Some best practices for your servers and operating system
Operating System
To maximize security, harden the operating system on all computers where you run Splunk software.
- If your organization does not have internal hardening standards, consult the CIS hardening benchmarks.
- As a minimum, limit shell/command line access to your Splunk servers.
Splunk
- Configure redundant Splunk instances, both indexing a copy of the same data.
- Backup Splunk data and configurations, regularly.
- Execute a periodic recovery test by attempting to restore Splunk Enterprise from backup.
- Verify your Splunk download using a hash function such as MD5 to compare the hashes. For example:
./openssl dgst md5 <filename-splunk-downloaded.zip>
Client browser
- Use a current version of a supported browser, such as Firefox or Chrome.
- Use a client-side JavaScript blocker such as noscript on Firefox or Internet Explorer 8 Filters to help protect against XSS, XSRF, and similar exploits.
- Ensure that users have the latest Flash version installed.
Physical security
- Secure physical access to all Splunk servers.
- Ensure that Splunk end users practice sound physical and endpoint security.
- Set a short time-out for Splunk Web user sessions. See Configure timeouts for more information.
More opportunities to secure your configuration
- Use a configuration management tool, such as subversion, to provide version control for Splunk configurations.
- Integrate Splunk configuration changes into your existing change management framework.
- Configure Splunk Enterprise to monitor its own configuration files and alert on changes.
Harden the network port that App Key Value Store uses | Password best practices for administrators |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14
Feedback submitted, thanks!