ChrisYounger
commented
1 year ago This would be quite tricky to implement in a secure way. I will have a think about it, but in the meantime I would suggest you minimise the risk of changes by using version control (such as https://splunkbase.splunk.com/app/4182 ). This is what we do in our production environment. We configured Git Version Control for Splunk to alert to our Slack channel hourly with all the files that changed. This is then reviewed by our senior engineer/s who check nothing unusual is being changed. It works well for us.
This add-on is excellent and I really appreciate the amazing ease it brings to my developers in catching errors and fixing them early on through sytax highlighting and btool checks. But I was worried about the way this add-on gives unrestricted access to the splunk's platform configuration files such as server.conf or authorize.conf.
Can we have some kind of parameters to hide these directories or files from the day to day users and developers please ?