About working with SELinux on a Common Criteria-compliant Splunk Enterprise instance
Security-enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies. Enabling and enforcing SELinux policies is one of the critical security enhancements needed to secure the underlying platform and and is mandatory for meeting Common Criteria Recognition Agreement (CCRA) standards.
To facilitate your Common Criteria configuration, Splunk Enterprise provides a SELinux package that you must install for Splunk Enterprise to operate in Common Criteria mode.
- Splunk Enterprise only supports the use of this specific package for Common Criteria.
- Splunk does not support SELinux for any other use with Splunk Enterprise.
Use this manual to install the special Splunk Enterprise SELinux package and configure Splunk Enterprise in Common Criteria mode on the SELinux platform only. This manual does not discuss SELinux itself in any manner.
Since SELinux is an open source platform, there is a wealth of information available regarding what SELinux does and how to troubleshoot it. You might want familiarize yourself with SELinux before and during your Common Criteria efforts and keep documentation handy for reference and troubleshooting. Following are some free resources that can help you work with and troubleshoot SELinux:
| About Common Criteria for Splunk Enterprise | Install the Common Criteria-compliant Splunk Enterprise and SELinux policy packages |
This documentation applies to the following versions of Splunk® Enterprise: 7.3.3, 7.3.4, 8.1.1, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4
Download manual
Feedback submitted, thanks!