Install Splunk Enterprise securely
Verify integrity and signatures for your Splunk Installation when you download and install Splunk Enterprise.
Verify Integrity
Verify your Splunk Enterprise installation download using hash functions such as Message Digest 5 (MD5) and Secure Hash Algorithm-512 (SHA-512) to compare the hash fingerprints. Use a trusted version of OpenSSL.
MD5 validation
This procedure helps you compare the MD5 hash of the installation file you download from the Splunk website against the expected hash of the file. The tools you use to compare the files might be different based on the operating system that you run. You might need to download these tools before verifying the MD5 hash.
- Download the installation package for the platform and version of Splunk software that you want.
- On the "Thank you for downloading" page, click the link to the MD5 hash file for this package.
- Open a shell prompt or Terminal window.
- Print the contents of the MD5 hash file.
cat splunk-x.x.x-xxxxxxxxxxxx-Linux-x86-64.tgz.md5 MD5 (splunk-x.x.x-xxxxxxxxxxxx-Linux-x86_64.tgz) = c63c869754d420bb62f04f4096877481
- Run the
md5
tool against the installer package.md5 splunk-x.x.x-xxxxxxxxxxxx-Linux-x86-64.tgz MD5 (splunk-x.x.x-xxxxxxxxxxxx-Linux-x86_64.tgz) = c63c869754d420bb62f04f4096877481
- Compare the output of both commands.
- If the hashes match, then you have confirmed that the installation package that you downloaded is the same as what is on the splunk.com website.
SHA512 validation
To compare the SHA512 hash of the installation file you download from the Splunk website against the expected hash of the file:
- Check if the SHA comparison tool is already installed on your operating system.
- Download the installation package for the platform and version of Splunk software that you want.
- On the "Thank you for downloading" page, select and copy the link to the installer package. For example:
- Append SHA512 to the end of the file extension in the link. For example:
- Paste the link into a web browser to download the SHA512 hash file.
- Verify the Splunk installation package and hash file are in the same location.
- Run your SHA comparison tool against the hash file.
- If the tool confirms that the hash matches the installation package, then you have confirmed that the installation package you downloaded is the same as the splunk.com hosted package.
Verify Signatures
Verify the authenticity of the downloaded RPM package by using the Splunk GnuPG Public key. The signature only applies to the RPM package. For all other package types, use the checksum files.
- Download the GnuPG Public key file. (This link implements Transport Layer Security (TLS)).
- Install the key.
rpm --import <filename>
- Verify the package signature.
rpm -K <filename>
Example:
$ rpm -K splunk-8.0.0-1357bef0a7f6-linux-2.6-x86_64.rpm
splunk-8.0.0-1357bef0a7f6-linux-2.6-x86_64.rpm: rsa sha1 (md5) pgp md5 OKSecure your system before you install Splunk Enterprise | More ways to secure Splunk Enterprise |
This documentation applies to the following versions of Splunk® Enterprise: 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2, 9.4.0
Feedback submitted, thanks!