| 123456789101112131415161718192021 |
- Notes from talking with Fred
- Salt State -> Push cron job + bash script to Minions -> Bash script writes to file -> Splunk UF reads file and indexes it. -> Splunk creates lookup file which compares to a baseline lookup file. Differneces between the two are displayed on a dashboard and can be "approved". the approve button runs a search that will merge the two lookups and updates the baseline.
- Prelinking needs to be turned off
- https://access.redhat.com/solutions/61691
- proc f
- Dashboard is broken need to fix it. Remove the blacklist variable and it will start working.
- app uses SHA256 hashes
- Splunk search containing whitelist
- |inputlookup ProcessLookup
- |inputlookup ProcessLookup | search process=*splunk*
- |inputlookup ProcessLookup | search process=*splunk* | dedup file_hash
- Don't look for salt as a process. It is started with the python process.
|
