UNCLASSIFIED

Skip to content

GitLab

Commit 6f70ef7b authored by Jeffrey Weatherford's avatar Jeffrey Weatherford
Browse files

Merge branch 'splunk-8-2' into 'development' 

Splunk 8 2

See merge request !16
parents 14620d7b c26e186f
Pipeline #339489 passed with stages
in 46 minutes and 22 seconds
Hide whitespace changes
Inline Side-by-side
Showing with 2067 additions and 2 deletions
Dockerfile 0 → 100644
View file @ 6f70ef7b
# Copyright 2021 Splunk
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#base setup
ARG BASE_REGISTRY=registry1.dso.mil
ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8-minimal
ARG BASE_TAG=8.4
FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as base
#FROM registry.access.redhat.com/ubi8/ubi-minimal:8.3-291 as base
#remove if there is no need to have scloud in this build
ARG SCLOUD_URL
ENV SCLOUD_URL=https://github.com/splunk/splunk-cloud-sdk-go/releases/download/v1.7.0/scloud_v4.0.0_linux_amd64.tar.gz
ENV PYTHON_VERSION=3.7.10 \
PYTHON_GPG_KEY_ID=0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D
COPY scripts/install.sh /install.sh
RUN mkdir /licenses
COPY apache-2.0.txt /licenses/apache-2.0.txt
COPY EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf /licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf
COPY requests-2.25.1.tar.gz requests-2.25.1.tar.gz
COPY Jinja2-3.0.0.tar.gz Jinja2-3.0.0.tar.gz
COPY urllib3-1.26.5.tar.gz urllib3-1.26.5.tar.gz
COPY chardet-4.0.0.tar.gz chardet-4.0.0.tar.gz
COPY certifi-2020.12.5.tar.gz certifi-2020.12.5.tar.gz
COPY idna-3.1.tar.gz idna-3.1.tar.gz
COPY cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl
COPY MarkupSafe-2.0.1.tar.gz MarkupSafe-2.0.1.tar.gz
COPY six-1.16.0.tar.gz six-1.16.0.tar.gz
COPY cffi-1.14.5.tar.gz cffi-1.14.5.tar.gz
COPY pycparser-2.20.tar.gz pycparser-2.20.tar.gz
COPY Python-3.7.10.tgz /tmp/python.tgz
COPY wheel-0.36.2.tar.gz wheel-0.36.2.tar.gz
COPY jmespath-0.10.0.tar.gz jmespath-0.10.0.tar.gz
COPY PyYAML-5.4.1-cp37-cp37m-manylinux1_x86_64.whl PyYAML-5.4.1-cp37-cp37m-manylinux1_x86_64.whl
COPY ansible-4.0.0.tar.gz ansible-4.0.0.tar.gz
COPY ansible-core-2.11.1.tar.gz ansible-core-2.11.1.tar.gz
COPY packaging-20.9-py2.py3-none-any.whl packaging-20.9-py2.py3-none-any.whl
COPY resolvelib-0.5.4-py2.py3-none-any.whl resolvelib-0.5.4-py2.py3-none-any.whl
COPY pyparsing-2.4.7.tar.gz pyparsing-2.4.7.tar.gz
RUN /install.sh && rm -rf /install.sh
#Install scloud
COPY scloud_v7.1.0_linux_amd64.tar.gz /usr/bin/scloud.tar.gz
RUN tar -zxf /usr/bin/scloud.tar.gz -C /usr/bin/ && rm /usr/bin/scloud.tar.gz
#end base setup
ARG SPLUNK_PRODUCT=splunk
ARG SPLUNK_VERSION=8.2.0
ARG SPLUNK_BUILD=e053ef3c985f
ARG SPLUNK_ARCH=x86_64
ARG SPLUNK_LINUX_FILENAME=splunk-${SPLUNK_VERSION}-${SPLUNK_BUILD}-Linux-${SPLUNK_ARCH}.tgz
# Get and unpack Splunk Enterprise
#
FROM base as package
COPY scripts/make-minimal-exclude.py /tmp
ENV SPLUNK_BUILD_URL=https://download.splunk.com/products/${SPLUNK_PRODUCT}/releases/${SPLUNK_VERSION}/linux/${SPLUNK_LINUX_FILENAME}
RUN python /tmp/make-minimal-exclude.py $SPLUNK_BUILD_URL > /tmp/splunk-minimal-exclude.list
COPY splunk-8.2.0-e053ef3c985f-Linux-x86_64.tgz /tmp/splunk.tgz
RUN mkdir -p /minimal/splunk/var /extras/splunk/var
RUN tar -C /minimal/splunk --strip 1 --exclude-from=/tmp/splunk-minimal-exclude.list -zxf /tmp/splunk.tgz
RUN tar -C /extras/splunk --strip 1 --wildcards --files-from=/tmp/splunk-minimal-exclude.list -zxf /tmp/splunk.tgz
RUN mv /minimal/splunk/etc /minimal/splunk-etc
RUN mv /extras/splunk/etc /extras/splunk-etc
RUN mkdir -p /minimal/splunk/etc /minimal/splunk/share/splunk/search_mrsparkle/modules.new
COPY splunk-ansible.tar.gz splunk-ansible.tar.gz
RUN tar -zxf splunk-ansible.tar.gz && mv splunk-ansible-8.2.0 splunk-ansible-develop && rm splunk-ansible.tar.gz
#
# Minimal Splunk base image with many files excluded, intended for internal and experimental use
#
FROM base as minimal
ENV SPLUNK_HOME=/opt/splunk \
SPLUNK_GROUP=splunk \
SPLUNK_USER=splunk
ENV TMPSPLUNKDIR=${SPLUNK_HOME}/tmp
ENV TMPETCDIR=${TMPSPLUNKDIR}/etc
# Currently kubernetes only accepts UID and not USER field to
# start a container as a particular user. So we create Splunk
# user with pre-determined UID.
ARG UID=41812
ARG GID=41812
# Simple script used to populate/upgrade splunk/etc directory
COPY scripts/updateetc.sh /sbin/updateetc.sh
# Setup users and groups
RUN groupadd -r -g ${GID} ${SPLUNK_GROUP} \
&& useradd -r -m -u ${UID} -g ${GID} ${SPLUNK_USER} \
&& chmod 755 /sbin/updateetc.sh
COPY --from=package --chown=splunk:splunk /minimal /opt
USER ${SPLUNK_USER}
WORKDIR ${SPLUNK_HOME}
EXPOSE 8000/tcp 8089/tcp
#
# Bare Splunk Enterprise Image without Ansible (BYO entrypoint)
#
FROM minimal as bare
COPY --from=package --chown=splunk:splunk /extras /opt
#remove unneeded packages that were vulnerable
RUN rm -fdr /opt/splunk/etc/apps/splunk_archiver /opt/splunk/bin/jars/thirdparty/hive /opt/splunk/bin/jars/thirdparty/hive_2_2 /opt/splunk/bin/jars/thirdparty/hive_3_1 /opt/splunk/bin/jars/vendors/spark /opt/splunk/bin/jars/thirdparty/common/commons-io-2.4.jar /opt/splunk/bin/jars/thirdparty/aws/commons-codec-1.7.jar /opt/splunk/bin/jars/vendors/libs/json-smart-2.3.jar /opt/splunk/bin/jars/thirdparty/hive_1_2
COPY scripts/delete_jquery.py /delete_jquery.py
RUN python /delete_jquery.py
EXPOSE 8000 8065 8088 8089 8191 9887 9997
VOLUME [ "/opt/splunk/etc", "/opt/splunk/var" ]
#
# Full Splunk Enterprise Image with Ansible
#
FROM bare
ARG SPLUNK_DEFAULTS_URL
ENV SPLUNK_ROLE=splunk_standalone \
SPLUNK_DEFAULTS_URL=${SPLUNK_DEFAULTS_URL} \
SPLUNK_ANSIBLE_HOME=/opt/ansible \
ANSIBLE_USER=ansible \
ANSIBLE_GROUP=ansible \
CONTAINER_ARTIFACT_DIR=/opt/container_artifact
USER root
COPY [ "scripts/entrypoint.sh", "scripts/createdefaults.py", "scripts/checkstate.sh", "/sbin/" ]
COPY --from=package /splunk-ansible-develop ./splunk-ansible-develop
# Set sudo rights
RUN echo 'Create the ansible user/group' \
&& groupadd -r ${ANSIBLE_GROUP} \
&& useradd -r -m -g ${ANSIBLE_GROUP} ${ANSIBLE_USER} \
&& usermod -aG sudo ${ANSIBLE_USER} \
&& usermod -aG ${ANSIBLE_GROUP} ${SPLUNK_USER} \
&& echo 'Container Artifact Directory is a place for all artifacts and logs that are generated by the provisioning process. The directory is owned by the user "ansible".' \
&& mkdir ${CONTAINER_ARTIFACT_DIR} \
&& chown -R ${ANSIBLE_USER}:${ANSIBLE_GROUP} ${CONTAINER_ARTIFACT_DIR} \
&& chmod -R 775 ${CONTAINER_ARTIFACT_DIR} \
&& mv splunk-ansible-develop ${SPLUNK_ANSIBLE_HOME} \
&& chmod -R 555 ${SPLUNK_ANSIBLE_HOME} \
&& chgrp ${ANSIBLE_GROUP} ${SPLUNK_ANSIBLE_HOME} ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \
&& chmod 775 ${SPLUNK_ANSIBLE_HOME} \
&& chmod 664 ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \
&& chmod 755 /sbin/entrypoint.sh /sbin/createdefaults.py /sbin/checkstate.sh
USER ${SPLUNK_USER}
HEALTHCHECK --interval=30s --timeout=30s --start-period=3m --retries=5 CMD /sbin/checkstate.sh || exit 1
ENTRYPOINT [ "/sbin/entrypoint.sh" ]
CMD [ "start-service" ]
LICENSE 0 → 100644
View file @ 6f70ef7b
###############################################################################
################### Purchase License ##################
###############################################################################
For information on how to license this software, please email the following
address with your contact information:
jconnelly@splunk.com
Upon receipt you should be contacted within 24 business hours.
###############################################################################
################### EULA #####################
###############################################################################
SPLUNK SOFTWARE LICENSE AGREEMENT
This Splunk Software License Agreement ("Agreement") governs your use of
Splunk software. By downloading and using Splunk software: (a) you are
indicating that you have read and understand this Agreement, and agree to be
legally bound by it on your behalf or on behalf of the entity for which you
are acting; and (b) you represent and warrant that you have the authority to
act on behalf of and bind this entity (if any). You, and the entity for which
you work (if any), acknowledge that by submitting an order for the Splunk
software, you and this entity (if any) have agreed to be bound by this
agreement.
As used in this Agreement, "Splunk," refers to Splunk Inc., a Delaware
corporation, with its principal place of business at 270 Brannan Street, San
Francisco, California 94107, U.S.A.; and "Customer" refers to the company,
government, or other entity on whose behalf you have entered into this
Agreement or, if there is no such entity, you as an individual.
1. DEFINITIONS. Capitalized terms used but not otherwise defined in this
Agreement are defined in Exhibit A.
2. LICENSE TERMS.
2.1 License Grant. Subject to Customer's compliance with this Agreement,
including Customer's timely payment of all applicable fees, Splunk grants
to Customer a nonexclusive, worldwide, nontransferable, nonsublicensable
license during the Applicable Term to:
2.1.1 use the Purchased Software within the Licensed Capacity solely for
Customer's Internal Business Purposes;
2.1.2 use the Evaluation Software (if any) within the Licensed Capacity
solely to evaluate whether Customer wishes to purchase a commercial
license for the Software;
2.1.3 use the Test and Development Software (if any) within the Licensed
Capacity on a non-production system for non-production uses, including
product migration testing or pre-production staging, or testing new data
sources, types, or use cases. The Test and Development Software may not be
used for any revenue generation, commercial activity, or other productive
business or purpose;
2.1.4 use the Free Software within the Licensed Capacity solely for Customer's
Internal Business Purposes;
2.1.5 use subscribed content from a Content Subscription solely in connection
with the designated Purchased Software and solely for Customer's Internal
Business Purposes. The term for this license will be for the subscription
period included in the Order. This content will be treated as Purchased
Software under this Agreement except that the warranty in section 10 will not
apply;
2.1.6 use Splunk Extensions solely in connection with applicable Software that
Customer has licensed from Splunk, subject to the same limitations and
restrictions (including with respect to Term and Licensed Capacity) that apply
to this Software. Notwithstanding the foregoing, if any Splunk Extension is
provided to Customer under a separate license agreement that grants Customer
broader rights with respect to the Splunk Extension, then that separate
license agreement, and not this Agreement, will govern Customer's use of the
Splunk Extension (but, for clarity, this Agreement will apply to all other
Splunk Extensions); and
2.1.7 (a) to copy, modify and use the Splunk Developer Tools solely to develop
Extensions for use with the designated Software or Splunk Extensions
("Customer Extensions"), and (b) to distribute the Customer Extensions
exclusively for use with the designated Software or Splunk Extension. The
foregoing license is subject to the following conditions: (y) Customer may not
remove or alter any Splunk proprietary legends or notices; and (z) Customer
may not make any statement that Customer Extensions are certified, or that
their performance is guaranteed by Splunk. Customer retains title to Customer
Extensions, subject to Splunk's ownership stated in section 5. Customer may
license its end users of Customer Extensions to modify or distribute the
Customer Extensions only with the designated Software or Splunk Extension and
only if the license flows down the conditions in (y) and (z). Customer agrees
to assume full responsibility for the performance and distribution of Customer
Extensions.
2.2 Open Source Software. Certain Software may contain Open Source
Software identified in the end user documentation. Open Source Software
that is delivered as part of Purchased Software, which may not be removed
or used separately from the Purchased Software is covered by the warranty,
support and indemnification provisions applicable to Purchased Software.
Customer acknowledges that specific terms required by Open Source Software
licensors may apply its use. These terms will be included in the
documentation; however, these terms will not: (a) impose any additional
restrictions on Customer's use of the Software, or (b) negate or amend
Splunk's responsibilities with respect to Purchased Software.
2.3 License Restrictions. Unless otherwise expressly permitted by
Splunk, Customer will not and has no rights to: (a) copy any Splunk
Materials (except as required to run the Software and for reasonable
backup purposes); (b) modify, adapt, or create derivative works of any
Splunk Materials; (c) rent, lease, loan, resell, transfer, sublicense,
distribute, disclose or otherwise provide any Splunk Materials
(including Splunk license keys) to any third party; (d) decompile,
disassemble or reverse-engineer any Splunk Materials, or determine or
attempt to determine any source code, algorithms, methods or
techniques embodied in any Splunk Materials, except to the extent
expressly permitted by applicable law notwithstanding a contractual
prohibition to the contrary; (e) access or use any Disabled Materials;
(f) provide to any third party the results of any benchmark tests or
other evaluation of any Splunk Materials without Splunk's prior
written consent; (g) attempt to disable or circumvent any license key
or other technological mechanisms intended to prevent, limit, or
control use or copying of, or access to, any Splunk Materials or
Disabled Materials; (h) remove or obscure any copyright, trademark,
patent, or other proprietary notices, legends or symbols from any
Splunk Materials; (i) exceed the Licensed Capacity or violate other
license limitations identified in Exhibit B or elsewhere in this
Agreement; (j) separately use any of the applicable features and
functionalities of the Splunk Materials with external applications or
code not furnished by Splunk or any data not processed by the
Software, except as otherwise specifically permitted in the user
documentation; (k) misuse the Software or use the Software for any
illegal, harmful, fraudulent, or offensive purposes; (l) otherwise
access or use any Splunk Materials except as expressly authorized in
this Agreement; or (m) encourage or assist any third party to do any
of the foregoing. The Software may be configured to display warnings,
reduce available functionality, or cease functioning if unauthorized
or improper use is detected, including if the Term expires or the
Licensed Capacity is reached or exceeded.
2.4 Limitations. Notwithstanding anything to the contrary in this
Agreement, Splunk does not provide maintenance and support,
warranties, or indemnification for Evaluation Software, Test and
Development Software, or Free Software.
3. SERVICE PROVIDERS. Customer may permit its Service Providers to use
the Software solely on Customer's behalf in connection with providing
services to Customer, subject to the terms and conditions of this
Agreement. Customer will be jointly and severally liable for any
Service Provider's actions relating to or use of the Software. For
avoidance of doubt, the aggregate use by Customer and all of its
Service Providers must not exceed the Licensed Capacity and nothing in
this section 3 is intended to or will be deemed to increase any
Licensed Capacity.
4. OWNERSHIP. Splunk, its suppliers or licensors own all worldwide
right, title and interest in the Splunk Materials, including all
related Intellectual Property Rights. Except for the licenses
expressly granted to Customer in section 2, Customer will not acquire
or claim any right, title or interest in any Splunk Materials or
related Intellectual Property Rights, whether by implication,
operation of law or otherwise. Notwithstanding anything to the
contrary, the Software is licensed, not sold, to Customer. To the
extent that Customer provides any Feedback, Customer grants to Splunk
a perpetual, irrevocable, worldwide, nonexclusive, transferable,
sublicensable, royalty-free, fully paid-up right and license to use
and commercially exploit the Feedback in any manner Splunk deems fit.
5. LICENSE AND SUBSCRIPTION FEES. Customer will pay all License Fees and
Content Subscription fees listed in the Order (collectively the " Fees")
no later than 30 days after the date of Splunk's applicable invoice.
Without limitation of Splunk's other termination rights, Splunk may
terminate this Agreement and all licenses granted under this Agreement by
notice to Customer if Customer fails to pay the Fees when due. All Fees
are non-refundable once paid. Any fees and payment terms for Splunk
Extensions not included in the Order will be listed on the download page
for Splunk Extensions.
6. MAINTENANCE AND SUPPORT. Splunk will provide the level of maintenance and
support included in the Order (the "Support Services") in accordance with the
terms and conditions in Exhibit C.
7. CONFIGURATION SERVICES. Subject to Customer's payment of applicable fees,
Splunk will provide the deployment, usage assistance, configuration, and
training services (if any) listed in the Order (the "Professional Services")
in accordance with Splunk's standard professional services terms and
conditions provided at
https://www.splunk.com/en_us/legal/professional-services-agreement.html. These
terms are incorporated by reference and made a part of this Agreement.
8. SOFTWARE VERIFICATION AND AUDIT. At Splunk's request, Customer will furnish
Splunk with a certification signed by Customer's authorized representative
verifying that the Software is being used in accordance with this Agreement
and the applicable Order. If the Order includes an offering that requires
usage reporting, Customer agrees to provide this reporting pursuant to the
requirements identified by Splunk. Upon at least 10 business days' prior
written notice to Customer, and not more than once in a 12-month period,
unless a material violation occurred in this period, Splunk may audit
Customer's (and its Service Providers') use of the Software to ensure
compliance with this Agreement and the applicable Order. Any audit will be
conducted during regular business hours at Customer's (and/or its Service
Providers') facilities, will not unreasonably interfere with Customer's (or
its Service Providers') business and will comply with Customer's (or its
Service Providers') reasonable security procedures. Customer will (and will
ensure that its Service Providers) provide Splunk with reasonable access to
all relevant records and facilities reasonably necessary to conduct the audit.
If an audit reveals that Customer (and/or any Service Provider) has exceeded
the Licensed Capacity or the scope of Customer's license grant during the
period audited, then Splunk will invoice Customer, and Customer will promptly
pay Splunk, any underpaid Fees based on Splunk's price list in effect at the
time the audit is completed. If the excess usage exceeds 10% of the Licensed
Capacity, Customer will also pay Splunk's reasonable costs of conducting the
audit. This section 8 will survive expiration or termination of this Agreement
for a period of 1 year.
9. WARRANTY. Splunk warrants that for a period of 30 days from the Delivery of
Purchased Software, the Purchased Software will substantially perform the
material functions described in Splunk's user documentation, when used in
accordance with the user documentation. The sole liability of Splunk (and its
Affiliates and suppliers/licensors), and Customer's exclusive remedy, for any
failure of the Purchased Software to conform to this warranty, is for Splunk
to do one of the following, at Splunk's sole option and discretion: (a)
modify, or provide an Enhancement for, the Purchased Software so that it
conforms to the foregoing warranty, (b) replace Customer's copy of the
Purchased Software with a copy that conforms to the foregoing warranty, or (c)
terminate the license with respect to the non-conforming Purchased Software
and refund the License Fees paid by Customer for the non-conforming Purchased
Software. All warranty claims must be made in writing by Customer to Splunk
on or before the expiration of the warranty period. Splunk further warrants
that (y) it has the full authority to enter into this Agreement, and (z) at
the time of Delivery, there is no Virus in the Purchased Software. If it is
determined by Splunk that the Purchased Software contains a Virus, Splunk will
assist Customer in repairing or replacing the nonconforming Purchased Software
as Splunk's (and its Affiliates' and suppliers'/licensors') sole liability and
Customer's exclusive remedy for any failure of the Purchased Software to
conform to this warranty. For the sake of clarity, features and functionality
in the Purchased Software that ensure compliance with section 2 of this
Agreement shall not be considered a Virus.
10. WARRANTY DISCLAIMER. Except as expressly stated in section 9, the Splunk
Materials, Open Source Software, Third Party Content, Support Services, and
professional Services are provided "AS IS" with no warranties, express or
implied. To the full extent permitted by law, Splunk and its suppliers and
licensors disclaim all warranties other than as expressly stated in section 9,
including any implied warranties of merchantability, satisfactory quality,
fitness for a particular purpose, noninfringement, or warranties arising out
of course of dealing or trade usage. Splunk does not warrant that use of the
Software or Splunk Materials will be uninterrupted, error free, secure, or
that all defects will be corrected.
11. LIMITATION OF LIABILITY. Except for breach of section 2, a party's
indemnification obligations, or either party's gross negligence or willful
misconduct, a party and a Party's Entities will not be liable for any special,
indirect, incidental, consequential, or punitive damages related to this
Agreement, including any damages (a) arising from loss of use, loss of data,
lost profits, lost revenue, business interruption, or cost of procuring
substitute software or services; and (b) based on any theory of liability,
including contract, indemnification, warranty, tort (including negligence), or
strict liability. A party's and a Party's Entities' total cumulative liability
related to this Agreement will not exceed the amounts paid by Customer to
Splunk for the Purchased Software in the 12 months prior to the event giving
rise to this liability, even if the party or the Party's Entities have been
advised of the possibility of loss or damage. Customer, not Splunk, is solely
responsible for the accuracy, quality, and security of Customer's data and for
maintaining a backup of all data and for ensuring the security and integrity
of Customer's (and its Service Provider's) data, computers, networks, and
systems (including protecting them against viruses and malware).
12. INDEMNITY. Splunk will defend and indemnify Customer against any claim,
demand, suit or proceeding brought against Customer by a third party alleging
that Purchased Software infringes or misappropriates this third party's
Intellectual Property Rights ("Claim"). Splunk will pay all damages finally
awarded against Customer by a court of competent jurisdiction as a result of
the Claim, subject to the terms of this Agreement. Notwithstanding the
foregoing, Splunk has no obligation to indemnify Customer with respect to: (a)
use of the Purchased Software in a manner that is not permitted under this
Agreement or that is inconsistent with Splunk's applicable user documentation;
(b) modifications to the Splunk Materials made by anyone other than Splunk;
(c) the combination of Software with hardware or software not made by Splunk,
or with third-party services, processes or materials where the infringement or
misappropriation would not occur but for this combination; (d) Customer's
continued use of the Purchased Software or other allegedly infringing activity
after receiving notice of the alleged infringement; or (e) any version of the
Purchased Software that is no longer supported by Splunk ((a) through (e),
collectively, "Excluded Matters"). If a Claim is made or appears likely to be
made, Splunk may, at its option and expense, modify the affected Purchased
Software so that it is non-infringing, or replace it with substantially
functionally equivalent software. If Splunk determines that neither is
reasonably feasible, Splunk may terminate Customer's applicable license and
refund Customer a pro rata refund of the Fees previously paid by Customer. The
obligations in this section constitute Customer's sole and exclusive remedy,
and Splunk's entire liability, with respect to any Claims. Customer will
defend and indemnify Splunk against any claim brought against Splunk by a
third party arising out of or relating to any Excluded Matter or any Customer
Extension, and Customer will pay all damages finally awarded against Splunk by
a court of competent jurisdiction as a result of this claim. Each party's
defense and indemnity obligations in this section 12 are conditioned upon the
party seeking indemnification (x) providing prompt written notice to the other
party of the applicable claim; (y) providing reasonable cooperation and
assistance in the defense and negotiations; and (z) giving the indemnifying
party sole control of the defense and settlement of the applicable claim,
except that: (i) the indemnified party may participate in the defense with
counsel of its choice at its own expense, and (ii) the indemnifying party will
not agree to any settlement that imposes a material obligation on the
indemnified party without the indemnified party's prior written consent (not
to be unreasonably withheld or delayed).
13. CONFIDENTIAL INFORMATION.
13.1 Confidential Information. "Confidential Information" means any
technical or business information, ideas, materials, know-how or other
subject matter that is disclosed by one party (the "Discloser") to the
other party (the "Recipient") that: (a) if disclosed in writing, is marked
"confidential" or "proprietary" at the time of disclosure; (b) if
disclosed orally, is identified as "confidential" or "proprietary" at the
time of disclosure, and is summarized in a writing sent by the Discloser
to the Recipient within 30 days after this disclosure; or (c) under the
circumstances, a person exercising reasonable business judgment would
understand to be confidential or proprietary.
13.2 Use and Disclosure Restrictions. The Recipient agrees: (a) to
maintain Confidential Information in strict confidence; (b) not to
disclose Confidential Information to any third parties; and (c) to
use Confidential Information only to exercise its rights or perform
its obligations under this Agreement. Recipient will treat
Confidential Information with the same degree of care as it accords to
its own confidential information, but in no event with less than
reasonable care. Recipient may disclose the Confidential Information
to its directors, officers, employees, and subcontractors
(collectively, "Representatives"), who have a bona fide need to know
this Confidential Information and who are bound by terms at least as
protective as the terms in this section 13. Recipient's obligations
under this section 13 will continue in effect for a period of three
years from the date of last disclosure.
13.3 Exclusions. The obligations of Recipient under section 13.2 will
not apply to any Confidential Information that: (a) is or becomes
generally known or available to the public, through no act or omission
on the part of Recipient (or any of its Representatives, Affiliates,
or agents) or any third party subject to any use or disclosure
restrictions with respect to this Confidential Information; (b) was
known by or lawfully in the possession of Recipient, prior to its
receipt, without restriction as to use or disclosure; (c) is
rightfully acquired by Recipient from a third party who has the right
to disclose it and who provides it without restriction as to use or
disclosure; or (d) is independently developed by Recipient without
access, use, or reference to any Confidential Information.
13.4 Required Disclosures. The provisions of section 13.2 will not
restrict Recipient from disclosing Confidential Information to the
extent required by any law enforcement agencies or regulators or
compelled by a court or administrative agency of competent
jurisdiction. To the extent permissible under law, Recipient will use
reasonable efforts to give Discloser sufficient advance notice of any
required disclosure to enable Discloser to prevent or limit
disclosure.
13.5 Return or Destruction of Confidential Information. Upon
termination of this Agreement or of support and maintenance, Recipient
will, at Discloser's option, promptly return or destroy all tangible
items and embodiments containing or consisting of Confidential
Information and provide written certification of this destruction or
return by an authorized person.
13.6 Injunctive Relief. Recipient agrees that, due to the unique
nature of the Confidential Information, the unauthorized disclosure or
use of the Confidential Information will cause irreparable harm and
significant injury to Discloser, the extent of which will be difficult
to ascertain and for which there will be no adequate remedy at law.
Accordingly, Recipient agrees that Discloser, in addition to any other
available remedies, will have the right to an immediate injunction and
other equitable relief enjoining any breach or threatened breach of
this section 13, without the necessity of posting any bond or other
security. Recipient will notify Discloser in writing immediately upon
Recipient's becoming aware of any breach or threatened breach.
14. TERM. This Agreement will commence upon Splunk's first Delivery of
the Software and will remain in effect until the expiration of the
applicable Software license term, unless earlier terminated pursuant
to section 15 (the "Term"). For the avoidance of doubt, termination of
a license term shall not affect the term of any other licenses
applicable to other Splunk products and services that Customer has
purchased. Further, termination of a Content Subscription shall not
affect the term of the base license applicable to the Software that
Customer has purchased.
14.1 Purchased Software, etc. Unless otherwise indicated in the Order,
the Term for Purchased Software, Free Software, Splunk Extensions and
Splunk Developer Tools will continue indefinitely, unless and until
terminated pursuant to section 15. If the Order indicates a Term of a
specific duration, the applicable licenses granted to Customer will
terminate automatically upon expiration of this Term. Upon expiration
of any Term, the applicable Software will stop working automatically.
14.2 Evaluation Software. The Term for Evaluation Software will be
specified in the Order or with the license key. If no term is specified,
the Term for Evaluation Software is 30 days from the date the license key
is delivered. Any license keys provided for Evaluation Software will
automatically expire and cause the Evaluation Software to become
non-operational at the end of the Term. If Customer wishes to use the
Evaluation Software after the Term expires, Customer must purchase a
license for the Software.
15. TERMINATION.
15.1 Termination Rights. Either party may terminate this Agreement by written
notice to the other party in the event of a material breach of this
Agreement that is not cured within 30 days of receipt of the notice. In
addition, Splunk may immediately terminate this Agreement (in whole or in
part) by written notice to Customer (a) if Customer materially breaches
section 2, or (b) as set forth in section 5. Splunk may also terminate
Customer's license to any Evaluation Software at any time with or without
cause by notice to Customer. If Customer is the Government, then termination
will be governed by 48 C.F.R. Section 52.212-4.
15.2 Effect of Termination. Upon any expiration or termination of this
Agreement, the rights and licenses granted to Customer will automatically
terminate, and Customer agrees to immediately (a) cease using the Splunk
Materials, (b) return or destroy all copies of the Splunk Materials and other
Splunk Confidential Information in Customer's possession or control, and (c)
certify in writing the completion of the return or destruction in accordance
with section 13.5. Upon termination of this Agreement, Splunk will have no
obligation to refund any Fees or other amounts received from Customer during
the Term. Unless otherwise provided in this Agreement, Customer shall be
required to pay all Fees due under an Order, even in the event of an early
termination. Section 1 (Definitions), section 4 (Ownership), section 8
(Software Verification and Audit), section 10 (Warranty Disclaimer), section
11 (Limitation of Liability), section 12 (Indemnity), section 13 (Confidential
Information), section 15 (Termination) and sections 16 (Export) through 22
(General) will survive any expiration or termination of this Agreement.
16. EXPORT. Customer will comply fully with all relevant export laws and
regulations of the United States and any other country ("Export Laws") where
Customer uses any of the Splunk Materials. Customer certifies that Customer is
not on any of the relevant U.S. government lists of prohibited persons,
including the Treasury Department's List of Specially Designated Nationals and
the Commerce Department's List of Denied Persons or Entity List. Customer
further certifies that Customer will not export, re-export, ship, transfer or
otherwise use the Splunk Materials in any country subject to an embargo or
other sanction by the United States, and that Customer will not use the Splunk
Materials for any purpose prohibited by the Export Laws, including, but not
limited to, nuclear, chemical, missile or biological weapons related end uses.
17. GOVERNMENT END USER RIGHTS. Customer acknowledges that all Splunk
Materials were developed entirely at private expense and that no part of the
Splunk Materials was first produced in the performance of a government
contract. Customer agrees that all Splunk Materials and their derivatives are
"Commercial Items" as defined in 48 C.F.R. Section 2.101, and if Customer is
the Government, then the use, duplication, reproduction, release,
modification, disclosure or transfer of this commercial product and data, is
restricted in accordance with 48 C.F.R. Section 12.211, 48 C.F.R. Section
12.212, 48 C.F.R. Section 227.7102-2, and 48 C.F.R. Section 227.7202, as
applicable. Consistent with 48 C.F.R. Section 12.211, 48 C.F.R. Section
12.212, 48 C.F.R. Section 227.7102-1 through 48 C.F.R. Section 227.7102-3, and
48 C.F.R. Sections 227.7202-1 through 227.7202-4, as applicable, the Splunk
Materials are licensed to Government end users (a) only as Commercial Items
and (b) with only those rights as are granted to all other users pursuant to
this Agreement and any related agreement(s), as applicable. Accordingly,
Customer will have no rights in the Splunk Materials except as expressly
agreed to in writing by Customer and Splunk.
18. PUBLICITY. Customer agrees that Splunk may publish a brief description of
Customer's deployment of the Software and identify Customer as a Splunk
customer on any of Splunk's websites, client lists, press releases, and other
marketing materials.
19. THIRD PARTY CONTENT DISCLAIMER. Certain Extensions and other materials or
services made available for download or access on Splunkbase are developed
and/or provided by third parties ("Third-Party Content"). Splunk makes
Third-Party Content available for download on Splunkbase as a convenience to
its customers. Splunk neither controls nor endorses, nor is Splunk responsible
for, any Third-Party Content, including the accuracy, integrity, quality,
legality, usefulness or safety of Third-Party Content. Certain Third-Party
Content may, among other things, be inaccurate, nonfunctional, infringing or
dangerous. Nothing in this Agreement or on Splunkbase will be deemed to be a
representation or warranty by Splunk with respect to any Third-Party Content,
even if a particular Extension or other item of Third-Party Content is
identified as "certified" or "validated" for use with Software. Splunk has no
obligation to monitor Third-Party Content, and Splunk may block or disable
access to any Third-Party Content at any time. Customer's use of Third-Party
Content is at Customer's own risk and may be subject to any additional terms,
conditions and policies applicable to the Third-Party Content (such as license
terms, terms of service, or privacy policies of the providers of the
Third-Party Content).
20. AUTHORIZED PARTNERS. If Customer acquired the Software through an
authorized reseller, partner or OEM of Splunk ("Authorized Partner") then,
notwithstanding anything to the contrary in this Agreement: (a) Customer's use
of the Software is subject to any additional terms in the agreement provided
by the Authorized Partner ("Partner Agreement"); (b) Customer agrees to pay
the Authorized Partner the Fees and other applicable fees, and Customer will
have no direct Fee payment obligations to Splunk for this Software; (c) the
Partner Agreement is between Customer and the Authorized Partner and is not
binding on Splunk; and (d) Splunk may terminate this Agreement (including
Customer's right to use the Software) if Splunk does not receive payment for
Customer's use of the Software from the Authorized Partner or if Customer
breaches any term of this Agreement. If the warranty and support terms in the
Partner Agreement are different from those in this Agreement, then those
different terms are solely between Customer and the Authorized Partner and
Splunk has no obligations to Customer with respect to the different terms.
Except as stated in the preceding sentence, if there is any conflict or
inconsistency between this Agreement and the Partner Agreement, this Agreement
will control as between Splunk and Customer.
21. CHOICE OF LAW AND DISPUTES. Unless Customer is the Government, this
Agreement will be governed by and construed in accordance with the laws of the
State of California, as if performed wholly within the state and without
giving effect to the conflicts of law principles of any jurisdiction or the
United Nations Convention on Contracts for the International Sale of Goods,
the application of which is expressly excluded. Any legal action or proceeding
arising under this Agreement will be brought exclusively in the federal or
state courts located in San Francisco, California, and the parties consent to
personal jurisdiction and this venue (except that Splunk may seek injunctive
relief to prevent improper or unauthorized use or disclosure of any Splunk
Materials in any court of competent jurisdiction). If Customer is the
Government, this Agreement will be governed by and interpreted in accordance
with the Contract Disputes Act of 1978, as amended (41 U.S.C. Sections
7101-7109). Failure of the parties to reach agreement on any request for
equitable adjustment, claim, appeal, or action arising under or relating to
this Agreement will be a dispute to be resolved in accordance with the clause
at 48 C.F.R Section 52.233-1, which is incorporated in this Agreement by
reference.
22. GENERAL.
22.1 Purchase Order. Customer's issuance of a purchase order constitutes
acceptance of this Agreement notwithstanding anything to the contrary in
the purchase order. Splunk expressly rejects any terms and conditions in
Customer's purchase order that differ from those in this Agreement. Any
different or additional terms and conditions will not become a part of the
agreement between the parties notwithstanding any subsequent
acknowledgement, invoice or license key that Splunk may issue.
22.2 Notices. All notices required or permitted under this Agreement
will be in writing and delivered in person, by overnight delivery
service, or by registered or certified mail, postage prepaid with
return receipt requested. All notices will be deemed given upon
receipt. All communications will be sent to the addresses in the
applicable Order or to any other address specified to a party in
accordance with this section.
22.3 Assignment. Customer may not assign, delegate or transfer this
Agreement, in whole or in part, by agreement, operation of law or
otherwise without the prior written consent of Splunk. Splunk may
assign this Agreement in whole or in part to an Affiliate or in
connection with an internal reorganization or a merger, acquisition,
or sale of all or substantially all of Splunk's assets. Splunk may
also assign its rights to receive payment due as a result of
performance of this Agreement to a bank, trust company, or other
financing institution, including any federal lending agency in
accordance with the Assignment of Claims Act (31 U.S.C. Section 3727)
and may assign this Agreement in accordance with the provisions at 48
C.F.R Section 42.12, as applicable. Any attempt to assign this
Agreement other than as permitted in this Agreement will be null and
void. Subject to this section, this Agreement will bind and inure to
the benefit of the parties' permitted successors and assigns.
22.4 Force Majeure. Neither party will be responsible for any failure
or delay in its performance under this Agreement (except for the
obligation to make payments) due to causes beyond its reasonable
control, including, but not limited to, labor disputes, war, acts of
terror, riot, acts of God, or governmental action.
22.5 Rights and Remedies. Except as otherwise expressly stated in this
Agreement, the rights and remedies of either party stated in this
Agreement are not exclusive and are in addition to any other rights
and remedies provided by law or at equity.
22.6 Waiver; Severability. The waiver by either party of a breach of
or a default under this Agreement will be effective only if in
writing. The failure by either party to enforce any provisions of this
Agreement will not constitute a waiver of any right under this
Agreement or of any subsequent enforcement of any provision. If a
court of competent jurisdiction holds any provision of this Agreement
invalid or unenforceable, the remaining provisions of the Agreement
will remain in full force and effect, and the provision affected will
be construed so as to be enforceable to the maximum extent permissible
by law.
22.7 Operational Metrics and Usage Data. The Software and Splunk
Extensions may be configured to allow Splunk to collect and process
technical and related information about Customer's use of the Software
(which may include, without limitation, ingest volume, search
concurrency, number of unique user logins, Internet protocol
addresses, page views, session duration, and other similar data) and
certain aggregated, anonymized information about the Software
environment (such as hardware identification, operating system,
application version), performance, configuration and other usage
information. Splunk uses this information to support and troubleshoot
issues, provide updates, automate invoices, analyze trends and improve
Splunk's products or services. Participation in the collection and
processing of this data by Splunk is voluntary (except for certain
Free or Evaluation Software or other programs as designated by Splunk,
which may require Customer's participation in an in-product analytics
program as a condition of receiving access to and using the Software).
Instructions on how to disable these in-product collection features
are included in Splunk's end user documentation. Splunk collects and
processes the information it collects subject to Splunk's Privacy
Policy, which can be found at
https://www.splunk.com/en_us/legal/privacy/privacy-policy.html and is
incorporated by reference and made a part of this Agreement.
22.8 Integration; Entire Agreement. This Agreement, along with any
additional terms incorporated by reference, including the Order and
the Exhibits hereto, constitute the complete and exclusive
understanding and agreement between the parties and supersedes any
written or oral prior or contemporaneous agreements, communications
and understandings. Any waiver, modification or amendment of any
provision of this Agreement will be effective only if in writing and
signed by duly authorized representatives of both parties. Any terms
and conditions contained or referenced by either party in a quote,
purchase order, acceptance, invoice or any similar document purporting
to modify the terms and conditions contained in this Agreement will be
disregarded and have no effect unless otherwise expressly agreed to by
the parties in accordance with the preceding sentence.
EXHIBIT A
DEFINITIONS
1. "Affiliate," with respect to a party, means a corporation, partnership or
other entity controlling, controlled by or under common control with the
party, but only so long as the control continues to exist. For purposes of
this definition, "control" means ownership, directly or indirectly, of greater
than fifty percent (50%) of the voting rights in the entity (or, in the case
of a noncorporate entity, equivalent rights).
2. "Authorized Partner" has the meaning stated in section 20.
3. "Claim" has the meaning stated in section 12.
4. "Confidential Information" has the meaning stated in section 13.1.
5. "Content Subscription" means the right for Customer to receive content
applicable to the Purchased Software (such as models, rules, and
configurations, as further described in the relevant end user documentation)
on a periodic basis for the duration of the subscription period. Content
Subscriptions are purchased as an add-on service to the license for Purchased
Software as identified in the Order.
6. "Customer Extensions" has the meaning stated in Section 2.1.7.
7. "Delivery" means the date of Splunk's initial delivery of the license key
for the applicable Software or otherwise making the applicable Software
available for download by Customer.
8. "Disabled Materials" means certain materials (including programs, modules
or components, functionality, features, documentation, content or other
materials) that may be contained in or provided with the Software that are
disabled or hidden in Customer's setting, because Customer either: (a) does
not have the relevant license or license key, or (b) has not paid the
applicable Fees, for those materials.
9. "Enhancements" means any updates, upgrades, releases, fixes, enhancements
or modifications to the Purchased Software made generally commercially
available by Splunk to its support customers under the terms and conditions in
Exhibit C.
10. "Evaluation Software" means Software that is specified in an Order as
provided under an evaluation license or a free trial license.
11. "Excluded Matters" has the meaning stated in section 12.
12. "Extension" means any separately downloadable suite, configuration file,
add-on, technical add-on, example module, command, function, playbook, content
or application that extends the features or functionality of the applicable
Software.
13. "Feedback" means all suggestions for improvement or enhancement,
recommendations, comments, opinions, code, input, ideas, reports, information,
know-how or other feedback provided by Customer (whether in oral, electronic,
or written form) to Splunk in connection with Splunk Materials. Feedback does
not include any data, results or output created or generated by Customer using
the Software, unless specifically submitted or communicated by Customer to
Splunk as part of the Feedback.
14. "Free Software" means Software specified in an Order without charge
(other than Evaluation Software).
15. "Government" means an agency, department, or instrumentality of the United
States government.
16. "Intellectual Property Rights" means all patent, copyright, trademark, and
trade secret rights and other intellectual property and proprietary rights,
whether registered or unregistered.
17. "Internal Business Purpose" means Customer's use for its own internal
business operations on Customer's systems, networks and devices with
Customer's data. This use does not include use by Customer on a service bureau
basis or otherwise to provide services to, or process data for, any third
party.
18. "Licensed Capacity" means the maximum usage of the Software (e.g.,
aggregate daily volume of data indexed, based on source types, number of
Nodes, number of monitored accounts, number of users, storage capacity, search
and compute units, etc.) that is permitted under the type of license included
in an Order. The Licensed Capacity associated with each Purchased Software is
stated in Exhibit B.
19. "License Fees" means all license fees listed in an Order.
20. "Open Source Software" means software or similar subject matter that is
distributed under an open source license such as (by way of example only) the
GNU General Public License, GNU Lesser General Public License, Apache License,
Mozilla Public License, BSD License, MIT License, Common Public License, any
derivative of any of the foregoing licenses, or any other license approved as
an open source license by the Open Source Initiative.
21. "Order" means Splunk's quote, statement of work, or ordering document
(including online order form) accepted by Customer via Customer's purchase
order or other ordering document submitted to Splunk (including directly or
indirectly through an Authorized Partner) to order Splunk Materials or
services, which references the products, services, pricing and other
applicable terms.
22. "Party's Entities" means a party's affiliates, subsidiaries, officers,
directors, employees, agents, partners and licensors.
23. "Professional Services" has the meaning stated in section 7.
24. "Purchased Software" means Software licensed to Customer for which
Customer has paid a License Fee to Splunk, directly or through an Authorized
Partner.
25. "Service Providers" has the meaning stated in section 3.
26. "Software" means the software products listed in an Order and any
Enhancements thereto made available to Customer by Splunk.
27. "Splunkbase" means Splunk's online directory of or platform for
Extensions, currently located at https://splunkbase.splunk.com/ and any and
all successors, replacements, new versions, derivatives, updates and upgrades
thereto and any other similar platform(s) owned and/or controlled by Splunk.
28. "Splunk Developer Tools" means the standard application programming
interfaces, configurations, software development kits, libraries, command line
interface tools, other tooling (including scaffolding and data generation
tools), integrated development environment plug-ins or extensions, code
examples, tutorials, reference guides and other related materials provided by
Splunk to facilitate or enable the creation of Extensions or otherwise support
interoperability between the Software and Customer's system or environment.
29. "Splunk Extensions" means Extensions made available through Splunkbase
that are identified on Splunkbase as published by Splunk and not by any third
party.
30. "Splunk Materials" mean the Software, Software license keys, Splunk
Developer Tools, Splunk Extensions and end user documentation relating
thereto.
31. "Support Services" has the meaning stated in section 6.
32. "Term" has the meaning stated in section 14.
33. "Test and Development Software" means Software that is specified in an
Order as provided under a test and development license.
34. "Third-Party Content" has the meaning stated in section19.
35. "Virus" means any harmful or malicious code, hidden programs or data
incorporated in the Purchased Software that destroys or impairs the Purchased
Software.
EXHIBIT B
LICENSED CAPACITY
The Licensed Capacity and other license limitations associated with each
Purchased Software can be found here:
https://www.splunk.com/en_us/legal/licensed-capacity.html
EXHIBIT C
SUPPORT AND MAINTENANCE TERMS AND CONDITIONS
Customer agrees that the following terms and conditions ("Support Terms") will
govern the delivery of any support or maintenance services by Splunk
("Support") listed on an Order entered into pursuant to the Software License
Agreement (the "Agreement") to which these Support Terms are attached. Subject
to Customer's termination rights stated in the Agreement, ordering any Support
from Splunk or any Authorized Partner indicates Customer's acceptance of these
Support Terms. These Support Terms are effective upon receipt and confirmation
of acceptance of Customer's purchase order by Splunk or an Authorized Partner.
1. DEFINITIONS. Unless otherwise defined in these Support Terms, capitalized
terms have the meanings stated in the Agreement.
2. SUPPORT AND MAINTENANCE.
2.1 Services. Subject to Customer's timely payment of the applicable annual
Support fees listed in the Order (the "Support Fees"), Splunk will provide the
level of Support identified in the Order in accordance with these Support
Terms. No other maintenance or support for the Software is included.
2.2 Support Fees. Support Fees will be due and payable in accordance with the
Order. Splunk will notify (electronically or otherwise) Customer of the
then-current annual Support Fee for Customer's level of Support in each notice
of term renewal. Support Fees are non-refundable once paid.
2.3 Exclusions. Splunk will have no obligation to provide Support for issues
caused by any of the following (each, a "Licensee-Generated Error"): (i)
modifications to the Software not made by Splunk; (ii) use of the Software
other than as authorized in the Agreement or as provided in the documentation
for the Software; (iii) damage to the machine on which the Software is
installed; (iv) Customer's failure to use the Software in ways other than
stated in the documentation; (v) versions of the Software other than the
Supported Version (defined in section 2.6.6); (vi) third-party products not
expressly supported by Splunk and described in the documentation; or (vii)
conflicts related to replacing or installing hardware, drivers, and software
that are not expressly supported by Splunk and described in the documentation.
Splunk will notify Customer as soon as reasonably possible that a support
issue is a Licensee-Generated Error. If the parties agree in writing that
Splunk will provide support for the Licensee-Generated Error, Splunk may
invoice Customer at Splunk's then-current time and materials rates for this
support.
2.4 Support for Splunk Extensions. Subject to Customer's payment of the
applicable annual Support Fees, Splunk will provide an Initial Response and
Acknowledgement in accordance with P3 terms as described in the Support
Programs (as defined below) for for Splunk Extensions labeled as "Splunk
Supported", and updates will be provided when made generally available. For
clarity, Splunk does not support Splunk Extensions labeled "Not Supported."
No other sections in these Terms and Conditions apply to Splunk Extensions.
2.5 Restrictions. Support is delivered only in English unless Customer is in a
location where Splunk has made localized Support available.
2.6 Support Descriptions.
2.6.1 Splunk Support. Customer's Order will identify the level of Support
Customer purchased for the applicable Purchased Software. The different
support programs and levels are described here:
http://www.splunk.com/en_us/support-and-services/support-programs.html
("Support Programs"). Support cases are handled based on case priority levels
described in the Support Programs. When submitting a case, Customer will
select the priority for initial response by logging the case online in
accordance with the priority guidelines in the Support Programs. Splunk may
change the priority if the issue does not conform to the criteria for the
selected priority. Splunk will provide Customer with notice (electronic or
otherwise) of this change.
2.6.2 Authorized Support Contacts. Support will be provided solely to the
authorized individual(s) specified by Customer ("Support Contacts"). Splunk
strongly recommends that Customer's Support Contact(s) be trained on the
Purchased Software. The number of Support Contacts under a Support Program are
based on the type and size of Customer's license entitlement. Customer will be
asked to provide the primary email address and Splunk.com login ID for all
Support Contacts.
2.6.3 Defect Resolution. If Splunk determines there is a defect in the
Purchased Software, Splunk will, in its discretion, (a) repair the defect in
the version of the Purchased Software , (b) instruct Customer to install a
newer version of the Purchased Software with the defect repaired, or (c)
provide Customer a workaround in lieu of fixing the defect.
2.6.4 Support Hours. Support is provided via telephone, email and web portal.
Support will be delivered by a member of Splunk's technical support team
during the regional hours of operation listed in the Support Programs.
2.6.5 Customer's Obligation to Assist. If Customer reports a purported defect
in the Purchased Software to Splunk, Splunk may require Customer to provide
the following information: (a) a general description of the operating
environment, (b) a list of all hardware components, operating systems and
networks, (c) a reproducible test case, and (d) log, trace, and systems files.
Customer's failure to provide this information or participate in a screen
share session may prevent Splunk from identifying and fixing that purported
defect or lead to increased resolution times.
2.6.6 Software Upgrades and Software Support Policy. Splunk provides updates,
upgrades, maintenance releases and reset keys only to Splunk Support customers
pursuant to Splunk's Support Policy provided at:
https://www.splunk.com/en_us/legal/splunk-software-support-policy.html
("Support Policy"). Software comes with a three-digit number version. The
first digit represents the major release (i.e., upgrade), the second digit
identifies the minor releases (i.e., updates) and the third digit identifies
the maintenance releases. With a new major version, the number to the left of
the decimal is changed and for minor releases, the number to the right of the
decimal point is increased. Splunk provides Support for the duration specified
in the Support Policy following the initial release date of each major or
minor version. The current version and the releases within the support period
will be "Supported Versions".
2.7 Changes in Support and Software. Subject to the Support Policy, Customer
acknowledges that Splunk has the right to discontinue the manufacture,
development or distribution of and Support for, any Software at any time in
its sole discretion. However, Splunk agrees to continue Support for the
Software during the then-current Support Term, subject to the terms in section
3. Splunk reserves the right to alter Support from time to time, using
reasonable discretion but in no event will alterations result in (a)
diminished support from the level of Support in these Support Terms; (b)
materially diminished obligations for Splunk; (c) materially diminished
Customer's rights; or (d) higher Support Fees during the then-current Support
Term. Splunk will provide Customer 30 days' prior written notice of any
material changes to the Support.
3. TERM AND TERMINATION.
3.1 Term. These Support Terms will commence on Delivery and continue for a
period of 1 year (or for term purchased if different than one year) (the
"Initial Term") unless terminated earlier in accordance with the terms of the
Agreement. These Support Terms will automatically renew for additional 1 year
terms (or for term purchased if different than one year) (each, a "Renewal
Term," and the Initial Term and the Renewal Terms, may be referred to as the
"then-current Support Term"), unless either party provides the other written
notice of its intent not to renew at least 30 days prior to the end of the
then-current Support Term. If Customer purchases Support from an Authorized
Partner, Customer will provide the notice to the Authorized Partner. If
Customer purchases Support, Customer must purchase and renew Support for all
of the licenses for a particular Software product. If a Support Term lapses,
Customer may seek to re-activate Support by submitting a purchase order that
includes fees for the lapsed period plus a reinstatement fee.
3.2 Termination. Either party may terminate these Support Terms by written
notice to the other party in the event of a material breach and does not cure
the breach within 30 days of receiving notice of the breach. If Customer
terminates the Agreement for Splunk's uncured material breach of these Terms
and Conditions, then Splunk will refund any unused prepaid fees to Customer as
Customer's sole and exclusive remedy. When Customer accepts a term license or
cloud subscription in an Order that also terminates the Customer's perpetual
licenses of a Software ("Prior Software"), all rights granted with respect to
the Prior Software are terminated upon the effective date of the Order, unless
otherwise specified on the Order. There will be no refund of any Fees
previously paid with respect to the Prior Software. Customer will certify in
writing within 30 business days of the date of a request from Splunk, the
destruction of all of the Prior Software including all Software copies and
related license keys.
Splunk Software License Agreement 10.21.2019
README.md
View file @ 6f70ef7b
# <application name>
# Splunk Enterprise
Project template for all Iron Bank container repositories.
\ No newline at end of file
#### Adapted from [docker-splunk](https://github.com/splunk/docker-splunk) to fit the Air Force's requirements.
----
## Purpose
### What is Splunk Enterprise?
[Splunk Enterprise](https://www.splunk.com/en_us/software/splunk-enterprise.html) is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results.
See [Splunk Products](https://www.splunk.com/en_us/software.html) for more information about the features and capabilities of Splunk products and how you can [bring them into your organization](https://www.splunk.com/en_us/enterprise-data-platform.html).
The provisioning of these containers is handled by the [Splunk-Ansible](https://github.com/splunk/splunk-ansible) project. Refer to the [Splunk-Ansible documentation](https://splunk.github.io/splunk-ansible/) and the [Ansible User Guide](https://docs.ansible.com/ansible/latest/user_guide/index.html) for more details.
To assist with running Splunk in a Kubernetes environment, there is the [Splink Operator for Kubernetes](https://github.com/splunk/splunk-operator) project. Please see the [Getting Started](https://github.com/splunk/splunk-operator/blob/master/docs/README.md) documentation for using the Splunk Operator.
---
## Quickstart
Start a single containerized instance of Splunk Enterprise with the command below, replacing `<password>` with a password string that conforms to the [Splunk Enterprise password requirements](https://docs.splunk.com/Documentation/Splunk/latest/Security/Configurepasswordsinspecfile).
```bash
$ docker run -p 8000:8000 -e "SPLUNK_PASSWORD=<password>" \
-e "SPLUNK_START_ARGS=--accept-license" \
-e "SPLUNK_HOME_OWNERSHIP_ENFORCEMENT=false" \
-it --name so1 splunk:latest
```
This command does the following:
1. Starts a Docker container using the `splunk:latest` image.
1. Names the container as `so1`.
1. Exposes a port mapping from the host's `8000` port to the container's `8000` port
1. Specifies a custom `SPLUNK_PASSWORD`.
1. Accepts the license agreement with `SPLUNK_START_ARGS=--accept-license`. This agreement must be explicitly accepted on every container or Splunk Enterprise doesn't start.
1. Set the Splunk Home Ownership to false with `SPLUNK_HOME_OWNERSHIP_ENFORCEMENT=false` as we are required to start the container as the splunk user for security reasons.
After the container starts up, you can access Splunk Web at <http://localhost:8000> with `admin:<password>`.
To view the logs from the container created above, run:
```bash
$ docker logs -f so1
```
To enter the container and run Splunk CLI commands, run:
```bash
# Defaults to the user "ansible"
docker exec -it so1 /bin/bash
# Run shell as the user "splunk"
docker exec -u splunk -it so1 bash
```
To enable TCP 10514 for listening, run:
```bash
docker exec -u splunk so1 /opt/splunk/bin/splunk add tcp 10514 \
-sourcetype syslog -resolvehost true \
-auth "admin:${SPLUNK_PASSWORD}"
```
To install an app, run:
```bash
docker exec -u splunk so1 /opt/splunk/bin/splunk install \
/path/to/app.tar -auth "admin:${SPLUNK_PASSWORD}"
```
---
## Documentation
Visit the [Docker-Splunk documentation](https://splunk.github.io/docker-splunk/) page for full usage instructions, including installation, examples, and advanced deployment scenarios.
Not all Documentation at this link will be applicable to this specific image as it has specific build dependencies for the Air Force.
### Python Support
Python 2 has been removed from the image based on it being end of life. Any Splunk apps or scripts that rely on Python 2 will not work and will need to be re-written for Python 3. Python 3 is included in the image.
### Data Fabric Search
With DFS being [end of support](https://docs.splunk.com/Documentation/DFS/1.1.2/DFS/Overview) in Oct of 2021, we have started to remove packages required for DFS to function. As such, DFS cannot function in this image of Splunk.
apache-2.0.txt 0 → 100644
View file @ 6f70ef7b
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
clamav-whitelist 0 → 100644
View file @ 6f70ef7b
Multios.Trojan.ElectroRAT-9823393-0
hardening_manifest.yaml 0 → 100644
View file @ 6f70ef7b
---
apiVersion: v1
name: "splunk/splunk/splunk"
tags:
- "8.2.0"
- "latest"
args:
BASE_IMAGE: "redhat/ubi/ubi8-minimal"
BASE_TAG: "8.4"
labels:
org.opencontainers.image.title: "splunk"
org.opencontainers.image.description: "Splunk Enterprise is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results."
org.opencontainers.image.licenses: "Commercial"
org.opencontainers.image.url: "https://www.splunk.com/en_us/legal/splunk-terms-overview.html"
org.opencontainers.image.vendor: "Splunk"
org.opencontainers.image.version: "8.2.0"
mil.dso.ironbank.image.keywords: "security,data,itops"
mil.dso.ironbank.image.type: "commercial"
mil.dso.ironbank.product.name: "Splunk Enterprise"
resources:
- url: https://github.com/splunk/splunk-ansible/archive/8.2.0.tar.gz
filename: splunk-ansible.tar.gz
validation:
type: sha256
value: 7e5b254a4db208d8dee261ec56edbdbbcedf54f42c7d02031f8f523892ed0a36
- url: https://download.splunk.com/products/splunk/releases/8.2.0/linux/splunk-8.2.0-e053ef3c985f-Linux-x86_64.tgz
filename: splunk-8.2.0-e053ef3c985f-Linux-x86_64.tgz
validation:
type: sha256
value: 868ac331aee0a3437a85cd57604bace201c4ad77c68ee1bbde0cc90fe3f0b717
- url: https://github.com/splunk/splunk-cloud-sdk-go/releases/download/v1.11.1/scloud_v7.1.0_linux_amd64.tar.gz
filename: scloud_v7.1.0_linux_amd64.tar.gz
validation:
type: sha256
value: b1f47cb2ffd17fe87f07599c88da42a07e4c51e3c37986e4bb0509000e1344a9
- url: https://files.pythonhosted.org/packages/6b/47/c14abc08432ab22dc18b9892252efaf005ab44066de871e72a38d6af464b/requests-2.25.1.tar.gz
filename: requests-2.25.1.tar.gz
validation:
type: sha256
value: 27973dd4a904a4f13b263a19c866c13b92a39ed1c964655f025f3f8d3d75b804
- url: https://www.python.org/ftp/python/3.7.10/Python-3.7.10.tgz
filename: Python-3.7.10.tgz
validation:
type: sha256
value: c9649ad84dc3a434c8637df6963100b2e5608697f9ba56d82e3809e4148e0975
- url: https://files.pythonhosted.org/packages/be/27/a4ee8ec50cdfa87385e1181da8bb4b3205d8e669d13393b747baaa01f45a/ansible-core-2.11.1.tar.gz
filename: ansible-core-2.11.1.tar.gz
validation:
type: sha256
value: 7e75827a94d47d1c3e1930d708f0ef637a3ab9a21f757aaf55deab6e9f47c682
- url: https://files.pythonhosted.org/packages/ff/ea/b82dfb8f0d7ddaed50c2dbfe05af9cde3230687c32ceae6ee1bd5ae048c5/ansible-4.0.0.tar.gz
filename: ansible-4.0.0.tar.gz
validation:
type: sha256
value: 6f67ca5c634e4721d1f8e206dc71d60d1a114d147945355bfc902bd37eb07080
- url: https://files.pythonhosted.org/packages/3e/89/7ea760b4daa42653ece2380531c90f64788d979110a2ab51049d92f408af/packaging-20.9-py2.py3-none-any.whl
filename: packaging-20.9-py2.py3-none-any.whl
validation:
type: sha256
value: 67714da7f7bc052e064859c05c595155bd1ee9f69f76557e21f051443c20947a
- url: https://files.pythonhosted.org/packages/eb/11/bda2b7dee2c84d1f1923ae273023bb94d3e5ab3d1a46b4bd8cf5eb81a241/resolvelib-0.5.4-py2.py3-none-any.whl
filename: resolvelib-0.5.4-py2.py3-none-any.whl
validation:
type: sha256
value: 8113ae3ed6d33c6be0bcbf03ffeb06c0995c099b7b8aaa5ddf2e9b3b3df4e915
- url: https://files.pythonhosted.org/packages/ed/46/e298a50dde405e1c202e316fa6a3015ff9288423661d7ea5e8f22f589071/wheel-0.36.2.tar.gz
filename: wheel-0.36.2.tar.gz
validation:
type: sha256
value: e11eefd162658ea59a60a0f6c7d493a7190ea4b9a85e335b33489d9f17e0245e
- url: https://files.pythonhosted.org/packages/3c/56/3f325b1eef9791759784aa5046a8f6a1aff8f7c898a2e34506771d3b99d8/jmespath-0.10.0.tar.gz
filename: jmespath-0.10.0.tar.gz
validation:
type: sha256
value: b85d0567b8666149a93172712e68920734333c0ce7e89b78b3e987f71e5ed4f9
- url: https://files.pythonhosted.org/packages/bf/10/ff66fea6d1788c458663a84d88787bae15d45daa16f6b3ef33322a51fc7e/MarkupSafe-2.0.1.tar.gz
filename: MarkupSafe-2.0.1.tar.gz
validation:
type: sha256
value: 594c67807fb16238b30c44bdf74f36c02cdf22d1c8cda91ef8a0ed8dabf5620a
- url: https://files.pythonhosted.org/packages/7a/a5/393c087efdc78091afa2af9f1378762f9821c9c1d7a22c5753fb5ac5f97a/PyYAML-5.4.1-cp37-cp37m-manylinux1_x86_64.whl
filename: PyYAML-5.4.1-cp37-cp37m-manylinux1_x86_64.whl
validation:
type: sha256
value: e1d4970ea66be07ae37a3c2e48b5ec63f7ba6804bdddfdbd3cfd954d25a82e63
- url: https://files.pythonhosted.org/packages/7a/0c/23cbcf515b5394e9f59a3e6629f26e1142b92d474ee0725a26aa5a3bcf76/Jinja2-3.0.0.tar.gz
filename: Jinja2-3.0.0.tar.gz
validation:
type: sha256
value: ea8d7dd814ce9df6de6a761ec7f1cac98afe305b8cdc4aaae4e114b8d8ce24c5
- url: https://files.pythonhosted.org/packages/c1/47/dfc9c342c9842bbe0036c7f763d2d6686bcf5eb1808ba3e170afdb282210/pyparsing-2.4.7.tar.gz
filename: pyparsing-2.4.7.tar.gz
validation:
type: sha256
value: c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1
- url: https://files.pythonhosted.org/packages/94/40/c396b5b212533716949a4d295f91a4c100d51ba95ea9e2d96b6b0517e5a5/urllib3-1.26.5.tar.gz
filename: urllib3-1.26.5.tar.gz
validation:
type: sha256
value: a7acd0977125325f516bda9735fa7142b909a8d01e8b2e4c8108d0984e6e0098
- url: https://files.pythonhosted.org/packages/ee/2d/9cdc2b527e127b4c9db64b86647d567985940ac3698eeabc7ffaccb4ea61/chardet-4.0.0.tar.gz
filename: chardet-4.0.0.tar.gz
validation:
type: sha256
value: 0d6f53a15db4120f2b08c94f11e7d93d2c911ee118b6b30a04ec3ee8310179fa
- url: https://files.pythonhosted.org/packages/06/a9/cd1fd8ee13f73a4d4f491ee219deeeae20afefa914dfb4c130cfc9dc397a/certifi-2020.12.5.tar.gz
filename: certifi-2020.12.5.tar.gz
validation:
type: sha256
value: 1a4995114262bffbc2413b159f2a1a480c969de6e6eb13ee966d470af86af59c
- url: https://files.pythonhosted.org/packages/9f/24/1444ee2c9aee531783c031072a273182109c6800320868ab87675d147a05/idna-3.1.tar.gz
filename: idna-3.1.tar.gz
validation:
type: sha256
value: c5b02147e01ea9920e6b0a3f1f7bb833612d507592c837a6c49552768f4054e1
- url: https://files.pythonhosted.org/packages/b2/26/7af637e6a7e87258b963f1731c5982fb31cd507f0d90d91836e446955d02/cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl
filename: cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl
validation:
type: sha256
value: 1e056c28420c072c5e3cb36e2b23ee55e260cb04eee08f702e0edfec3fb51959
- url: https://files.pythonhosted.org/packages/71/39/171f1c67cd00715f190ba0b100d606d440a28c93c7714febeca8b79af85e/six-1.16.0.tar.gz
filename: six-1.16.0.tar.gz
validation:
type: sha256
value: 1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926
- url: https://files.pythonhosted.org/packages/a8/20/025f59f929bbcaa579704f443a438135918484fffaacfaddba776b374563/cffi-1.14.5.tar.gz
filename: cffi-1.14.5.tar.gz
validation:
type: sha256
value: fd78e5fee591709f32ef6edb9a015b4aa1a5022598e36227500c8f4e02328d9c
- url: https://files.pythonhosted.org/packages/0f/86/e19659527668d70be91d0369aeaa055b4eb396b0f387a4f92293a20035bd/pycparser-2.20.tar.gz
filename: pycparser-2.20.tar.gz
validation:
type: sha256
value: 2d475327684562c3a96cc71adf7dc8c4f0565175cf86b6d7a404ff4c771f15f0
maintainers:
- name: "Bryan Pluta"
username: "bpluta"
email: "bpluta@splunk.com"
scripts/checkstate.sh 0 → 100755
View file @ 6f70ef7b
#!/bin/bash
# Copyright 2018 Splunk
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#This script is used to retrieve and report the state of the container
#Although not actively in the container, it can be used to check the health
#of the splunk instance
#NOTE: If you plan on running the splunk container while keeping Splunk
# inactive for long periods of time, this script may give misleading
# health results
if [[ "" == "$NO_HEALTHCHECK" ]]; then
if [[ "false" == "$SPLUNKD_SSL_ENABLE" ]]; then
SCHEME="http"
else
SCHEME="https"
fi
#If NO_HEALTHCHECK is NOT defined, then we want the healthcheck
state="$(< $CONTAINER_ARTIFACT_DIR/splunk-container.state)"
case "$state" in
running|started)
curl -m 30 -f -k $SCHEME://localhost:8089/
exit $?
;;
*)
exit 1
esac
else
#If NO_HEALTHCHECK is defined, ignore the healthcheck
exit 0
fi
scripts/createdefaults.py 0 → 100755
View file @ 6f70ef7b
#! /usr/bin/python
# Copyright 2018-2021 Splunk
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import os
import six
import sys
import uuid
import random
import base64
splunk_ansible_home = os.environ.get('SPLUNK_ANSIBLE_HOME')
splunk_ansible_inventory = os.path.join(splunk_ansible_home, "inventory")
sys.path.append(os.path.abspath(splunk_ansible_inventory))
splunk_hec_token = os.environ.get("SPLUNK_HEC_TOKEN", None)
splunk_password = os.environ.get("SPLUNK_PASSWORD", None)
splunk_idxc_secret = os.environ.get("SPLUNK_IDXC_SECRET", None)
splunk_idxc_pass4SymmKey = os.environ.get("SPLUNK_IDXC_PASS4SYMMKEY", None)
splunk_shc_secret = os.environ.get("SPLUNK_SHC_SECRET", None)
splunk_shc_pass4SymmKey = os.environ.get("SPLUNK_SHC_PASS4SYMMKEY", None)
def random_generator(size=24):
# Use System Random for
rng = random.SystemRandom()
b = [chr(rng.randrange(256)) for i in range(size)]
s = ''.join(b)
if six.PY2:
s = base64.b64encode(s)
else:
s = base64.b64encode(s.encode()).decode()
return s
# if there are no environment vars set, lets make some safe defaults
if not splunk_hec_token:
tempuuid=uuid.uuid4()
os.environ["SPLUNK_HEC_TOKEN"] = str(tempuuid)
if not splunk_password:
os.environ["SPLUNK_PASSWORD"] = random_generator()
if splunk_idxc_pass4SymmKey:
os.environ["SPLUNK_IDXC_PASS4SYMMKEY"] = os.environ["SPLUNK_IDXC_SECRET"] = splunk_idxc_pass4SymmKey
elif splunk_idxc_secret:
os.environ["SPLUNK_IDXC_PASS4SYMMKEY"] = os.environ["SPLUNK_IDXC_SECRET"] = splunk_idxc_secret
else:
os.environ["SPLUNK_IDXC_PASS4SYMMKEY"] = os.environ["SPLUNK_IDXC_SECRET"] = random_generator()
if splunk_shc_secret:
os.environ["SPLUNK_SHC_PASS4SYMMKEY"] = os.environ["SPLUNK_SHC_SECRET"] = splunk_shc_pass4SymmKey
elif splunk_shc_pass4SymmKey:
os.environ["SPLUNK_SHC_PASS4SYMMKEY"] = os.environ["SPLUNK_SHC_SECRET"] = splunk_shc_secret
else:
os.environ["SPLUNK_SHC_PASS4SYMMKEY"] = os.environ["SPLUNK_SHC_SECRET"] = random_generator()
sys.argv.append("--write-to-stdout")
import environ
environ.main()
scripts/delete_jquery.py 0 → 100644
View file @ 6f70ef7b
import os
# Check if $SPLUNK_HOME is set. None of this script will work if it's not.
try:
splunk_home = os.environ['SPLUNK_HOME']
except Exception as exception:
print('$SPLUNK_HOME is not set. Please set it and try again. Exception {}'.format(exception))
exit()
root_directory = splunk_home + '/share/splunk/search_mrsparkle/' # root directory should be an absolute path starting from '/'
files_to_delete = [
'exposed/js/build/simplexml/config.js',
'exposed/js/build/simplexml.min/config.js',
'exposed/js/contrib/jquery/jquery.js',
'exposed/js/contrib/jquery-1.8.2.js',
'exposed/js/contrib/jquery-1.8.2.min.js',
'exposed/js/contrib/jquery-2.1.0.js',
'exposed/js/contrib/jquery-2.1.0.min.js',
'exposed/build/single_value/index.js',
'exposed/build/pages/enterprise/dashboard.js',
'exposed/build/pages/lite/dashboard.js',
'exposed/build/pages/dark/dashboard.js',
'exposed/build/pdf_mapping/index.js',
'exposed/build/simplexml/index.js',
'exposed/build/jscharting/index.js',
'templates/pages/dashboard.html'
]
for filename in files_to_delete:
file_path = os.path.join(root_directory, filename)
try:
if os.path.isfile(file_path) or os.path.islink(file_path):
if not os.access(file_path, os.W_OK): # if there is no sufficient permissions, set it.
os.chmod(file_path, 0o777) # python 3.7 syntax
else:
print('Could not set permissions for file {}'.format(file_path))
continue
os.remove(file_path)
print('Successfully removed file {}'.format(file_path))
else:
print('File {} not found. Unable to delete.'.format(file_path))
except Exception as e:
print('Failed to delete {}. Reason: {}'.format(file_path, e))
scripts/entrypoint.sh 0 → 100755
View file @ 6f70ef7b
#!/bin/bash
# Copyright 2018-2021 Splunk
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -e
setup() {
# Check if the user accepted the license
if [[ "$SPLUNK_START_ARGS" != *"--accept-license"* ]]; then
printf "License not accepted, please ensure the environment variable SPLUNK_START_ARGS contains the '--accept-license' flag\n"
printf "For example: docker run -e SPLUNK_START_ARGS=--accept-license -e SPLUNK_PASSWORD splunk/splunk\n\n"
printf "For additional information and examples, see the help: docker run -it splunk/splunk help\n"
exit 1
fi
}
teardown() {
# Always run the stop command on termination
${SPLUNK_HOME}/bin/splunk stop 2>/dev/null || true
}
trap teardown SIGINT SIGTERM
prep_ansible() {
cd ${SPLUNK_ANSIBLE_HOME}
if [ `whoami` == "${SPLUNK_USER}" ]; then
sed -i -e "s,^become\\s*=.*,become = false," ansible.cfg
fi
if [[ "$DEBUG" == "true" ]]; then
ansible-playbook --version
python inventory/environ.py --write-to-file
cat /opt/container_artifact/ansible_inventory.json 2>/dev/null
cat /opt/ansible/inventory/messages.txt 2>/dev/null || true
echo
fi
}
watch_for_failure(){
if [[ $? -eq 0 ]]; then
sh -c "echo 'started' > ${CONTAINER_ARTIFACT_DIR}/splunk-container.state"
fi
echo ===============================================================================
echo
user_permission_change
if [ `whoami` != "${SPLUNK_USER}" ]; then
RUN_AS_SPLUNK="sudo -u ${SPLUNK_USER}"
fi
# Any crashes/errors while Splunk is running should get logged to splunkd_stderr.log and sent to the container's stdout
if [ -z "$SPLUNK_TAIL_FILE" ]; then
echo Ansible playbook complete, will begin streaming splunkd_stderr.log
${RUN_AS_SPLUNK} tail -n 0 -f ${SPLUNK_HOME}/var/log/splunk/splunkd_stderr.log &
else
echo Ansible playbook complete, will begin streaming ${SPLUNK_TAIL_FILE}
${RUN_AS_SPLUNK} tail -n 0 -f ${SPLUNK_TAIL_FILE} &
fi
wait
}
create_defaults() {
createdefaults.py
}
start_and_exit() {
if [ -z "$SPLUNK_PASSWORD" ]
then
echo "WARNING: No password ENV var. Stack may fail to provision if splunk.password is not set in ENV or a default.yml"
fi
sh -c "echo 'starting' > ${CONTAINER_ARTIFACT_DIR}/splunk-container.state"
setup
prep_ansible
ansible-playbook $ANSIBLE_EXTRA_FLAGS -i inventory/environ.py -l localhost site.yml
}
start() {
trap teardown EXIT
start_and_exit
watch_for_failure
}
configure_multisite() {
prep_ansible
ansible-playbook $ANSIBLE_EXTRA_FLAGS -i inventory/environ.py -l localhost multisite.yml
}
restart(){
trap teardown EXIT
sh -c "echo 'restarting' > ${CONTAINER_ARTIFACT_DIR}/splunk-container.state"
prep_ansible
${SPLUNK_HOME}/bin/splunk stop 2>/dev/null || true
ansible-playbook -i inventory/environ.py -l localhost start.yml
watch_for_failure
}
user_permission_change(){
if [[ "$STEPDOWN_ANSIBLE_USER" == "true" ]]; then
bash -c "sudo deluser -q ansible sudo"
fi
}
help() {
cat << EOF
____ _ _ __
/ ___| _ __ | |_ _ _ __ | | __ \ \\
\___ \| '_ \| | | | | '_ \| |/ / \ \\
___) | |_) | | |_| | | | | < / /
|____/| .__/|_|\__,_|_| |_|_|\_\ /_/
|_|
========================================
Environment Variables:
* SPLUNK_USER - user under which to run Splunk (default: splunk)
* SPLUNK_GROUP - group under which to run Splunk (default: splunk)
* SPLUNK_HOME - home directory where Splunk gets installed (default: /opt/splunk)
* SPLUNK_START_ARGS - arguments to pass into the Splunk start command; you must include '--accept-license' to start Splunk (default: none)
* SPLUNK_PASSWORD - password to log into this Splunk instance, you must include a password (default: none)
* SPLUNK_ROLE - the role of this Splunk instance (default: splunk_standalone)
Acceptable values:
- splunk_standalone
- splunk_search_head
- splunk_indexer
- splunk_deployer
- splunk_license_master
- splunk_cluster_master
- splunk_heavy_forwarder
* SPLUNK_LICENSE_URI - URI or local file path (absolute path in the container) to a Splunk license
* SPLUNK_STANDALONE_URL, SPLUNK_INDEXER_URL, ... - comma-separated list of resolvable aliases to properly bring-up a distributed environment.
This is optional for standalones, but required for multi-node Splunk deployments.
* SPLUNK_BUILD_URL - URL to a Splunk build which will be installed (instead of the image's default build)
* SPLUNK_APPS_URL - comma-separated list of URLs to Splunk apps which will be downloaded and installed
Examples:
* docker run -it -e SPLUNK_PASSWORD=helloworld -p 8000:8000 splunk/splunk start
* docker run -it -e SPLUNK_START_ARGS=--accept-license -e SPLUNK_PASSWORD=helloworld -p 8000:8000 -p 8089:8089 splunk/splunk start
* docker run -it -e SPLUNK_START_ARGS=--accept-license -e SPLUNK_LICENSE_URI=http://example.com/splunk.lic -e SPLUNK_PASSWORD=helloworld -p 8000:8000 splunk/splunk start
* docker run -it -e SPLUNK_START_ARGS=--accept-license -e SPLUNK_INDEXER_URL=idx1,idx2 -e SPLUNK_SEARCH_HEAD_URL=sh1,sh2 -e SPLUNK_ROLE=splunk_search_head --hostname sh1 --network splunknet --network-alias sh1 -e SPLUNK_PASSWORD=helloworld -e SPLUNK_LICENSE_URI=http://example.com/splunk.lic splunk/splunk start
EOF
exit 1
}
case "$1" in
start|start-service)
shift
start $@
;;
start-and-exit)
shift
start_and_exit $@
;;
configure-multisite)
shift
configure_multisite $0
;;
create-defaults)
create_defaults
;;
restart)
shift
restart $@
;;
no-provision)
user_permission_change
tail -n 0 -f /etc/hosts &
wait
;;
bash|splunk-bash)
/bin/bash --init-file ${SPLUNK_HOME}/bin/setSplunkEnv
;;
help)
shift
help $@
;;
*)
shift
help $@
;;
esac
scripts/install.sh 0 → 100755
View file @ 6f70ef7b
#!/bin/bash
# Copyright 2021 Splunk
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -e
# reinstalling local en def for now, removed in minimal image https://bugzilla.redhat.com/show_bug.cgi?id=1665251
microdnf -y --nodocs install glibc-langpack-en
#Currently there is no access to the UTF-8 char map, the following command is commented out until
#the base container can generate the locale
#localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8
#We get around the gen above by forcing the language install, and then point to it.
export LANG=en_US.utf8
#update all packages to reduce vulnerabilites
microdnf -y --nodocs install sudo shadow-utils procps tar tzdata make gcc \
openssl-devel bzip2-devel libffi-devel findutils
microdnf -y --nodocs update gnutls kernel-headers librepo libnghttp2 tzdata nettle
#to account for not using BusyBox
microdnf -y --nodocs install iputils hostname psmisc net-tools bind-utils ncurses findutils
#Install Python and necessary packages
PY_SHORT=${PYTHON_VERSION%.*}
mkdir -p /tmp/pyinstall
tar -xzC /tmp/pyinstall/ --strip-components=1 -f /tmp/python.tgz
rm /tmp/python.tgz
cd /tmp/pyinstall
./configure --enable-optimizations --prefix=/usr --with-ensurepip=install
make altinstall LDFLAGS="-Wl,--strip-all"
rm -rf /tmp/pyinstall
ln -sf /usr/bin/python${PY_SHORT} /usr/bin/python
ln -sf /usr/bin/pip${PY_SHORT} /usr/bin/pip
# Install splunk-ansible dependencies
cd /
pip --no-cache-dir install --no-deps --no-index cffi-1.14.5.tar.gz six-1.16.0.tar.gz wheel-0.36.2.tar.gz \
requests-2.25.1.tar.gz cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl \
jmespath-0.10.0.tar.gz Jinja2-3.0.0.tar.gz MarkupSafe-2.0.1.tar.gz PyYAML-5.4.1-cp37-cp37m-manylinux1_x86_64.whl \
pycparser-2.20.tar.gz urllib3-1.26.5.tar.gz chardet-4.0.0.tar.gz certifi-2020.12.5.tar.gz \
idna-3.1.tar.gz pyparsing-2.4.7.tar.gz packaging-20.9-py2.py3-none-any.whl resolvelib-0.5.4-py2.py3-none-any.whl ansible-core-2.11.1.tar.gz \
ansible-4.0.0.tar.gz --upgrade
# Remove tests packaged in python libs
find /usr/lib/ -depth \( -type d -a -not -wholename '*/ansible/plugins/test' -a \( -name test -o -name tests -o -name idle_test \) \) -exec rm -rf '{}' \;
find /usr/lib/ -depth \( -type f -a -name '*.pyc' -o -name '*.pyo' -o -name '*.a' \) -exec rm -rf '{}' \;
find /usr/lib/ -depth \( -type f -a -name 'wininst-*.exe' \) -exec rm -rf '{}' \;
ldconfig
microdnf remove -y make gcc openssl-devel bzip2-devel libffi-devel findutils cpp binutils \
glibc-devel keyutils-libs-devel krb5-devel libcom_err-devel libselinux-devel \
libsepol-devel libverto-devel libxcrypt-devel pcre2-devel zlib-devel
microdnf clean all
#additional STIG steps for OS
systemctl mask ctrl-alt-del.target
sed -i 's/ nullok//g' /etc/pam.d/*
cd /bin
chmod u+s /usr/sbin/ping
groupadd sudo
#Clean
microdnf clean all
rm -rf /install.sh /anaconda-post.log /var/log/anaconda/*
scripts/make-minimal-exclude.py 0 → 100755
View file @ 6f70ef7b
#!/usr/bin/python
import re, sys
EXCLUDE_V7 = """*-manifest
*/bin/installit.py
*/bin/jars/*
*/bin/jsmin*
*/bin/*mongo*
*/3rdparty/Copyright-for-mongo*
*/bin/node*
*/bin/pcregextest*
*/etc/*.lic*
*/etc/anonymizer*
*/etc/apps/SplunkForwarder*
*/etc/apps/SplunkLightForwarder*
*/etc/apps/launcher*
*/etc/apps/legacy*
*/etc/apps/sample_app*
*/etc/apps/appsbrowser*
*/etc/apps/alert_webhook*
*/etc/apps/splunk_archiver*
*/etc/apps/splunk_monitoring_console*
*/lib/node_modules*
*/share/splunk/app_templates*
*/share/splunk/authScriptSamples*
*/share/splunk/diag
*/share/splunk/mbtiles*
*/share/splunk/migration*
*/share/splunk/pdf*
*mrsparkle*"""
m = re.match(".*splunk-([0-9]+)\.([0-9]+)\.[0-9]+\.?[0-9]?-[0-9a-z]+-Linux-[0-9a-z_-]+.tgz", sys.argv[1])
if m and m.group(1):
print(EXCLUDE_V7)
if int(m.group(1)) == 7:
print("*/bin/parsetest*")
if int(m.group(2)) < 3:
print("*/etc/apps/framework*")
print("*/etc/apps/gettingstarted*")
else:
print("*/etc/apps/splunk_metrics_workspace*")
elif int(m.group(1)) > 7:
print("*/etc/apps/splunk_metrics_workspace*")
if int(m.group(2)) < 1:
print("*/bin/parsetest*")
scripts/updateetc.sh 0 → 100755
View file @ 6f70ef7b
#!/bin/bash
# Copyright 2018-2020 Splunk
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
SPLUNK_ETC_BAK="${SPLUNK_ETC_BAK:-/opt/splunk-etc}"
if [[ -f "${SPLUNK_ETC_BAK}/splunk.version" ]]; then
IMAGE_VERSION_SHA=`cat ${SPLUNK_ETC_BAK}/splunk.version | sha512sum`
if [[ -f "${SPLUNK_HOME}/etc/splunk.version" ]]; then
ETC_VERSION_SHA=`cat ${SPLUNK_HOME}/etc/splunk.version | sha512sum`
fi
if [[ "x${IMAGE_VERSION_SHA}" != "x${ETC_VERSION_SHA}" ]]; then
echo Updating ${SPLUNK_HOME}/etc
(cd ${SPLUNK_ETC_BAK}; tar cf - *) | (cd ${SPLUNK_HOME}/etc; tar xf -)
fi
fi
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

UNCLASSIFIED