Splunk Policy
Schincke, Keith D. (JSC-IT)[DB Consulting Group, Inc.]
keith.d.schincke at nasa.gov
Wed Aug 28 17:04:29 UTC 2013
Did you have any errors recorded in your splunkd.log file?
Keith Schincke CAP, LPIC-1, RHCA, RHCSS
Team Lead IT Security System Administration, ITAMS
Building 46, Room 110A
email to: keith.d.schincke at nasa.gov
281-244-0183 Office 832-205-1534 Mobile
281-244-5708 Fax
ITAMS - Information Technology And Multimedia Services Contract
"One Team, One Vision >> Partnered For Innovative Solutions"
From: selinux-bounces at lists.fedoraproject.org [mailto:selinux-bounces at lists.fedoraproject.org] On Behalf Of Robert Gabriel
Sent: Wednesday, August 28, 2013 11:53 AM
To: selinux at lists.fedoraproject.org
Subject: Splunk Policy
Greetz,
So I have cobbled together a basic policy for Splunk residing
in /opt/splunkdashboards/.
I followed Dan's blog to do the basics.
So I've added all the AVC messages to the splunkdashboards.te and restarted
Splunk with run_init...
Now, no more AVC messages but after a few seconds Splunk crashes.
Nothing in the debug log.
There is a crash log, seems to be a different thread each time crashing.
If I use the browser UI to work with Splunk, it does a few tasks then something about
"Helper process is in an unknown state due to previous failure"
and then bang!
Seems to be thread permissions?
I'm lost, nothing in the log and no more AVC messages, where to from here?
I have tried so hard so far, I don't want to be a coward now and hit "setenforce 0".
I must learn how to do this.
I'm unsure as to mailing list etiquette, do I post all the policy files, Splunk log etc.?
Please advise.
Any help appreciated, thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20130828/ada70988/attachment.html>
More information about the selinux
mailing list