From be929b85743590a50609c9855b347598ff7280fa Mon Sep 17 00:00:00 2001
From: bpluta <bpluta@splunk.com>
Date: Mon, 30 Aug 2021 16:07:20 +0000
Subject: [PATCH 1/2] removed pems and pinned ansible

---
 Dockerfile              | 3 ++-
 hardening_manifest.yaml | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 9dfbdd2..3ff6026 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -80,7 +80,7 @@ RUN mv /minimal/splunk/etc /minimal/splunk-etc
 RUN mv /extras/splunk/etc /extras/splunk-etc
 RUN mkdir -p /minimal/splunk/etc /minimal/splunk/share/splunk/search_mrsparkle/modules.new
 COPY splunk-ansible.tar.gz splunk-ansible.tar.gz
-RUN tar -zxf splunk-ansible.tar.gz && mv splunk-ansible-8.2.1 splunk-ansible-develop && rm splunk-ansible.tar.gz
+RUN tar -zxf splunk-ansible.tar.gz && mv splunk-ansible-8.2.2 splunk-ansible-develop && rm splunk-ansible.tar.gz
 
 #
 # Minimal Splunk base image with many files excluded, intended for internal and experimental use
@@ -185,6 +185,7 @@ RUN ubi8-development/scripts/xccdf_org.ssgproject.content_rule_disable_ctrlaltde
     ubi8-development/scripts/xccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs.sh && \
     ubi8-development/scripts/xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration.sh
 RUN rm -fdr ubi8-development
+RUN grep -rl -e "-BEGIN.*PRIVATE KEY-" /opt/splunk | while read line; do rm -f "$line";done;
 
 USER ${SPLUNK_USER}
 HEALTHCHECK --interval=30s --timeout=30s --start-period=3m --retries=5 CMD /sbin/checkstate.sh || exit 1
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index f0c14d9..f0abca0 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -23,11 +23,11 @@ labels:
   mil.dso.ironbank.product.name: "Splunk Enterprise"
 
 resources:
-- url: https://github.com/splunk/splunk-ansible/archive/8.2.1.tar.gz
+- url: https://github.com/splunk/splunk-ansible/archive/8.2.2.tar.gz
   filename: splunk-ansible.tar.gz
   validation:
     type: sha256
-    value: 2b749382aab23a2590792245d9e8b79c4ab285049b90b06efded254de419a264              
+    value: f5a836c40d26e10b87e1b22143bb73b3b05337a18804a166482c39f7070fd8ff              
 - url: https://d7wz6hmoaavd0.cloudfront.net/products/splunk/releases/8.2.2/linux/splunk-8.2.2-87344edfcdb4-Linux-x86_64.tgz
   filename: splunk-8.2.2-87344edfcdb4-Linux-x86_64.tgz
   validation:
-- 
GitLab


From 633358dc09852790b6e115c36439e85a6c1902c5 Mon Sep 17 00:00:00 2001
From: bpluta <bpluta@splunk.com>
Date: Mon, 30 Aug 2021 19:13:18 +0000
Subject: [PATCH 2/2] fix pems files

---
 Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Dockerfile b/Dockerfile
index 3ff6026..268e173 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -185,6 +185,7 @@ RUN ubi8-development/scripts/xccdf_org.ssgproject.content_rule_disable_ctrlaltde
     ubi8-development/scripts/xccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs.sh && \
     ubi8-development/scripts/xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration.sh
 RUN rm -fdr ubi8-development
+RUN grep -rl -e "-BEGIN.*PRIVATE KEY-" /opt/splunk-etc/apps | while read line; do rm -f "$line";done;
 RUN grep -rl -e "-BEGIN.*PRIVATE KEY-" /opt/splunk | while read line; do rm -f "$line";done;
 
 USER ${SPLUNK_USER}
-- 
GitLab