0x00 背景
最小化权限原则,为每个功能,每个账户分配最小的权限。
0x01 实践
只需要7个 capability:
You'll need to add certain capabilities to that user or that users's role(s).
capability::rest_apps_management
* Lets a user edit settings for entries and categories in the Python remote
apps handler.
* See restmap.conf.spec for more information.
capability::rest_apps_view
* Lets a user list various properties in the Python remote apps handler.
* See restmap.conf.spec for more info
capability::rest_properties_get
* Lets a user get information from the services/properties endpoint.
capability::rest_properties_set
* Lets a user edit the services/properties endpoint.
capability::rest_access_server_endpoints
* Lets a user run the 'rest' command and access 'services/server/' endpoints.
capability::dispatch_rest_to_indexers
* Lets a user dispatch the REST search command to indexers.
capability::search
* Lets a user run a search.
0x02 reference
https://docs.splunk.com/Documentation/Splunk/latest/admin/authorizeconf