All Apps and Add-ons
Highlighted

Does Website Monitoring app work with FIPS 140-2 mode?

New Member

Do you know if the Website Monitoring app works with FIPS mode enabled for Splunk? The monitor worked fine until I enabled FIPS mode in Splunk. At the point FIPS was enabled, the monitor stopped logging monitors.

Website Monitoring stops working when FIPS mode is enabled

Tags (2)
0 Karma
Highlighted

Re: Does Website Monitoring app work with FIPS 140-2 mode?

Splunk Employee
Splunk Employee

According to the docs: "The FIPS module disables the use of some cryptographic algorithms in the instance of Python that Splunk software uses to run apps (such as md5 and rc4)" - if the app uses them then it is not compatible with FIPS mode.

As an aside, usually you need to enable FIPS mode at install time, rather than enabling it later.

0 Karma
Highlighted

Re: Does Website Monitoring app work with FIPS 140-2 mode?

Splunk Employee
Splunk Employee

To elaborate... I believe that the certificates generated in FIPS mode are different, so FIPS mode should be enabled before the first startup. Enabling later may cause data not to be sent between your Splunk servers as the certificates will not be valid, you should see errors in splunkd.log.

0 Karma

Re: Does Website Monitoring app work with FIPS 140-2 mode?

Champion

The app generates hashes of the content which is likely failing (one of them is MD5). I believe I can make the work by disabling the hashes that are non-compliant with FIPS mode (i.e. including SHA hashes only).

I opened a ticket for this: http://lukemurphey.net/issues/1656

0 Karma