assistance, configuration, and +training services (if any) listed in the Order (the "Professional Services") +in accordance with Splunk's standard professional services terms and +conditions provided at +https://www.splunk.com/en_us/legal/professional-services-agreement.html. These +terms are incorporated by reference and made a part of this Agreement. + +8. SOFTWARE VERIFICATION AND AUDIT. At Splunk's request, Customer will furnish +Splunk with a certification signed by Customer's authorized representative +verifying that the Software is being used in accordance with this Agreement +and the applicable Order. If the Order includes an offering that requires +usage reporting, Customer agrees to provide this reporting pursuant to the +requirements identified by Splunk. Upon at least 10 business days' prior +written notice to Customer, and not more than once in a 12-month period, +unless a material violation occurred in this period, Splunk may audit +Customer's (and its Service Providers') use of the Software to ensure +compliance with this Agreement and the applicable Order. Any audit will be +conducted during regular business hours at Customer's (and/or its Service +Providers') facilities, will not unreasonably interfere with Customer's (or +its Service Providers') business and will comply with Customer's (or its +Service Providers') reasonable security procedures. Customer will (and will +ensure that its Service Providers) provide Splunk with reasonable access to +all relevant records and facilities reasonably necessary to conduct the audit. +If an audit reveals that Customer (and/or any Service Provider) has exceeded +the Licensed Capacity or the scope of Customer's license grant during the +period audited, then Splunk will invoice Customer, and Customer will promptly +pay Splunk, any underpaid Fees based on Splunk's price list in effect at the +time the audit is completed. If the excess usage exceeds 10% of the Licensed +Capacity, Customer will also pay Splunk's reasonable costs of conducting the +audit. This section 8 will survive expiration or termination of this Agreement +for a period of 1 year. + +9. WARRANTY. Splunk warrants that for a period of 30 days from the Delivery of +Purchased Software, the Purchased Software will substantially perform the +material functions described in Splunk's user documentation, when used in +accordance with the user documentation. The sole liability of Splunk (and its +Affiliates and suppliers/licensors), and Customer's exclusive remedy, for any +failure of the Purchased Software to conform to this warranty, is for Splunk +to do one of the following, at Splunk's sole option and discretion: (a) +modify, or provide an Enhancement for, the Purchased Software so that it +conforms to the foregoing warranty, (b) replace Customer's copy of the +Purchased Software with a copy that conforms to the foregoing warranty, or (c) +terminate the license with respect to the non-conforming Purchased Software +and refund the License Fees paid by Customer for the non-conforming Purchased +Software. All warranty claims must be made in writing by Customer to Splunk +on or before the expiration of the warranty period. Splunk further warrants +that (y) it has the full authority to enter into this Agreement, and (z) at +the time of Delivery, there is no Virus in the Purchased Software. If it is +determined by Splunk that the Purchased Software contains a Virus, Splunk will +assist Customer in repairing or replacing the nonconforming Purchased Software +as Splunk's (and its Affiliates' and suppliers'/licensors') sole liability and +Customer's exclusive remedy for any failure of the Purchased Software to +conform to this warranty. For the sake of clarity, features and functionality +in the Purchased Software that ensure compliance with section 2 of this +Agreement shall not be considered a Virus. + +10. WARRANTY DISCLAIMER. Except as expressly stated in section 9, the Splunk +Materials, Open Source Software, Third Party Content, Support Services, and +professional Services are provided "AS IS" with no warranties, express or +implied. To the full extent permitted by law, Splunk and its suppliers and +licensors disclaim all warranties other than as expressly stated in section 9, +including any implied warranties of merchantability, satisfactory quality, +fitness for a particular purpose, noninfringement, or warranties arising out +of course of dealing or trade usage. Splunk does not warrant that use of the +Software or Splunk Materials will be uninterrupted, error free, secure, or +that all defects will be corrected. + +11. LIMITATION OF LIABILITY. Except for breach of section 2, a party's +indemnification obligations, or either party's gross negligence or willful +misconduct, a party and a Party's Entities will not be liable for any special, +indirect, incidental, consequential, or punitive damages related to this +Agreement, including any damages (a) arising from loss of use, loss of data, +lost profits, lost revenue, business interruption, or cost of procuring +substitute software or services; and (b) based on any theory of liability, +including contract, indemnification, warranty, tort (including negligence), or +strict liability. A party's and a Party's Entities' total cumulative liability +related to this Agreement will not exceed the amounts paid by Customer to +Splunk for the Purchased Software in the 12 months prior to the event giving +rise to this liability, even if the party or the Party's Entities have been +advised of the possibility of loss or damage. Customer, not Splunk, is solely +responsible for the accuracy, quality, and security of Customer's data and for +maintaining a backup of all data and for ensuring the security and integrity +of Customer's (and its Service Provider's) data, computers, networks, and +systems (including protecting them against viruses and malware). + +12. INDEMNITY. Splunk will defend and indemnify Customer against any claim, +demand, suit or proceeding brought against Customer by a third party alleging +that Purchased Software infringes or misappropriates this third party's +Intellectual Property Rights ("Claim"). Splunk will pay all damages finally +awarded against Customer by a court of competent jurisdiction as a result of +the Claim, subject to the terms of this Agreement. Notwithstanding the +foregoing, Splunk has no obligation to indemnify Customer with respect to: (a) +use of the Purchased Software in a manner that is not permitted under this +Agreement or that is inconsistent with Splunk's applicable user documentation; +(b) modifications to the Splunk Materials made by anyone other than Splunk; +(c) the combination of Software with hardware or software not made by Splunk, +or with third-party services, processes or materials where the infringement or +misappropriation would not occur but for this combination; (d) Customer's +continued use of the Purchased Software or other allegedly infringing activity +after receiving notice of the alleged infringement; or (e) any version of the +Purchased Software that is no longer supported by Splunk ((a) through (e), +collectively, "Excluded Matters"). If a Claim is made or appears likely to be +made, Splunk may, at its option and expense, modify the affected Purchased +Software so that it is non-infringing, or replace it with substantially +functionally equivalent software. If Splunk determines that neither is +reasonably feasible, Splunk may terminate Customer's applicable license and +refund Customer a pro rata refund of the Fees previously paid by Customer. The +obligations in this section constitute Customer's sole and exclusive remedy, +and Splunk's entire liability, with respect to any Claims. Customer will +defend and indemnify Splunk against any claim brought against Splunk by a +third party arising out of or relating to any Excluded Matter or any Customer +Extension, and Customer will pay all damages finally awarded against Splunk by +a court of competent jurisdiction as a result of this claim. Each party's +defense and indemnity obligations in this section 12 are conditioned upon the +party seeking indemnification (x) providing prompt written notice to the other +party of the applicable claim; (y) providing reasonable cooperation and +assistance in the defense and negotiations; and (z) giving the indemnifying +party sole control of the defense and settlement of the applicable claim, +except that: (i) the indemnified party may participate in the defense with +counsel of its choice at its own expense, and (ii) the indemnifying party will +not agree to any settlement that imposes a material obligation on the +indemnified party without the indemnified party's prior written consent (not +to be unreasonably withheld or delayed). + +13. CONFIDENTIAL INFORMATION. + + 13.1 Confidential Information. "Confidential Information" means any + technical or business information, ideas, materials, know-how or other + subject matter that is disclosed by one party (the "Discloser") to the + other party (the "Recipient") that: (a) if disclosed in writing, is marked + "confidential" or "proprietary" at the time of disclosure; (b) if + disclosed orally, is identified as "confidential" or "proprietary" at the + time of disclosure, and is summarized in a writing sent by the Discloser + to the Recipient within 30 days after this disclosure; or (c) under the + circumstances, a person exercising reasonable business judgment would + understand to be confidential or proprietary. + + 13.2 Use and Disclosure Restrictions. The Recipient agrees: (a) to + maintain Confidential Information in strict confidence; (b) not to + disclose Confidential Information to any third parties; and (c) to + use Confidential Information only to exercise its rights or perform + its obligations under this Agreement. Recipient will treat + Confidential Information with the same degree of care as it accords to + its own confidential information, but in no event with less than + reasonable care. Recipient may disclose the Confidential Information + to its directors, officers, employees, and subcontractors + (collectively, "Representatives"), who have a bona fide need to know + this Confidential Information and who are bound by terms at least as + protective as the terms in this section 13. Recipient's obligations + under this section 13 will continue in effect for a period of three + years from the date of last disclosure. + + 13.3 Exclusions. The obligations of Recipient under section 13.2 will + not apply to any Confidential Information that: (a) is or becomes + generally known or available to the public, through no act or omission + on the part of Recipient (or any of its Representatives, Affiliates, + or agents) or any third party subject to any use or disclosure + restrictions with respect to this Confidential Information; (b) was + known by or lawfully in the possession of Recipient, prior to its + receipt, without restriction as to use or disclosure; (c) is + rightfully acquired by Recipient from a third party who has the right + to disclose it and who provides it without restriction as to use or + disclosure; or (d) is independently developed by Recipient without + access, use, or reference to any Confidential Information. + + 13.4 Required Disclosures. The provisions of section 13.2 will not + restrict Recipient from disclosing Confidential Information to the + extent required by any law enforcement agencies or regulators or + compelled by a court or administrative agency of competent + jurisdiction. To the extent permissible under law, Recipient will use + reasonable efforts to give Discloser sufficient advance notice of any + required disclosure to enable Discloser to prevent or limit + disclosure. + + 13.5 Return or Destruction of Confidential Information. Upon + termination of this Agreement or of support and maintenance, Recipient + will, at Discloser's option, promptly return or destroy all tangible + items and embodiments containing or consisting of Confidential + Information and provide written certification of this destruction or + return by an authorized person. + + 13.6 Injunctive Relief. Recipient agrees that, due to the unique + nature of the Confidential Information, the unauthorized disclosure or + use of the Confidential Information will cause irreparable harm and + significant injury to Discloser, the extent of which will be difficult + to ascertain and for which there will be no adequate remedy at law. + Accordingly, Recipient agrees that Discloser, in addition to any other + available remedies, will have the right to an immediate injunction and + other equitable relief enjoining any breach or threatened breach of + this section 13, without the necessity of posting any bond or other + security. Recipient will notify Discloser in writing immediately upon + Recipient's becoming aware of any breach or threatened breach. + + 14. TERM. This Agreement will commence upon Splunk's first Delivery of + the Software and will remain in effect until the expiration of the + applicable Software license term, unless earlier terminated pursuant + to section 15 (the "Term"). For the avoidance of doubt, termination of + a license term shall not affect the term of any other licenses + applicable to other Splunk products and services that Customer has + purchased. Further, termination of a Content Subscription shall not + affect the term of the base license applicable to the Software that + Customer has purchased. + + 14.1 Purchased Software, etc. Unless otherwise indicated in the Order, + the Term for Purchased Software, Free Software, Splunk Extensions and + Splunk Developer Tools will continue indefinitely, unless and until + terminated pursuant to section 15. If the Order indicates a Term of a + specific duration, the applicable licenses granted to Customer will + terminate automatically upon expiration of this Term. Upon expiration + of any Term, the applicable Software will stop working automatically. + + 14.2 Evaluation Software. The Term for Evaluation Software will be + specified in the Order or with the license key. If no term is specified, + the Term for Evaluation Software is 30 days from the date the license key + is delivered. Any license keys provided for Evaluation Software will + automatically expire and cause the Evaluation Software to become + non-operational at the end of the Term. If Customer wishes to use the + Evaluation Software after the Term expires, Customer must purchase a + license for the Software. + +15. TERMINATION. + +15.1 Termination Rights. Either party may terminate this Agreement by written +notice to the other party in the event of a material breach of this +Agreement that is not cured within 30 days of receipt of the notice. In +addition, Splunk may immediately terminate this Agreement (in whole or in +part) by written notice to Customer (a) if Customer materially breaches +section 2, or (b) as set forth in section 5. Splunk may also terminate +Customer's license to any Evaluation Software at any time with or without +cause by notice to Customer. If Customer is the Government, then termination +will be governed by 48 C.F.R. Section 52.212-4. + +15.2 Effect of Termination. Upon any expiration or termination of this +Agreement, the rights and licenses granted to Customer will automatically +terminate, and Customer agrees to immediately (a) cease using the Splunk +Materials, (b) return or destroy all copies of the Splunk Materials and other +Splunk Confidential Information in Customer's possession or control, and (c) +certify in writing the completion of the return or destruction in accordance +with section 13.5. Upon termination of this Agreement, Splunk will have no +obligation to refund any Fees or other amounts received from Customer during +the Term. Unless otherwise provided in this Agreement, Customer shall be +required to pay all Fees due under an Order, even in the event of an early +termination. Section 1 (Definitions), section 4 (Ownership), section 8 +(Software Verification and Audit), section 10 (Warranty Disclaimer), section +11 (Limitation of Liability), section 12 (Indemnity), section 13 (Confidential +Information), section 15 (Termination) and sections 16 (Export) through 22 +(General) will survive any expiration or termination of this Agreement. + +16. EXPORT. Customer will comply fully with all relevant export laws and +regulations of the United States and any other country ("Export Laws") where +Customer uses any of the Splunk Materials. Customer certifies that Customer is +not on any of the relevant U.S. government lists of prohibited persons, +including the Treasury Department's List of Specially Designated Nationals and +the Commerce Department's List of Denied Persons or Entity List. Customer +further certifies that Customer will not export, re-export, ship, transfer or +otherwise use the Splunk Materials in any country subject to an embargo or +other sanction by the United States, and that Customer will not use the Splunk +Materials for any purpose prohibited by the Export Laws, including, but not +limited to, nuclear, chemical, missile or biological weapons related end uses. + +17. GOVERNMENT END USER RIGHTS. Customer acknowledges that all Splunk +Materials were developed entirely at private expense and that no part of the +Splunk Materials was first produced in the performance of a government +contract. Customer agrees that all Splunk Materials and their derivatives are +"Commercial Items" as defined in 48 C.F.R. Section 2.101, and if Customer is +the Government, then the use, duplication, reproduction, release, +modification, disclosure or transfer of this commercial product and data, is +restricted in accordance with 48 C.F.R. Section 12.211, 48 C.F.R. Section +12.212, 48 C.F.R. Section 227.7102-2, and 48 C.F.R. Section 227.7202, as +applicable. Consistent with 48 C.F.R. Section 12.211, 48 C.F.R. Section +12.212, 48 C.F.R. Section 227.7102-1 through 48 C.F.R. Section 227.7102-3, and +48 C.F.R. Sections 227.7202-1 through 227.7202-4, as applicable, the Splunk +Materials are licensed to Government end users (a) only as Commercial Items +and (b) with only those rights as are granted to all other users pursuant to +this Agreement and any related agreement(s), as applicable. Accordingly, +Customer will have no rights in the Splunk Materials except as expressly +agreed to in writing by Customer and Splunk. + +18. PUBLICITY. Customer agrees that Splunk may publish a brief description of +Customer's deployment of the Software and identify Customer as a Splunk +customer on any of Splunk's websites, client lists, press releases, and other +marketing materials. + +19. THIRD PARTY CONTENT DISCLAIMER. Certain Extensions and other materials or +services made available for download or access on Splunkbase are developed +and/or provided by third parties ("Third-Party Content"). Splunk makes +Third-Party Content available for download on Splunkbase as a convenience to +its customers. Splunk neither controls nor endorses, nor is Splunk responsible +for, any Third-Party Content, including the accuracy, integrity, quality, +legality, usefulness or safety of Third-Party Content. Certain Third-Party +Content may, among other things, be inaccurate, nonfunctional, infringing or +dangerous. Nothing in this Agreement or on Splunkbase will be deemed to be a +representation or warranty by Splunk with respect to any Third-Party Content, +even if a particular Extension or other item of Third-Party Content is +identified as "certified" or "validated" for use with Software. Splunk has no +obligation to monitor Third-Party Content, and Splunk may block or disable +access to any Third-Party Content at any time. Customer's use of Third-Party +Content is at Customer's own risk and may be subject to any additional terms, +conditions and policies applicable to the Third-Party Content (such as license +terms, terms of service, or privacy policies of the providers of the +Third-Party Content). + +20. AUTHORIZED PARTNERS. If Customer acquired the Software through an +authorized reseller, partner or OEM of Splunk ("Authorized Partner") then, +notwithstanding anything to the contrary in this Agreement: (a) Customer's use +of the Software is subject to any additional terms in the agreement provided +by the Authorized Partner ("Partner Agreement"); (b) Customer agrees to pay +the Authorized Partner the Fees and other applicable fees, and Customer will +have no direct Fee payment obligations to Splunk for this Software; (c) the +Partner Agreement is between Customer and the Authorized Partner and is not +binding on Splunk; and (d) Splunk may terminate this Agreement (including +Customer's right to use the Software) if Splunk does not receive payment for +Customer's use of the Software from the Authorized Partner or if Customer +breaches any term of this Agreement. If the warranty and support terms in the +Partner Agreement are different from those in this Agreement, then those +different terms are solely between Customer and the Authorized Partner and +Splunk has no obligations to Customer with respect to the different terms. +Except as stated in the preceding sentence, if there is any conflict or +inconsistency between this Agreement and the Partner Agreement, this Agreement +will control as between Splunk and Customer. + +21. CHOICE OF LAW AND DISPUTES. Unless Customer is the Government, this +Agreement will be governed by and construed in accordance with the laws of the +State of California, as if performed wholly within the state and without +giving effect to the conflicts of law principles of any jurisdiction or the +United Nations Convention on Contracts for the International Sale of Goods, +the application of which is expressly excluded. Any legal action or proceeding +arising under this Agreement will be brought exclusively in the federal or +state courts located in San Francisco, California, and the parties consent to +personal jurisdiction and this venue (except that Splunk may seek injunctive +relief to prevent improper or unauthorized use or disclosure of any Splunk +Materials in any court of competent jurisdiction). If Customer is the +Government, this Agreement will be governed by and interpreted in accordance +with the Contract Disputes Act of 1978, as amended (41 U.S.C. Sections +7101-7109). Failure of the parties to reach agreement on any request for +equitable adjustment, claim, appeal, or action arising under or relating to +this Agreement will be a dispute to be resolved in accordance with the clause +at 48 C.F.R Section 52.233-1, which is incorporated in this Agreement by +reference. + +22. GENERAL. + + 22.1 Purchase Order. Customer's issuance of a purchase order constitutes + acceptance of this Agreement notwithstanding anything to the contrary in + the purchase order. Splunk expressly rejects any terms and conditions in + Customer's purchase order that differ from those in this Agreement. Any + different or additional terms and conditions will not become a part of the + agreement between the parties notwithstanding any subsequent + acknowledgement, invoice or license key that Splunk may issue. + + 22.2 Notices. All notices required or permitted under this Agreement + will be in writing and delivered in person, by overnight delivery + service, or by registered or certified mail, postage prepaid with + return receipt requested. All notices will be deemed given upon + receipt. All communications will be sent to the addresses in the + applicable Order or to any other address specified to a party in + accordance with this section. + + 22.3 Assignment. Customer may not assign, delegate or transfer this + Agreement, in whole or in part, by agreement, operation of law or + otherwise without the prior written consent of Splunk. Splunk may + assign this Agreement in whole or in part to an Affiliate or in + connection with an internal reorganization or a merger, acquisition, + or sale of all or substantially all of Splunk's assets. Splunk may + also assign its rights to receive payment due as a result of + performance of this Agreement to a bank, trust company, or other + financing institution, including any federal lending agency in + accordance with the Assignment of Claims Act (31 U.S.C. Section 3727) + and may assign this Agreement in accordance with the provisions at 48 + C.F.R Section 42.12, as applicable. Any attempt to assign this + Agreement other than as permitted in this Agreement will be null and + void. Subject to this section, this Agreement will bind and inure to + the benefit of the parties' permitted successors and assigns. + + 22.4 Force Majeure. Neither party will be responsible for any failure + or delay in its performance under this Agreement (except for the + obligation to make payments) due to causes beyond its reasonable + control, including, but not limited to, labor disputes, war, acts of + terror, riot, acts of God, or governmental action. + + 22.5 Rights and Remedies. Except as otherwise expressly stated in this + Agreement, the rights and remedies of either party stated in this + Agreement are not exclusive and are in addition to any other rights + and remedies provided by law or at equity. + + 22.6 Waiver; Severability. The waiver by either party of a breach of + or a default under this Agreement will be effective only if in + writing. The failure by either party to enforce any provisions of this + Agreement will not constitute a waiver of any right under this + Agreement or of any subsequent enforcement of any provision. If a + court of competent jurisdiction holds any provision of this Agreement + invalid or unenforceable, the remaining provisions of the Agreement + will remain in full force and effect, and the provision affected will + be construed so as to be enforceable to the maximum extent permissible + by law. + + 22.7 Operational Metrics and Usage Data. The Software and Splunk + Extensions may be configured to allow Splunk to collect and process + technical and related information about Customer's use of the Software + (which may include, without limitation, ingest volume, search + concurrency, number of unique user logins, Internet protocol + addresses, page views, session duration, and other similar data) and + certain aggregated, anonymized information about the Software + environment (such as hardware identification, operating system, + application version), performance, configuration and other usage + information. Splunk uses this information to support and troubleshoot + issues, provide updates, automate invoices, analyze trends and improve + Splunk's products or services. Participation in the collection and + processing of this data by Splunk is voluntary (except for certain + Free or Evaluation Software or other programs as designated by Splunk, + which may require Customer's participation in an in-product analytics + program as a condition of receiving access to and using the Software). + Instructions on how to disable these in-product collection features + are included in Splunk's end user documentation. Splunk collects and + processes the information it collects subject to Splunk's Privacy + Policy, which can be found at + https://www.splunk.com/en_us/legal/privacy/privacy-policy.html and is + incorporated by reference and made a part of this Agreement. + + 22.8 Integration; Entire Agreement. This Agreement, along with any + additional terms incorporated by reference, including the Order and + the Exhibits hereto, constitute the complete and exclusive + understanding and agreement between the parties and supersedes any + written or oral prior or contemporaneous agreements, communications + and understandings. Any waiver, modification or amendment of any + provision of this Agreement will be effective only if in writing and + signed by duly authorized representatives of both parties. Any terms + and conditions contained or referenced by either party in a quote, + purchase order, acceptance, invoice or any similar document purporting + to modify the terms and conditions contained in this Agreement will be + disregarded and have no effect unless otherwise expressly agreed to by + the parties in accordance with the preceding sentence. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +EXHIBIT A + +DEFINITIONS + +1. "Affiliate," with respect to a party, means a corporation, partnership or +other entity controlling, controlled by or under common control with the +party, but only so long as the control continues to exist. For purposes of +this definition, "control" means ownership, directly or indirectly, of greater +than fifty percent (50%) of the voting rights in the entity (or, in the case +of a noncorporate entity, equivalent rights). + +2. "Authorized Partner" has the meaning stated in section 20. + +3. "Claim" has the meaning stated in section 12. + +4. "Confidential Information" has the meaning stated in section 13.1. + +5. "Content Subscription" means the right for Customer to receive content +applicable to the Purchased Software (such as models, rules, and +configurations, as further described in the relevant end user documentation) +on a periodic basis for the duration of the subscription period. Content +Subscriptions are purchased as an add-on service to the license for Purchased +Software as identified in the Order. + +6. "Customer Extensions" has the meaning stated in Section 2.1.7. + +7. "Delivery" means the date of Splunk's initial delivery of the license key +for the applicable Software or otherwise making the applicable Software +available for download by Customer. + +8. "Disabled Materials" means certain materials (including programs, modules +or components, functionality, features, documentation, content or other +materials) that may be contained in or provided with the Software that are +disabled or hidden in Customer's setting, because Customer either: (a) does +not have the relevant license or license key, or (b) has not paid the +applicable Fees, for those materials. + +9. "Enhancements" means any updates, upgrades, releases, fixes, enhancements +or modifications to the Purchased Software made generally commercially +available by Splunk to its support customers under the terms and conditions in +Exhibit C. + +10. "Evaluation Software" means Software that is specified in an Order as +provided under an evaluation license or a free trial license. + +11. "Excluded Matters" has the meaning stated in section 12. + +12. "Extension" means any separately downloadable suite, configuration file, +add-on, technical add-on, example module, command, function, playbook, content +or application that extends the features or functionality of the applicable +Software. + +13. "Feedback" means all suggestions for improvement or enhancement, +recommendations, comments, opinions, code, input, ideas, reports, information, +know-how or other feedback provided by Customer (whether in oral, electronic, +or written form) to Splunk in connection with Splunk Materials. Feedback does +not include any data, results or output created or generated by Customer using +the Software, unless specifically submitted or communicated by Customer to +Splunk as part of the Feedback. + +14. "Free Software" means Software specified in an Order without charge +(other than Evaluation Software). + +15. "Government" means an agency, department, or instrumentality of the United +States government. + +16. "Intellectual Property Rights" means all patent, copyright, trademark, and +trade secret rights and other intellectual property and proprietary rights, +whether registered or unregistered. + +17. "Internal Business Purpose" means Customer's use for its own internal +business operations on Customer's systems, networks and devices with +Customer's data. This use does not include use by Customer on a service bureau +basis or otherwise to provide services to, or process data for, any third +party. + +18. "Licensed Capacity" means the maximum usage of the Software (e.g., +aggregate daily volume of data indexed, based on source types, number of +Nodes, number of monitored accounts, number of users, storage capacity, search +and compute units, etc.) that is permitted under the type of license included +in an Order. The Licensed Capacity associated with each Purchased Software is +stated in Exhibit B. + +19. "License Fees" means all license fees listed in an Order. + +20. "Open Source Software" means software or similar subject matter that is +distributed under an open source license such as (by way of example only) the +GNU General Public License, GNU Lesser General Public License, Apache License, +Mozilla Public License, BSD License, MIT License, Common Public License, any +derivative of any of the foregoing licenses, or any other license approved as +an open source license by the Open Source Initiative. + +21. "Order" means Splunk's quote, statement of work, or ordering document +(including online order form) accepted by Customer via Customer's purchase +order or other ordering document submitted to Splunk (including directly or +indirectly through an Authorized Partner) to order Splunk Materials or +services, which references the products, services, pricing and other +applicable terms. + +22. "Party's Entities" means a party's affiliates, subsidiaries, officers, +directors, employees, agents, partners and licensors. + +23. "Professional Services" has the meaning stated in section 7. + +24. "Purchased Software" means Software licensed to Customer for which +Customer has paid a License Fee to Splunk, directly or through an Authorized +Partner. + +25. "Service Providers" has the meaning stated in section 3. + +26. "Software" means the software products listed in an Order and any +Enhancements thereto made available to Customer by Splunk. + +27. "Splunkbase" means Splunk's online directory of or platform for +Extensions, currently located at https://splunkbase.splunk.com/ and any and +all successors, replacements, new versions, derivatives, updates and upgrades +thereto and any other similar platform(s) owned and/or controlled by Splunk. + +28. "Splunk Developer Tools" means the standard application programming +interfaces, configurations, software development kits, libraries, command line +interface tools, other tooling (including scaffolding and data generation +tools), integrated development environment plug-ins or extensions, code +examples, tutorials, reference guides and other related materials provided by +Splunk to facilitate or enable the creation of Extensions or otherwise support +interoperability between the Software and Customer's system or environment. + +29. "Splunk Extensions" means Extensions made available through Splunkbase +that are identified on Splunkbase as published by Splunk and not by any third +party. + +30. "Splunk Materials" mean the Software, Software license keys, Splunk +Developer Tools, Splunk Extensions and end user documentation relating +thereto. + +31. "Support Services" has the meaning stated in section 6. + +32. "Term" has the meaning stated in section 14. + +33. "Test and Development Software" means Software that is specified in an +Order as provided under a test and development license. + +34. "Third-Party Content" has the meaning stated in section19. + +35. "Virus" means any harmful or malicious code, hidden programs or data +incorporated in the Purchased Software that destroys or impairs the Purchased +Software. + + + + + + + +EXHIBIT B + +LICENSED CAPACITY + + + +The Licensed Capacity and other license limitations associated with each +Purchased Software can be found here: +https://www.splunk.com/en_us/legal/licensed-capacity.html + + + + + + + + + +EXHIBIT C + +SUPPORT AND MAINTENANCE TERMS AND CONDITIONS + +Customer agrees that the following terms and conditions ("Support Terms") will +govern the delivery of any support or maintenance services by Splunk +("Support") listed on an Order entered into pursuant to the Software License +Agreement (the "Agreement") to which these Support Terms are attached. Subject +to Customer's termination rights stated in the Agreement, ordering any Support +from Splunk or any Authorized Partner indicates Customer's acceptance of these +Support Terms. These Support Terms are effective upon receipt and confirmation +of acceptance of Customer's purchase order by Splunk or an Authorized Partner. + + +1. DEFINITIONS. Unless otherwise defined in these Support Terms, capitalized +terms have the meanings stated in the Agreement. + +2. SUPPORT AND MAINTENANCE. + +2.1 Services. Subject to Customer's timely payment of the applicable annual +Support fees listed in the Order (the "Support Fees"), Splunk will provide the +level of Support identified in the Order in accordance with these Support +Terms. No other maintenance or support for the Software is included. + +2.2 Support Fees. Support Fees will be due and payable in accordance with the +Order. Splunk will notify (electronically or otherwise) Customer of the +then-current annual Support Fee for Customer's level of Support in each notice +of term renewal. Support Fees are non-refundable once paid. + +2.3 Exclusions. Splunk will have no obligation to provide Support for issues +caused by any of the following (each, a "Licensee-Generated Error"): (i) +modifications to the Software not made by Splunk; (ii) use of the Software +other than as authorized in the Agreement or as provided in the documentation +for the Software; (iii) damage to the machine on which the Software is +installed; (iv) Customer's failure to use the Software in ways other than +stated in the documentation; (v) versions of the Software other than the +Supported Version (defined in section 2.6.6); (vi) third-party products not +expressly supported by Splunk and described in the documentation; or (vii) +conflicts related to replacing or installing hardware, drivers, and software +that are not expressly supported by Splunk and described in the documentation. +Splunk will notify Customer as soon as reasonably possible that a support +issue is a Licensee-Generated Error. If the parties agree in writing that +Splunk will provide support for the Licensee-Generated Error, Splunk may +invoice Customer at Splunk's then-current time and materials rates for this +support. + +2.4 Support for Splunk Extensions. Subject to Customer's payment of the +applicable annual Support Fees, Splunk will provide an Initial Response and +Acknowledgement in accordance with P3 terms as described in the Support +Programs (as defined below) for for Splunk Extensions labeled as "Splunk +Supported", and updates will be provided when made generally available. For +clarity, Splunk does not support Splunk Extensions labeled "Not Supported." +No other sections in these Terms and Conditions apply to Splunk Extensions. + +2.5 Restrictions. Support is delivered only in English unless Customer is in a +location where Splunk has made localized Support available. + +2.6 Support Descriptions. + +2.6.1 Splunk Support. Customer's Order will identify the level of Support +Customer purchased for the applicable Purchased Software. The different +support programs and levels are described here: +http://www.splunk.com/en_us/support-and-services/support-programs.html +("Support Programs"). Support cases are handled based on case priority levels +described in the Support Programs. When submitting a case, Customer will +select the priority for initial response by logging the case online in +accordance with the priority guidelines in the Support Programs. Splunk may +change the priority if the issue does not conform to the criteria for the +selected priority. Splunk will provide Customer with notice (electronic or +otherwise) of this change. + +2.6.2 Authorized Support Contacts. Support will be provided solely to the +authorized individual(s) specified by Customer ("Support Contacts"). Splunk +strongly recommends that Customer's Support Contact(s) be trained on the +Purchased Software. The number of Support Contacts under a Support Program are +based on the type and size of Customer's license entitlement. Customer will be +asked to provide the primary email address and Splunk.com login ID for all +Support Contacts. + +2.6.3 Defect Resolution. If Splunk determines there is a defect in the +Purchased Software, Splunk will, in its discretion, (a) repair the defect in +the version of the Purchased Software , (b) instruct Customer to install a +newer version of the Purchased Software with the defect repaired, or (c) +provide Customer a workaround in lieu of fixing the defect. + +2.6.4 Support Hours. Support is provided via telephone, email and web portal. +Support will be delivered by a member of Splunk's technical support team +during the regional hours of operation listed in the Support Programs. + +2.6.5 Customer's Obligation to Assist. If Customer reports a purported defect +in the Purchased Software to Splunk, Splunk may require Customer to provide +the following information: (a) a general description of the operating +environment, (b) a list of all hardware components, operating systems and +networks, (c) a reproducible test case, and (d) log, trace, and systems files. +Customer's failure to provide this information or participate in a screen +share session may prevent Splunk from identifying and fixing that purported +defect or lead to increased resolution times. + +2.6.6 Software Upgrades and Software Support Policy. Splunk provides updates, +upgrades, maintenance releases and reset keys only to Splunk Support customers +pursuant to Splunk's Support Policy provided at: +https://www.splunk.com/en_us/legal/splunk-software-support-policy.html +("Support Policy"). Software comes with a three-digit number version. The +first digit represents the major release (i.e., upgrade), the second digit +identifies the minor releases (i.e., updates) and the third digit identifies +the maintenance releases. With a new major version, the number to the left of +the decimal is changed and for minor releases, the number to the right of the +decimal point is increased. Splunk provides Support for the duration specified +in the Support Policy following the initial release date of each major or +minor version. The current version and the releases within the support period +will be "Supported Versions". + +2.7 Changes in Support and Software. Subject to the Support Policy, Customer +acknowledges that Splunk has the right to discontinue the manufacture, +development or distribution of and Support for, any Software at any time in +its sole discretion. However, Splunk agrees to continue Support for the +Software during the then-current Support Term, subject to the terms in section +3. Splunk reserves the right to alter Support from time to time, using +reasonable discretion but in no event will alterations result in (a) +diminished support from the level of Support in these Support Terms; (b) +materially diminished obligations for Splunk; (c) materially diminished +Customer's rights; or (d) higher Support Fees during the then-current Support +Term. Splunk will provide Customer 30 days' prior written notice of any +material changes to the Support. + +3. TERM AND TERMINATION. + +3.1 Term. These Support Terms will commence on Delivery and continue for a +period of 1 year (or for term purchased if different than one year) (the +"Initial Term") unless terminated earlier in accordance with the terms of the +Agreement. These Support Terms will automatically renew for additional 1 year +terms (or for term purchased if different than one year) (each, a "Renewal +Term," and the Initial Term and the Renewal Terms, may be referred to as the +"then-current Support Term"), unless either party provides the other written +notice of its intent not to renew at least 30 days prior to the end of the +then-current Support Term. If Customer purchases Support from an Authorized +Partner, Customer will provide the notice to the Authorized Partner. If +Customer purchases Support, Customer must purchase and renew Support for all +of the licenses for a particular Software product. If a Support Term lapses, +Customer may seek to re-activate Support by submitting a purchase order that +includes fees for the lapsed period plus a reinstatement fee. + +3.2 Termination. Either party may terminate these Support Terms by written +notice to the other party in the event of a material breach and does not cure +the breach within 30 days of receiving notice of the breach. If Customer +terminates the Agreement for Splunk's uncured material breach of these Terms +and Conditions, then Splunk will refund any unused prepaid fees to Customer as +Customer's sole and exclusive remedy. When Customer accepts a term license or +cloud subscription in an Order that also terminates the Customer's perpetual +licenses of a Software ("Prior Software"), all rights granted with respect to +the Prior Software are terminated upon the effective date of the Order, unless +otherwise specified on the Order. There will be no refund of any Fees +previously paid with respect to the Prior Software. Customer will certify in +writing within 30 business days of the date of a request from Splunk, the +destruction of all of the Prior Software including all Software copies and +related license keys. + + +Splunk Software License Agreement 10.21.2019 + diff --git a/README.md b/README.md index 5dc6fa6db4361c22da2f35edf0544d83ba6001e2..b41a7346f6bd90237bb99e2989ef2bb2d5cdcad9 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,78 @@ -# +# Splunk Enterprise -Project template for all Iron Bank container repositories. \ No newline at end of file +#### Adapted from [docker-splunk](https://github.com/splunk/docker-splunk) to fit the Air Force's requirements. + +---- + +## Purpose + +### What is Splunk Enterprise? +[Splunk Enterprise](https://www.splunk.com/en_us/software/splunk-enterprise.html) is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results. + +See [Splunk Products](https://www.splunk.com/en_us/software.html) for more information about the features and capabilities of Splunk products and how you can [bring them into your organization](https://www.splunk.com/en_us/enterprise-data-platform.html). + +The provisioning of these containers is handled by the [Splunk-Ansible](https://github.com/splunk/splunk-ansible) project. Refer to the [Splunk-Ansible documentation](https://splunk.github.io/splunk-ansible/) and the [Ansible User Guide](https://docs.ansible.com/ansible/latest/user_guide/index.html) for more details. + +To assist with running Splunk in a Kubernetes environment, there is the [Splink Operator for Kubernetes](https://github.com/splunk/splunk-operator) project. Please see the [Getting Started](https://github.com/splunk/splunk-operator/blob/master/docs/README.md) documentation for using the Splunk Operator. + +--- + +## Quickstart + +Start a single containerized instance of Splunk Enterprise with the command below, replacing `` with a password string that conforms to the [Splunk Enterprise password requirements](https://docs.splunk.com/Documentation/Splunk/latest/Security/Configurepasswordsinspecfile). +```bash +$ docker run -p 8000:8000 -e "SPLUNK_PASSWORD=" \ + -e "SPLUNK_START_ARGS=--accept-license" \ + -e "SPLUNK_HOME_OWNERSHIP_ENFORCEMENT=false" \ + -it --name so1 splunk:latest +``` + +This command does the following: +1. Starts a Docker container using the `splunk:latest` image. +1. Names the container as `so1`. +1. Exposes a port mapping from the host's `8000` port to the container's `8000` port +1. Specifies a custom `SPLUNK_PASSWORD`. +1. Accepts the license agreement with `SPLUNK_START_ARGS=--accept-license`. This agreement must be explicitly accepted on every container or Splunk Enterprise doesn't start. +1. Set the Splunk Home Ownership to false with `SPLUNK_HOME_OWNERSHIP_ENFORCEMENT=false` as we are required to start the container as the splunk user for security reasons. + +After the container starts up, you can access Splunk Web at with `admin:`. + +To view the logs from the container created above, run: +```bash +$ docker logs -f so1 +``` + +To enter the container and run Splunk CLI commands, run: +```bash +# Defaults to the user "ansible" +docker exec -it so1 /bin/bash + +# Run shell as the user "splunk" +docker exec -u splunk -it so1 bash +``` + +To enable TCP 10514 for listening, run: +```bash +docker exec -u splunk so1 /opt/splunk/bin/splunk add tcp 10514 \ + -sourcetype syslog -resolvehost true \ + -auth "admin:${SPLUNK_PASSWORD}" +``` + +To install an app, run: +```bash +docker exec -u splunk so1 /opt/splunk/bin/splunk install \ + /path/to/app.tar -auth "admin:${SPLUNK_PASSWORD}" +``` + +--- + +## Documentation +Visit the [Docker-Splunk documentation](https://splunk.github.io/docker-splunk/) page for full usage instructions, including installation, examples, and advanced deployment scenarios. + +Not all Documentation at this link will be applicable to this specific image as it has specific build dependencies for the Air Force. + +### Python Support +Python 2 has been removed from the image based on it being end of life. Any Splunk apps or scripts that rely on Python 2 will not work and will need to be re-written for Python 3. Python 3 is included in the image. + +### Data Fabric Search +With DFS being [end of support](https://docs.splunk.com/Documentation/DFS/1.1.2/DFS/Overview) in Oct of 2021, we have started to remove packages required for DFS to function. As such, DFS cannot function in this image of Splunk. diff --git a/apache-2.0.txt b/apache-2.0.txt new file mode 100644 index 0000000000000000000000000000000000000000..d645695673349e3947e8e5ae42332d0ac3164cd7 --- /dev/null +++ b/apache-2.0.txt @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/clamav-whitelist b/clamav-whitelist new file mode 100644 index 0000000000000000000000000000000000000000..adbd76ca47e29b36901617323630afc546d52e88 --- /dev/null +++ b/clamav-whitelist @@ -0,0 +1 @@ +Multios.Trojan.ElectroRAT-9823393-0 diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml new file mode 100644 index 0000000000000000000000000000000000000000..4bd2cce62610947e3f19fd8a05bc431f4f546b1a --- /dev/null +++ b/hardening_manifest.yaml @@ -0,0 +1,147 @@ +--- +apiVersion: v1 + +name: "splunk/splunk/splunk" + +tags: +- "8.2.0" +- "latest" + +args: + BASE_IMAGE: "redhat/ubi/ubi8-minimal" + BASE_TAG: "8.4" + +labels: + org.opencontainers.image.title: "splunk" + org.opencontainers.image.description: "Splunk Enterprise is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results." + org.opencontainers.image.licenses: "Commercial" + org.opencontainers.image.url: "https://www.splunk.com/en_us/legal/splunk-terms-overview.html" + org.opencontainers.image.vendor: "Splunk" + org.opencontainers.image.version: "8.2.0" + mil.dso.ironbank.image.keywords: "security,data,itops" + mil.dso.ironbank.image.type: "commercial" + mil.dso.ironbank.product.name: "Splunk Enterprise" + +resources: +- url: https://github.com/splunk/splunk-ansible/archive/8.2.0.tar.gz + filename: splunk-ansible.tar.gz + validation: + type: sha256 + value: 7e5b254a4db208d8dee261ec56edbdbbcedf54f42c7d02031f8f523892ed0a36 +- url: https://download.splunk.com/products/splunk/releases/8.2.0/linux/splunk-8.2.0-e053ef3c985f-Linux-x86_64.tgz + filename: splunk-8.2.0-e053ef3c985f-Linux-x86_64.tgz + validation: + type: sha256 + value: 868ac331aee0a3437a85cd57604bace201c4ad77c68ee1bbde0cc90fe3f0b717 +- url: https://github.com/splunk/splunk-cloud-sdk-go/releases/download/v1.11.1/scloud_v7.1.0_linux_amd64.tar.gz + filename: scloud_v7.1.0_linux_amd64.tar.gz + validation: + type: sha256 + value: b1f47cb2ffd17fe87f07599c88da42a07e4c51e3c37986e4bb0509000e1344a9 +- url: https://files.pythonhosted.org/packages/6b/47/c14abc08432ab22dc18b9892252efaf005ab44066de871e72a38d6af464b/requests-2.25.1.tar.gz + filename: requests-2.25.1.tar.gz + validation: + type: sha256 + value: 27973dd4a904a4f13b263a19c866c13b92a39ed1c964655f025f3f8d3d75b804 +- url: https://www.python.org/ftp/python/3.7.10/Python-3.7.10.tgz + filename: Python-3.7.10.tgz + validation: + type: sha256 + value: c9649ad84dc3a434c8637df6963100b2e5608697f9ba56d82e3809e4148e0975 +- url: https://files.pythonhosted.org/packages/be/27/a4ee8ec50cdfa87385e1181da8bb4b3205d8e669d13393b747baaa01f45a/ansible-core-2.11.1.tar.gz + filename: ansible-core-2.11.1.tar.gz + validation: + type: sha256 + value: 7e75827a94d47d1c3e1930d708f0ef637a3ab9a21f757aaf55deab6e9f47c682 +- url: https://files.pythonhosted.org/packages/ff/ea/b82dfb8f0d7ddaed50c2dbfe05af9cde3230687c32ceae6ee1bd5ae048c5/ansible-4.0.0.tar.gz + filename: ansible-4.0.0.tar.gz + validation: + type: sha256 + value: 6f67ca5c634e4721d1f8e206dc71d60d1a114d147945355bfc902bd37eb07080 +- url: https://files.pythonhosted.org/packages/3e/89/7ea760b4daa42653ece2380531c90f64788d979110a2ab51049d92f408af/packaging-20.9-py2.py3-none-any.whl + filename: packaging-20.9-py2.py3-none-any.whl + validation: + type: sha256 + value: 67714da7f7bc052e064859c05c595155bd1ee9f69f76557e21f051443c20947a +- url: https://files.pythonhosted.org/packages/eb/11/bda2b7dee2c84d1f1923ae273023bb94d3e5ab3d1a46b4bd8cf5eb81a241/resolvelib-0.5.4-py2.py3-none-any.whl + filename: resolvelib-0.5.4-py2.py3-none-any.whl + validation: + type: sha256 + value: 8113ae3ed6d33c6be0bcbf03ffeb06c0995c099b7b8aaa5ddf2e9b3b3df4e915 +- url: https://files.pythonhosted.org/packages/ed/46/e298a50dde405e1c202e316fa6a3015ff9288423661d7ea5e8f22f589071/wheel-0.36.2.tar.gz + filename: wheel-0.36.2.tar.gz + validation: + type: sha256 + value: e11eefd162658ea59a60a0f6c7d493a7190ea4b9a85e335b33489d9f17e0245e +- url: https://files.pythonhosted.org/packages/3c/56/3f325b1eef9791759784aa5046a8f6a1aff8f7c898a2e34506771d3b99d8/jmespath-0.10.0.tar.gz + filename: jmespath-0.10.0.tar.gz + validation: + type: sha256 + value: b85d0567b8666149a93172712e68920734333c0ce7e89b78b3e987f71e5ed4f9 +- url: https://files.pythonhosted.org/packages/bf/10/ff66fea6d1788c458663a84d88787bae15d45daa16f6b3ef33322a51fc7e/MarkupSafe-2.0.1.tar.gz + filename: MarkupSafe-2.0.1.tar.gz + validation: + type: sha256 + value: 594c67807fb16238b30c44bdf74f36c02cdf22d1c8cda91ef8a0ed8dabf5620a +- url: https://files.pythonhosted.org/packages/7a/a5/393c087efdc78091afa2af9f1378762f9821c9c1d7a22c5753fb5ac5f97a/PyYAML-5.4.1-cp37-cp37m-manylinux1_x86_64.whl + filename: PyYAML-5.4.1-cp37-cp37m-manylinux1_x86_64.whl + validation: + type: sha256 + value: e1d4970ea66be07ae37a3c2e48b5ec63f7ba6804bdddfdbd3cfd954d25a82e63 +- url: https://files.pythonhosted.org/packages/7a/0c/23cbcf515b5394e9f59a3e6629f26e1142b92d474ee0725a26aa5a3bcf76/Jinja2-3.0.0.tar.gz + filename: Jinja2-3.0.0.tar.gz + validation: + type: sha256 + value: ea8d7dd814ce9df6de6a761ec7f1cac98afe305b8cdc4aaae4e114b8d8ce24c5 +- url: https://files.pythonhosted.org/packages/c1/47/dfc9c342c9842bbe0036c7f763d2d6686bcf5eb1808ba3e170afdb282210/pyparsing-2.4.7.tar.gz + filename: pyparsing-2.4.7.tar.gz + validation: + type: sha256 + value: c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1 +- url: https://files.pythonhosted.org/packages/cb/cf/871177f1fc795c6c10787bc0e1f27bb6cf7b81dbde399fd35860472cecbc/urllib3-1.26.4.tar.gz + filename: urllib3-1.26.4.tar.gz + validation: + type: sha256 + value: e7b021f7241115872f92f43c6508082facffbd1c048e3c6e2bb9c2a157e28937 +- url: https://files.pythonhosted.org/packages/ee/2d/9cdc2b527e127b4c9db64b86647d567985940ac3698eeabc7ffaccb4ea61/chardet-4.0.0.tar.gz + filename: chardet-4.0.0.tar.gz + validation: + type: sha256 + value: 0d6f53a15db4120f2b08c94f11e7d93d2c911ee118b6b30a04ec3ee8310179fa +- url: https://files.pythonhosted.org/packages/06/a9/cd1fd8ee13f73a4d4f491ee219deeeae20afefa914dfb4c130cfc9dc397a/certifi-2020.12.5.tar.gz + filename: certifi-2020.12.5.tar.gz + validation: + type: sha256 + value: 1a4995114262bffbc2413b159f2a1a480c969de6e6eb13ee966d470af86af59c +- url: https://files.pythonhosted.org/packages/9f/24/1444ee2c9aee531783c031072a273182109c6800320868ab87675d147a05/idna-3.1.tar.gz + filename: idna-3.1.tar.gz + validation: + type: sha256 + value: c5b02147e01ea9920e6b0a3f1f7bb833612d507592c837a6c49552768f4054e1 +- url: https://files.pythonhosted.org/packages/b2/26/7af637e6a7e87258b963f1731c5982fb31cd507f0d90d91836e446955d02/cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl + filename: cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl + validation: + type: sha256 + value: 1e056c28420c072c5e3cb36e2b23ee55e260cb04eee08f702e0edfec3fb51959 +- url: https://files.pythonhosted.org/packages/71/39/171f1c67cd00715f190ba0b100d606d440a28c93c7714febeca8b79af85e/six-1.16.0.tar.gz + filename: six-1.16.0.tar.gz + validation: + type: sha256 + value: 1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926 +- url: https://files.pythonhosted.org/packages/a8/20/025f59f929bbcaa579704f443a438135918484fffaacfaddba776b374563/cffi-1.14.5.tar.gz + filename: cffi-1.14.5.tar.gz + validation: + type: sha256 + value: fd78e5fee591709f32ef6edb9a015b4aa1a5022598e36227500c8f4e02328d9c +- url: https://files.pythonhosted.org/packages/0f/86/e19659527668d70be91d0369aeaa055b4eb396b0f387a4f92293a20035bd/pycparser-2.20.tar.gz + filename: pycparser-2.20.tar.gz + validation: + type: sha256 + value: 2d475327684562c3a96cc71adf7dc8c4f0565175cf86b6d7a404ff4c771f15f0 + +maintainers: +- name: "Bryan Pluta" + username: "bpluta" + email: "bpluta@splunk.com" + + diff --git a/scripts/checkstate.sh b/scripts/checkstate.sh new file mode 100755 index 0000000000000000000000000000000000000000..549aedabd539fe47cb67347dabe866a2735ae9c4 --- /dev/null +++ b/scripts/checkstate.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +# Copyright 2018 Splunk + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +#This script is used to retrieve and report the state of the container +#Although not actively in the container, it can be used to check the health +#of the splunk instance +#NOTE: If you plan on running the splunk container while keeping Splunk +# inactive for long periods of time, this script may give misleading +# health results + +if [[ "" == "$NO_HEALTHCHECK" ]]; then + if [[ "false" == "$SPLUNKD_SSL_ENABLE" ]]; then + SCHEME="http" + else + SCHEME="https" + fi + #If NO_HEALTHCHECK is NOT defined, then we want the healthcheck + state="$(< $CONTAINER_ARTIFACT_DIR/splunk-container.state)" + + case "$state" in + running|started) + curl -m 30 -f -k $SCHEME://localhost:8089/ + exit $? + ;; + *) + exit 1 + esac +else + #If NO_HEALTHCHECK is defined, ignore the healthcheck + exit 0 +fi diff --git a/scripts/createdefaults.py b/scripts/createdefaults.py new file mode 100755 index 0000000000000000000000000000000000000000..58001da44e77d49d89927eb290cee02036bfaade --- /dev/null +++ b/scripts/createdefaults.py @@ -0,0 +1,66 @@ +#! /usr/bin/python +# Copyright 2018-2021 Splunk +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +import os +import six +import sys +import uuid +import random +import base64 + +splunk_ansible_home = os.environ.get('SPLUNK_ANSIBLE_HOME') +splunk_ansible_inventory = os.path.join(splunk_ansible_home, "inventory") +sys.path.append(os.path.abspath(splunk_ansible_inventory)) + +splunk_hec_token = os.environ.get("SPLUNK_HEC_TOKEN", None) +splunk_password = os.environ.get("SPLUNK_PASSWORD", None) +splunk_idxc_secret = os.environ.get("SPLUNK_IDXC_SECRET", None) +splunk_idxc_pass4SymmKey = os.environ.get("SPLUNK_IDXC_PASS4SYMMKEY", None) +splunk_shc_secret = os.environ.get("SPLUNK_SHC_SECRET", None) +splunk_shc_pass4SymmKey = os.environ.get("SPLUNK_SHC_PASS4SYMMKEY", None) + +def random_generator(size=24): + # Use System Random for + rng = random.SystemRandom() + b = [chr(rng.randrange(256)) for i in range(size)] + s = ''.join(b) + if six.PY2: + s = base64.b64encode(s) + else: + s = base64.b64encode(s.encode()).decode() + return s + + +# if there are no environment vars set, lets make some safe defaults +if not splunk_hec_token: + tempuuid=uuid.uuid4() + os.environ["SPLUNK_HEC_TOKEN"] = str(tempuuid) +if not splunk_password: + os.environ["SPLUNK_PASSWORD"] = random_generator() +if splunk_idxc_pass4SymmKey: + os.environ["SPLUNK_IDXC_PASS4SYMMKEY"] = os.environ["SPLUNK_IDXC_SECRET"] = splunk_idxc_pass4SymmKey +elif splunk_idxc_secret: + os.environ["SPLUNK_IDXC_PASS4SYMMKEY"] = os.environ["SPLUNK_IDXC_SECRET"] = splunk_idxc_secret +else: + os.environ["SPLUNK_IDXC_PASS4SYMMKEY"] = os.environ["SPLUNK_IDXC_SECRET"] = random_generator() +if splunk_shc_secret: + os.environ["SPLUNK_SHC_PASS4SYMMKEY"] = os.environ["SPLUNK_SHC_SECRET"] = splunk_shc_pass4SymmKey +elif splunk_shc_pass4SymmKey: + os.environ["SPLUNK_SHC_PASS4SYMMKEY"] = os.environ["SPLUNK_SHC_SECRET"] = splunk_shc_secret +else: + os.environ["SPLUNK_SHC_PASS4SYMMKEY"] = os.environ["SPLUNK_SHC_SECRET"] = random_generator() +sys.argv.append("--write-to-stdout") +import environ +environ.main() + diff --git a/scripts/delete_jquery.py b/scripts/delete_jquery.py new file mode 100644 index 0000000000000000000000000000000000000000..3a3e1ffd02acb8c7c954252945e7eee4b2b87c7f --- /dev/null +++ b/scripts/delete_jquery.py @@ -0,0 +1,43 @@ +import os + +# Check if $SPLUNK_HOME is set. None of this script will work if it's not. +try: + splunk_home = os.environ['SPLUNK_HOME'] +except Exception as exception: + print('$SPLUNK_HOME is not set. Please set it and try again. Exception {}'.format(exception)) + exit() + +root_directory = splunk_home + '/share/splunk/search_mrsparkle/' # root directory should be an absolute path starting from '/' +files_to_delete = [ + 'exposed/js/build/simplexml/config.js', + 'exposed/js/build/simplexml.min/config.js', + 'exposed/js/contrib/jquery/jquery.js', + 'exposed/js/contrib/jquery-1.8.2.js', + 'exposed/js/contrib/jquery-1.8.2.min.js', + 'exposed/js/contrib/jquery-2.1.0.js', + 'exposed/js/contrib/jquery-2.1.0.min.js', + 'exposed/build/single_value/index.js', + 'exposed/build/pages/enterprise/dashboard.js', + 'exposed/build/pages/lite/dashboard.js', + 'exposed/build/pages/dark/dashboard.js', + 'exposed/build/pdf_mapping/index.js', + 'exposed/build/simplexml/index.js', + 'exposed/build/jscharting/index.js', + 'templates/pages/dashboard.html' +] + +for filename in files_to_delete: + file_path = os.path.join(root_directory, filename) + try: + if os.path.isfile(file_path) or os.path.islink(file_path): + if not os.access(file_path, os.W_OK): # if there is no sufficient permissions, set it. + os.chmod(file_path, 0o777) # python 3.7 syntax + else: + print('Could not set permissions for file {}'.format(file_path)) + continue + os.remove(file_path) + print('Successfully removed file {}'.format(file_path)) + else: + print('File {} not found. Unable to delete.'.format(file_path)) + except Exception as e: + print('Failed to delete {}. Reason: {}'.format(file_path, e)) diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh new file mode 100755 index 0000000000000000000000000000000000000000..72112a345be521ae28217cc063d35f594ac45596 --- /dev/null +++ b/scripts/entrypoint.sh @@ -0,0 +1,190 @@ +#!/bin/bash +# Copyright 2018-2021 Splunk +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -e + +setup() { + # Check if the user accepted the license + if [[ "$SPLUNK_START_ARGS" != *"--accept-license"* ]]; then + printf "License not accepted, please ensure the environment variable SPLUNK_START_ARGS contains the '--accept-license' flag\n" + printf "For example: docker run -e SPLUNK_START_ARGS=--accept-license -e SPLUNK_PASSWORD splunk/splunk\n\n" + printf "For additional information and examples, see the help: docker run -it splunk/splunk help\n" + exit 1 + fi +} + +teardown() { + # Always run the stop command on termination + ${SPLUNK_HOME}/bin/splunk stop 2>/dev/null || true +} + +trap teardown SIGINT SIGTERM + +prep_ansible() { + cd ${SPLUNK_ANSIBLE_HOME} + if [ `whoami` == "${SPLUNK_USER}" ]; then + sed -i -e "s,^become\\s*=.*,become = false," ansible.cfg + fi + if [[ "$DEBUG" == "true" ]]; then + ansible-playbook --version + python inventory/environ.py --write-to-file + cat /opt/container_artifact/ansible_inventory.json 2>/dev/null + cat /opt/ansible/inventory/messages.txt 2>/dev/null || true + echo + fi +} + +watch_for_failure(){ + if [[ $? -eq 0 ]]; then + sh -c "echo 'started' > ${CONTAINER_ARTIFACT_DIR}/splunk-container.state" + fi + echo =============================================================================== + echo + user_permission_change + if [ `whoami` != "${SPLUNK_USER}" ]; then + RUN_AS_SPLUNK="sudo -u ${SPLUNK_USER}" + fi + # Any crashes/errors while Splunk is running should get logged to splunkd_stderr.log and sent to the container's stdout + if [ -z "$SPLUNK_TAIL_FILE" ]; then + echo Ansible playbook complete, will begin streaming splunkd_stderr.log + ${RUN_AS_SPLUNK} tail -n 0 -f ${SPLUNK_HOME}/var/log/splunk/splunkd_stderr.log & + else + echo Ansible playbook complete, will begin streaming ${SPLUNK_TAIL_FILE} + ${RUN_AS_SPLUNK} tail -n 0 -f ${SPLUNK_TAIL_FILE} & + fi + wait +} + +create_defaults() { + createdefaults.py +} + +start_and_exit() { + if [ -z "$SPLUNK_PASSWORD" ] + then + echo "WARNING: No password ENV var. Stack may fail to provision if splunk.password is not set in ENV or a default.yml" + fi + sh -c "echo 'starting' > ${CONTAINER_ARTIFACT_DIR}/splunk-container.state" + setup + prep_ansible + ansible-playbook $ANSIBLE_EXTRA_FLAGS -i inventory/environ.py -l localhost site.yml +} + +start() { + trap teardown EXIT + start_and_exit + watch_for_failure +} + +configure_multisite() { + prep_ansible + ansible-playbook $ANSIBLE_EXTRA_FLAGS -i inventory/environ.py -l localhost multisite.yml +} + +restart(){ + trap teardown EXIT + sh -c "echo 'restarting' > ${CONTAINER_ARTIFACT_DIR}/splunk-container.state" + prep_ansible + ${SPLUNK_HOME}/bin/splunk stop 2>/dev/null || true + ansible-playbook -i inventory/environ.py -l localhost start.yml + watch_for_failure +} + +user_permission_change(){ + if [[ "$STEPDOWN_ANSIBLE_USER" == "true" ]]; then + bash -c "sudo deluser -q ansible sudo" + fi +} + +help() { + cat << EOF + ____ _ _ __ + / ___| _ __ | |_ _ _ __ | | __ \ \\ + \___ \| '_ \| | | | | '_ \| |/ / \ \\ + ___) | |_) | | |_| | | | | < / / + |____/| .__/|_|\__,_|_| |_|_|\_\ /_/ + |_| +======================================== + +Environment Variables: + * SPLUNK_USER - user under which to run Splunk (default: splunk) + * SPLUNK_GROUP - group under which to run Splunk (default: splunk) + * SPLUNK_HOME - home directory where Splunk gets installed (default: /opt/splunk) + * SPLUNK_START_ARGS - arguments to pass into the Splunk start command; you must include '--accept-license' to start Splunk (default: none) + * SPLUNK_PASSWORD - password to log into this Splunk instance, you must include a password (default: none) + * SPLUNK_ROLE - the role of this Splunk instance (default: splunk_standalone) + Acceptable values: + - splunk_standalone + - splunk_search_head + - splunk_indexer + - splunk_deployer + - splunk_license_master + - splunk_cluster_master + - splunk_heavy_forwarder + * SPLUNK_LICENSE_URI - URI or local file path (absolute path in the container) to a Splunk license + * SPLUNK_STANDALONE_URL, SPLUNK_INDEXER_URL, ... - comma-separated list of resolvable aliases to properly bring-up a distributed environment. + This is optional for standalones, but required for multi-node Splunk deployments. + * SPLUNK_BUILD_URL - URL to a Splunk build which will be installed (instead of the image's default build) + * SPLUNK_APPS_URL - comma-separated list of URLs to Splunk apps which will be downloaded and installed + +Examples: + * docker run -it -e SPLUNK_PASSWORD=helloworld -p 8000:8000 splunk/splunk start + * docker run -it -e SPLUNK_START_ARGS=--accept-license -e SPLUNK_PASSWORD=helloworld -p 8000:8000 -p 8089:8089 splunk/splunk start + * docker run -it -e SPLUNK_START_ARGS=--accept-license -e SPLUNK_LICENSE_URI=http://example.com/splunk.lic -e SPLUNK_PASSWORD=helloworld -p 8000:8000 splunk/splunk start + * docker run -it -e SPLUNK_START_ARGS=--accept-license -e SPLUNK_INDEXER_URL=idx1,idx2 -e SPLUNK_SEARCH_HEAD_URL=sh1,sh2 -e SPLUNK_ROLE=splunk_search_head --hostname sh1 --network splunknet --network-alias sh1 -e SPLUNK_PASSWORD=helloworld -e SPLUNK_LICENSE_URI=http://example.com/splunk.lic splunk/splunk start + +EOF + exit 1 +} + +case "$1" in + start|start-service) + shift + start $@ + ;; + start-and-exit) + shift + start_and_exit $@ + ;; + configure-multisite) + shift + configure_multisite $0 + ;; + create-defaults) + create_defaults + ;; + restart) + shift + restart $@ + ;; + no-provision) + user_permission_change + tail -n 0 -f /etc/hosts & + wait + ;; + bash|splunk-bash) + /bin/bash --init-file ${SPLUNK_HOME}/bin/setSplunkEnv + ;; + help) + shift + help $@ + ;; + *) + shift + help $@ + ;; +esac + + diff --git a/scripts/install.sh b/scripts/install.sh new file mode 100755 index 0000000000000000000000000000000000000000..0c5e76963b68bb2a89b217849d788e8705aac93a --- /dev/null +++ b/scripts/install.sh @@ -0,0 +1,72 @@ +#!/bin/bash +# Copyright 2021 Splunk +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -e + +# reinstalling local en def for now, removed in minimal image https://bugzilla.redhat.com/show_bug.cgi?id=1665251 +microdnf -y --nodocs install glibc-langpack-en + +#Currently there is no access to the UTF-8 char map, the following command is commented out until +#the base container can generate the locale +#localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 + +#We get around the gen above by forcing the language install, and then point to it. +export LANG=en_US.utf8 + +#update all packages to reduce vulnerabilites +microdnf -y --nodocs install sudo shadow-utils procps tar tzdata make gcc \ + openssl-devel bzip2-devel libffi-devel findutils + +microdnf -y --nodocs update gnutls kernel-headers librepo libnghttp2 tzdata nettle +#to account for not using BusyBox +microdnf -y --nodocs install iputils hostname psmisc net-tools bind-utils ncurses findutils + +#Install Python and necessary packages +PY_SHORT=${PYTHON_VERSION%.*} +mkdir -p /tmp/pyinstall +tar -xzC /tmp/pyinstall/ --strip-components=1 -f /tmp/python.tgz +rm /tmp/python.tgz +cd /tmp/pyinstall +./configure --enable-optimizations --prefix=/usr --with-ensurepip=install +make altinstall LDFLAGS="-Wl,--strip-all" +rm -rf /tmp/pyinstall +ln -sf /usr/bin/python${PY_SHORT} /usr/bin/python +ln -sf /usr/bin/pip${PY_SHORT} /usr/bin/pip +# Install splunk-ansible dependencies +cd / +pip --no-cache-dir install --no-deps --no-index cffi-1.14.5.tar.gz six-1.16.0.tar.gz wheel-0.36.2.tar.gz \ + requests-2.25.1.tar.gz cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl \ + jmespath-0.10.0.tar.gz Jinja2-3.0.0.tar.gz MarkupSafe-2.0.1.tar.gz PyYAML-5.4.1-cp37-cp37m-manylinux1_x86_64.whl \ + pycparser-2.20.tar.gz urllib3-1.26.4.tar.gz chardet-4.0.0.tar.gz certifi-2020.12.5.tar.gz \ + idna-3.1.tar.gz pyparsing-2.4.7.tar.gz packaging-20.9-py2.py3-none-any.whl resolvelib-0.5.4-py2.py3-none-any.whl ansible-core-2.11.1.tar.gz \ + ansible-4.0.0.tar.gz --upgrade +# Remove tests packaged in python libs +find /usr/lib/ -depth \( -type d -a -not -wholename '*/ansible/plugins/test' -a \( -name test -o -name tests -o -name idle_test \) \) -exec rm -rf '{}' \; +find /usr/lib/ -depth \( -type f -a -name '*.pyc' -o -name '*.pyo' -o -name '*.a' \) -exec rm -rf '{}' \; +find /usr/lib/ -depth \( -type f -a -name 'wininst-*.exe' \) -exec rm -rf '{}' \; +ldconfig + +microdnf remove -y make gcc openssl-devel bzip2-devel libffi-devel findutils cpp binutils \ + glibc-devel keyutils-libs-devel krb5-devel libcom_err-devel libselinux-devel \ + libsepol-devel libverto-devel libxcrypt-devel pcre2-devel zlib-devel +microdnf clean all + +cd /bin +chmod u+s /usr/sbin/ping +groupadd sudo + +#Clean +microdnf clean all +rm -rf /install.sh /anaconda-post.log /var/log/anaconda/* diff --git a/scripts/make-minimal-exclude.py b/scripts/make-minimal-exclude.py new file mode 100755 index 0000000000000000000000000000000000000000..368767641c4786aafbc667bc1301ef381e48154f --- /dev/null +++ b/scripts/make-minimal-exclude.py @@ -0,0 +1,47 @@ +#!/usr/bin/python + +import re, sys + +EXCLUDE_V7 = """*-manifest +*/bin/installit.py +*/bin/jars/* +*/bin/jsmin* +*/bin/*mongo* +*/3rdparty/Copyright-for-mongo* +*/bin/node* +*/bin/pcregextest* +*/etc/*.lic* +*/etc/anonymizer* +*/etc/apps/SplunkForwarder* +*/etc/apps/SplunkLightForwarder* +*/etc/apps/launcher* +*/etc/apps/legacy* +*/etc/apps/sample_app* +*/etc/apps/appsbrowser* +*/etc/apps/alert_webhook* +*/etc/apps/splunk_archiver* +*/etc/apps/splunk_monitoring_console* +*/lib/node_modules* +*/share/splunk/app_templates* +*/share/splunk/authScriptSamples* +*/share/splunk/diag +*/share/splunk/mbtiles* +*/share/splunk/migration* +*/share/splunk/pdf* +*mrsparkle*""" + +m = re.match(".*splunk-([0-9]+)\.([0-9]+)\.[0-9]+\.?[0-9]?-[0-9a-z]+-Linux-[0-9a-z_-]+.tgz", sys.argv[1]) + +if m and m.group(1): + print(EXCLUDE_V7) + if int(m.group(1)) == 7: + print("*/bin/parsetest*") + if int(m.group(2)) < 3: + print("*/etc/apps/framework*") + print("*/etc/apps/gettingstarted*") + else: + print("*/etc/apps/splunk_metrics_workspace*") + elif int(m.group(1)) > 7: + print("*/etc/apps/splunk_metrics_workspace*") + if int(m.group(2)) < 1: + print("*/bin/parsetest*") diff --git a/scripts/updateetc.sh b/scripts/updateetc.sh new file mode 100755 index 0000000000000000000000000000000000000000..5af27a648aeee6ff774cbb31ff60244a5bcf9291 --- /dev/null +++ b/scripts/updateetc.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +# Copyright 2018-2020 Splunk + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +SPLUNK_ETC_BAK="${SPLUNK_ETC_BAK:-/opt/splunk-etc}" + +if [[ -f "${SPLUNK_ETC_BAK}/splunk.version" ]]; then + IMAGE_VERSION_SHA=`cat ${SPLUNK_ETC_BAK}/splunk.version | sha512sum` + + if [[ -f "${SPLUNK_HOME}/etc/splunk.version" ]]; then + ETC_VERSION_SHA=`cat ${SPLUNK_HOME}/etc/splunk.version | sha512sum` + fi + + if [[ "x${IMAGE_VERSION_SHA}" != "x${ETC_VERSION_SHA}" ]]; then + echo Updating ${SPLUNK_HOME}/etc + (cd ${SPLUNK_ETC_BAK}; tar cf - *) | (cd ${SPLUNK_HOME}/etc; tar xf -) + fi +fi