Installation

splunk 4.1.2 and selinux on RH 5

kmehta
Engager

Hi,

I am trying to start splunk on a server running RH5, and get the belowmessage re: selinux. I have tried adding the line:

export SPLUNK_IGNORE_SELINUX=1

in the file opt/splunk/etc/splunk-launch.conf, but I still get the message. Any suggestions?

Kamal...

/opt/splunk/bin/splunk start

Splunk> Take the sh out of IT.

Checking prerequisites... Checking http port [8000]: open Checking mgmt port [8089]: open Checking configuration... Done. Checking index directory... Done. Checking databases... Validated databases: _audit, _blocksignature, _internal, _thefishbucket, history, main, sample, splunklogger, summary Checking for SELinux.

Command error: Splunk will not run with SELinux enabled. If you have adjusted Splunk's security level with chcon, you can bypass this check by setting the 'SPLUNK_IGNORE_SELINUX' environment variable.

Tags (1)

sdwilkerson
Contributor

Don't forget to also set SELINUX to allow Splunk to operate properly. Here are my notes (very similar to the Splunk Docs btw) on how to do this on RHEL5:

  1. Execute the chcon command on the Splunk lib directory::
    • chcon -c -v -R -u system_u -r object_r -t lib_t $SPLUNK_HOME/lib 2>&1 > /dev/null
  2. Then, disable the check when Splunk starts up by adding the following line to $SPLUNK_HOME/etc/splunk-launch.conf:
    • SPLUNK_IGNORE_SELINUX=1

Genti
Splunk Employee
Splunk Employee
0 Karma

gkanapathy
Splunk Employee
Splunk Employee

use:

SPLUNK_IGNORE_SELINUX=1

the splunk-launch.conf file is not a shell script and export isn't recognized.

kmehta
Engager

Thanks. That works!

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...