We get FIPS compliance error when upgrading to Enterprise Security 6.1.0.
FIPS is not enabled in our environment.
From start using Enterprise 7.1.2 and ES 5.3.0.
Upgrade to Enterprise 8.0.2.1...
See more...
We get FIPS compliance error when upgrading to Enterprise Security 6.1.0.
FIPS is not enabled in our environment.
From start using Enterprise 7.1.2 and ES 5.3.0.
Upgrade to Enterprise 8.0.2.1 first, and then upgrade to ES 6.1.0. (This path should be supported as we understand)
-bash-4.2$ splunk show fips-mode -auth admin:passwd
FIPS mode disabled.
Splunk Enterprise Security Post-Install Configuration
When step 4.4 is running, we get error:
https://docs.splunk.com/Documentation/ES/6.1.0/Install/Upgradetonewerversion
Error in 'essinstall' command: postinstall failed - Error updating FIPS compliance settings. See search.log for details.
Extract from Search.log below
04-01-2020 16:56:21.052 ERROR ChunkedExternProcessor - stderr: msg="Error updating FIPS compliance settings."
04-01-2020 16:56:21.052 ERROR ChunkedExternProcessor - stderr: Traceback (most recent call last):
04-01-2020 16:56:21.052 ERROR ChunkedExternProcessor - stderr: File "/opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/bin/install/deploy_fips_compliant_settings.py", line 142, in deployFips
04-01-2020 16:56:21.052 ERROR ChunkedExternProcessor - stderr: incident_review_lookup_empty = isLookupEmpty(IR_LOOKUP, IR_APP, DEFAULT_OWNER, key)
04-01-2020 16:56:21.052 ERROR ChunkedExternProcessor - stderr: File "/opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/bin/install/deploy_fips_compliant_settings.py", line 74, in isLookupEmpty
04-01-2020 16:56:21.052 ERROR ChunkedExternProcessor - stderr: for lineno, unused_line in enumerate(open(path, 'r', newline=None)):
04-01-2020 16:56:21.052 ERROR ChunkedExternProcessor - stderr: File "/opt/splunk/lib/python3.7/codecs.py", line 322, in decode
04-01-2020 16:56:21.052 ERROR ChunkedExternProcessor - stderr: (result, consumed) = self._buffer_decode(data, self.errors, final)
04-01-2020 16:56:21.052 ERROR ChunkedExternProcessor - stderr: UnicodeDecodeError: 'utf-8' codec can't decode byte 0xa3 in position 37: invalid start byte
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr:
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr: Traceback (most recent call last):
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr: File "/opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/bin/install/deploy_fips_compliant_settings.py", line 142, in deployFips
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr: incident_review_lookup_empty = isLookupEmpty(IR_LOOKUP, IR_APP, DEFAULT_OWNER, key)
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr: File "/opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/bin/install/deploy_fips_compliant_settings.py", line 74, in isLookupEmpty
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr: for lineno, unused_line in enumerate(open(path, 'r', newline=None)):
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr: File "/opt/splunk/lib/python3.7/codecs.py", line 322, in decode
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr: (result, consumed) = self._buffer_decode(data, self.errors, final)
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr: UnicodeDecodeError: 'utf-8' codec can't decode byte 0xa3 in position 37: invalid start byte
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr: During handling of the above exception, another exception occurred:
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr: Traceback (most recent call last):
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr: File "/opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/bin/install/essinstaller2.py", line 331, in _postinstall
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr: deployFips(session_key, logger=self.logger)
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr: File "/opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/bin/install/deploy_fips_compliant_settings.py", line 165, in deployFips
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr: raise Exception('Error updating FIPS compliance settings.')
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr: Exception: Error updating FIPS compliance settings.
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr: During handling of the above exception, another exception occurred:
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr: Traceback (most recent call last):
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr: File "/opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/bin/essinstall.py", line 243, in do_install
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr: output = fn(session_key, True)
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr: File "/opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/bin/install/essinstaller2.py", line 81, in wrapper
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr: r = f(self, *args, **kwargs)
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr: File "/opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/bin/install/essinstaller2.py", line 571, in stage_postinstall
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr: self._postinstall(session_key)
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr: File "/opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/bin/install/essinstaller2.py", line 335, in _postinstall
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr: raise InstallException(str(e))
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - stderr: install.app_install_utils.InstallException: Error updating FIPS compliance settings.
04-01-2020 16:56:21.053 ERROR ChunkedExternProcessor - Error in 'essinstall' command: postinstall failed - Error updating FIPS compliance settings.
We have restarted, selected to enable all Technology Add-on and also disable them all. Error message is always the same.
Sample from essinstaller2.log which might give a hint:
2020-04-01 14:56:21,051+0000 ERROR pid=6614 tid=MainThread file=deploy_fips_compliant_settings.py:deployFips:164 | msg="Error updating FIPS compliance settings."
Traceback (most recent call last):
File "/opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/bin/install/deploy_fips_compliant_settings.py", line 142, in deployFips
incident_review_lookup_empty = isLookupEmpty(IR_LOOKUP, IR_APP, DEFAULT_OWNER, key)
File "/opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/bin/install/deploy_fips_compliant_settings.py", line 74, in isLookupEmpty
for lineno, unused_line in enumerate(open(path, 'r', newline=None)):
File "/opt/splunk/lib/python3.7/codecs.py", line 322, in decode
(result, consumed) = self._buffer_decode(data, self.errors, final)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xa3 in position 37: invalid start byte
2020-04-01 14:56:21,052+0000 ERROR pid=6614 tid=MainThread file=essinstall.py:do_install:261 |
Traceback (most recent call last):
File "/opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/bin/install/deploy_fips_compliant_settings.py", line 142, in deployFips
incident_review_lookup_empty = isLookupEmpty(IR_LOOKUP, IR_APP, DEFAULT_OWNER, key)
File "/opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/bin/install/deploy_fips_compliant_settings.py", line 74, in isLookupEmpty
for lineno, unused_line in enumerate(open(path, 'r', newline=None)):
File "/opt/splunk/lib/python3.7/codecs.py", line 322, in decode
(result, consumed) = self._buffer_decode(data, self.errors, final)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xa3 in position 37: invalid start byte
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/bin/install/essinstaller2.py", line 331, in _postinstall
deployFips(session_key, logger=self.logger)
File "/opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/bin/install/deploy_fips_compliant_settings.py", line 165, in deployFips
raise Exception('Error updating FIPS compliance settings.')
Exception: Error updating FIPS compliance settings.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/bin/essinstall.py", line 243, in do_install
output = fn(session_key, True)
File "/opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/bin/install/essinstaller2.py", line 81, in wrapper
r = f(self, *args, **kwargs)
File "/opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/bin/install/essinstaller2.py", line 571, in stage_postinstall
self._postinstall(session_key)
File "/opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/bin/install/essinstaller2.py", line 335, in _postinstall
raise InstallException(str(e))
install.app_install_utils.InstallException: Error updating FIPS compliance settings.