Import Splunk Add-On for Unix and Linux version 9.2.0

default/inputs.conf

@@ -0,0 +1,270 @@
+##
+## SPDX-FileCopyrightText: 2024 Splunk, Inc.
+## SPDX-License-Identifier: LicenseRef-Splunk-8-2021
+##
+##
+
+[script://./bin/vmstat_metric.sh]
+sourcetype = vmstat_metric
+source = vmstat
+interval = 60
+disabled = 1
+
+[script://./bin/iostat_metric.sh]
+sourcetype = iostat_metric
+source = iostat
+interval = 60
+disabled = 1
+
+[script://./bin/ps_metric.sh]
+sourcetype = ps_metric
+source = ps
+interval = 30
+disabled = 1
+
+[script://./bin/df_metric.sh]
+sourcetype = df_metric
+source = df
+interval = 300
+disabled = 1
+
+[script://./bin/interfaces_metric.sh]
+sourcetype = interfaces_metric
+source = interfaces
+interval = 60
+disabled = 1
+
+[script://./bin/cpu_metric.sh]
+sourcetype = cpu_metric
+source = cpu
+interval = 30
+disabled = 1
+
+################################################
+############### Event Inputs ###################
+################################################
+
+[script://./bin/vmstat.sh]
+interval = 60
+sourcetype = vmstat
+source = vmstat
+disabled = 1
+
+[script://./bin/iostat.sh]
+interval = 60
+sourcetype = iostat
+source = iostat
+disabled = 1
+
+[script://./bin/nfsiostat.sh]
+interval = 60
+sourcetype = nfsiostat
+source = nfsiostat
+disabled = 1
+
+[script://./bin/ps.sh]
+interval = 30
+sourcetype = ps
+source = ps
+disabled = 1
+
+[script://./bin/top.sh]
+interval = 60
+sourcetype = top
+source = top
+disabled = 1
+
+[script://./bin/netstat.sh]
+interval = 60
+sourcetype = netstat
+source = netstat
+disabled = 1
+
+[script://./bin/bandwidth.sh]
+interval = 60
+sourcetype = bandwidth
+source = bandwidth
+disabled = 1
+
+[script://./bin/protocol.sh]
+interval = 60
+sourcetype = protocol
+source = protocol
+disabled = 1
+
+[script://./bin/openPorts.sh]
+interval = 300
+sourcetype = openPorts
+source = openPorts
+disabled = 1
+
+[script://./bin/time.sh]
+interval = 21600
+sourcetype = time
+source = time
+disabled = 1
+
+[script://./bin/lsof.sh]
+interval = 600
+sourcetype = lsof
+source = lsof
+disabled = 1
+
+[script://./bin/df.sh]
+interval = 300
+sourcetype = df
+source = df
+disabled = 1
+
+# Shows current user sessions
+[script://./bin/who.sh]
+sourcetype = who
+source = who
+interval = 150
+disabled = 1
+
+# Lists users who could login (i.e., they are assigned a login shell)
+[script://./bin/usersWithLoginPrivs.sh]
+sourcetype = usersWithLoginPrivs
+source = usersWithLoginPrivs
+interval = 3600
+disabled = 1
+
+# Shows last login time for users who have ever logged in
+[script://./bin/lastlog.sh]
+sourcetype = lastlog
+source = lastlog
+interval = 300
+disabled = 1
+
+# Shows stats per link-level Etherner interface (simply, NIC)
+[script://./bin/interfaces.sh]
+sourcetype = interfaces
+source = interfaces
+interval = 60
+disabled = 1
+
+# Shows stats per CPU (useful for SMP machines)
+[script://./bin/cpu.sh]
+sourcetype = cpu
+source = cpu
+interval = 30
+disabled = 1
+
+# This script reads the auditd logs translated with ausearch
+[script://./bin/rlog.sh]
+sourcetype = auditd
+source = auditd
+interval = 60
+disabled = 1
+
+# Run package management tool collect installed packages
+[script://./bin/package.sh]
+sourcetype = package
+source = package
+interval = 3600
+disabled = 1
+
+[script://./bin/hardware.sh]
+sourcetype = hardware
+source = hardware
+interval = 36000
+disabled = 1
+
+[monitor:///Library/Logs]
+disabled = 1
+
+[monitor:///var/log]
+whitelist=(\.log|log$|messages|secure|auth|mesg$|cron$|acpid$|\.out)
+blacklist=(lastlog|anaconda\.syslog)
+disabled = 1
+
+[monitor:///var/adm]
+whitelist=(\.log$|messages)
+disabled = 1
+
+[monitor:///etc]
+whitelist=(\.(conf|cfg|ini|init|cf|cnf|profile|rc|rules|tab|login)$|(config|shrc|tab|policy)$|^ifcfg)
+disabled = 1
+
+### bash history
+[monitor:///root/.bash_history]
+disabled = true
+sourcetype = bash_history
+
+[monitor:///home/*/.bash_history]
+disabled = true
+sourcetype = bash_history
+
+
+
+##### Added for ES support
+# Note that because the UNIX app uses a single script to retrieve information
+# from multiple OS flavors, and is intended to run on Universal Forwarders,
+# it is not possible to differentiate between OS flavors by assigning
+# different sourcetypes for each OS flavor (e.g. Linux:SSHDConfig), as was
+# the practice in the older deployment-apps included with ES. Instead,
+# sourcetypes are prefixed with the generic "Unix".
+
+# May require Splunk forwarder to run as root on some platforms.
+[script://./bin/openPortsEnhanced.sh]
+disabled = true
+interval = 3600
+source = Unix:ListeningPorts
+sourcetype = Unix:ListeningPorts
+
+[script://./bin/passwd.sh]
+disabled = true
+interval = 3600
+source = Unix:UserAccounts
+sourcetype = Unix:UserAccounts
+
+# Only applicable to Linux
+[script://./bin/selinuxChecker.sh]
+disabled = true
+interval = 3600
+source = Linux:SELinuxConfig
+sourcetype = Linux:SELinuxConfig
+
+# Currently only supports SunOS, Linux, OSX.
+# May require Splunk forwarder to run as root on some platforms.
+[script://./bin/service.sh]
+disabled = true
+interval = 3600
+source = Unix:Service
+sourcetype = Unix:Service
+
+# Currently only supports SunOS, Linux, OSX.
+# May require Splunk forwarder to run as root on some platforms.
+[script://./bin/sshdChecker.sh]
+disabled = true
+interval = 3600
+source = Unix:SSHDConfig
+sourcetype = Unix:SSHDConfig
+
+# Currently only supports Linux, OSX.
+# May require Splunk forwarder to run as root on some platforms.
+[script://./bin/update.sh]
+disabled = true
+interval = 86400
+source = Unix:Update
+sourcetype = Unix:Update
+
+[script://./bin/uptime.sh]
+disabled = true
+interval = 86400
+source = Unix:Uptime
+sourcetype = Unix:Uptime
+
+[script://./bin/version.sh]
+disabled = true
+interval = 86400
+source = Unix:Version
+sourcetype = Unix:Version
+
+# This script may need to be modified to point to the VSFTPD configuration file.
+[script://./bin/vsftpdChecker.sh]
+disabled = true
+interval = 86400
+source = Unix:VSFTPDConfig
+sourcetype = Unix:VSFTPDConfig