Installation
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk with Redhat 8 and SELinux

sbloom67
Observer
‎08-19-2021 01:27 PM

Hi All, We have an install of Splunk on Redhat 8 with SELinux on as enforcing.  Well all of the services start but the webpage for splunk does not work while SELinux is enforcing.  If I simply turn off SELinux and reboot everything works great.  My question is, what SELinux modules either need to be turn off specifically or do I have to do a SELinux chcon (Change context) on what files and set them to what.  If anyone has had to do this and can help, I would appreciate it.  Thanks

Labels (2)
Labels
0 Karma
Reply

harsmarvania57
Ultra Champion
‎08-20-2021 03:27 AM

Hi,

What is your splunk web port, default 8000 ? Generally I have seen that selinux is not causing any issue with splunk but if you are using some other ports which is not allowed by selinux then it may create problem.

0 Karma
Reply

sbloom67
Observer
‎08-20-2021 08:39 AM

I also just checked with semanage that port 8443 is also allowed with the content of http_port_t.  so that should be good with selinux

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎08-20-2021 10:38 AM

I haven't RHEL 8 on my hands now, but if I recall right there is also firewall running and you must enable needed ports with it. Also (as you said) you must use semange to allow those ports.

r. Ismo

0 Karma
Reply

sbloom67
Observer
‎08-20-2021 08:29 AM

i believe it was changed from port 8000 to 8443.  It works fine if u turn off SELINUX

 

Any suggestions ???

0 Karma
Reply

ephemeric
Contributor
‎08-23-2021 04:44 AM

As root:

`semanage port -l | grep 8443` and check the output.

`grep "8443" /var/log/audit/audit.log`.

If you get "denied" on port 8443 in the log, there is the problem. Splunk is not allowed to bind to port 8443 as per policy. One can fix that easily enough.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...