Splunk® Enterprise

Securing Splunk Enterprise

Download manual as PDF

Download topic as PDF

Install Splunk Enterprise securely

To install Splunk Enterprise securely, you must have an installation package that you have confirmed is authentic and has not been modified in any way since Splunk created it. Splunk provides a Message Digest 5 (MD5) secure hash for every package it generates. You can download this hash to quickly verify that the package you downloaded is authentic and has not been changed since its creation.

You can also compare the Secure Hash Algorithm-512 (SHA-512) hashes by opening a case with Splunk Support.

Prerequisites for verifying package integrity

You must have the following to verify the contents of packages you download:

  • The md5sum program, which prints the hash of the file that you supply, and comes with most versions of Linux. On Windows, you can use the certutil tool to verify MD5 hashes.
  • Alternatively, the sha512sum program prints SHA512 hashes for the file that you supply.
  • The MD5 or SHA512 hashes, in text format, which Splunk provide
  • Access to a shell prompt

Verify installation package integrity

After you download the Splunk Enterprise package, verify it by using a trusted version of the OpenSSL suite to compare the MD5 or SHA-512 hashes to the hash of the installation package. If the hash of the package you downloaded matches the hash that Splunk provides, then you have downloaded a valid, secure installation package and can proceed with installation.

Download Splunk Enterprise installation package and MD5 hash

Confirm that you download the MD5 hash that exactly matches the version of installation package that you downloaded. Downloading a different file results in the hashes not matching.

  1. Go to the Splunk.com download page.
  2. Click Splunk Enterprise.
  3. Click the tab for the operating system that you want to download Splunk software.
  4. Click the Download Now link for the OS version and installation package type that you want to install with.
  5. On the next page that loads, read the Splunk Software License Agreement.
  6. Click the I have read, understood, and hereby accept the Splunk Software License Agreement checkbox.
  7. Click Start your download now. The page refreshes and the download begins.
  8. On the next page that loads, in the Useful tools box, click MD5 to verify. A second file, the MD5 hash, begins to download.
  9. After both downloads finish, complete the "Verify hashes" procedure.

Download Splunk Enterprise installation package and request SHA512 hash from Splunk Support

  1. Complete Steps 1 through 7 of the "Download Splunk Enterprise installation package and MD5 hash" procedure.
  2. Open a case with Splunk Support to receive the SHA512 hash. When you open the case, provide a link to the version, operating system, and type of installation package you downloaded.
  3. After you receive a link to the hash, follow the link to download it.
  4. After the package and SHA512 hash downloads finish, complete the "Verify hashes" procedure.

Verify hashes

After you download the package, verify it by running either the md5sum or sha512sum utilities:

  1. Open a shell prompt.
  2. Change to the directory where you downloaded the installation package and the MD5 hash.
  3. Print the contents of the hash file that you downloaded:
    MD5 SHA512
    cat splunk-xxxx-release.tgz.md5
    
    cat splunk-xxxx-release.tgz.sha512
    
  4. Run the md5sum or sha512sum tool on the installation package that you downloaded:
    MD5 SHA512
    md5sum splunk-xxxx-release.tgz.md5
    
    sha512sum splunk-xxxx-release.tgz.sha512
    
  5. Compare the output from the MD5 or SHA512 hash file against the result from the md5sum or sha512sum utilities.
  6. If the hashes match exactly, then the package you downloaded is authentic and has not been modified. You can continue with installation.
  7. If the hash does not match, then either the package you downloaded has been modified. Retry the download.

Verify Signatures

You can verify the authenticity of the downloaded RPM package using the Splunk GnuPG Public key as follows

  1. Download the GnuPG Public key file (yes, this link is over TLS).
  2. Install the GnuPG public key:
    rpm --import <filename>
    
  3. Verify the package signature using:
    rpm -K <filename>
    

Proceed with installation from your authenticated installation package

After you have successfully verified your installation package as authentic, you can proceed with installation.

PREVIOUS
How to secure and harden your Splunk software installation
  NEXT
Create secure administrator credentials

This documentation applies to the following versions of Splunk® Enterprise: 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.14, 6.2.15, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.3.0, 7.3.1


Comments

SHA512 hash is not available for verification - only MD5. Please supply the SHA512 hash for verification on your download page.

Scottprigge
February 8, 2016

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters