UPDATE 2022-11-12, See https://www.duanewaddle.com/splunk-uf-9-0-and-posix-capabilities/ I seem to catch myself talking about this a lot in Slack, so I’m just going to write it all down here and refer people to it. A common issue for Splunk deployments is how to securely deploy the Universal Forwarder. Best practice says “don’t run anything as root that doesn’t […]