Some best practices for your servers and operating system
To maximize security, harden the operating system on all computers where you run Splunk software.
- If your organization does not have internal hardening standards, consult the CIS hardening benchmarks.
- As a minimum, limit shell/command line access to your Splunk servers.
- Configure redundant Splunk instances, both indexing a copy of the same data.
- Backup Splunk data and configurations, regularly.
- Execute a periodic recovery test by attempting to restore Splunk Enterprise from backup.
- Verify your Splunk download using a hash function such as MD5 to compare the hashes. For example:
./openssl dgst md5 <filename-splunk-downloaded.zip>
- Use a current version of a supported browser, such as Firefox or Chrome.
- Secure physical access to all Splunk servers.
- Ensure that Splunk end users practice sound physical and endpoint security.
- Set a short time-out for Splunk Web user sessions. See Configure timeouts for more information.
More opportunities to secure your configuration
- Use a configuration management tool, such as subversion, to provide version control for Splunk configurations.
- Integrate Splunk configuration changes into your existing change management framework.
- Configure Splunk Enterprise to monitor its own configuration files and alert on changes.
Harden your KV store port
Use access control to secure Splunk data
This documentation applies to the following versions of Splunk® Enterprise: 8.2.0, 8.2.1, 8.2.2