0x00 背景
最小化权限原则,为每个功能,每个账户分配最小的权限。
0x01 实践
只需要7个 capability:
You'll need to add certain capabilities to that user or that users's role(s).
[capability::rest_apps_management]
* Lets a user edit settings for entries and categories in the Python remote
apps handler.
* See restmap.conf.spec for more information.
[capability::rest_apps_view]
* Lets a user list various properties in the Python remote apps handler.
* See restmap.conf.spec for more info
[capability::rest_properties_get]
* Lets a user get information from the services/properties endpoint.
[capability::rest_properties_set]
* Lets a user edit the services/properties endpoint.
[capability::rest_access_server_endpoints]
* Lets a user run the 'rest' command and access 'services/server/' endpoints.
[capability::dispatch_rest_to_indexers]
* Lets a user dispatch the REST search command to indexers.
[capability::search]
* Lets a user run a search.
0x02 reference
https://docs.splunk.com/Documentation/Splunk/latest/admin/authorizeconf