| CARVIEW |
Securing Splunk Enterprise
- Install Splunk Enterprise securely
- Secure your admin account
- About TLS encryption and cipher suites
- Securing Splunk Enterprise with FIPS
- About default certificate authentication
- Secure Splunk Enterprise on your network
- Disable unnecessary Splunk Enterprise components
- Secure Splunk Enterprise service accounts
- Deploy secure passwords across multiple servers
- Harden the network port that App Key Value Store uses
- Some best practices for your servers and operating system
- Use access control to secure Splunk data
- About user authentication
- About configuring role-based user access
- About defining roles with capabilities
- Add and edit roles with Splunk Web
- Add and edit roles with authorize.conf
- Configure access to manager consoles and apps in Splunk Enterprise
- Find existing users and roles
- Delete all user accounts
- Secure access for Splunk knowledge objects
- Use network access control lists to protect your deployment
- Set up user authentication with LDAP
- Manage Splunk user roles with LDAP
- LDAP prerequisites and considerations
- Secure LDAP authentication with transport layer security (TLS) certificates
- How the Splunk platform works with multiple LDAP servers for authentication
- Configure LDAP with Splunk Web
- Map LDAP groups to Splunk roles in Splunk Web
- Configure LDAP with the configuration file
- Map LDAP groups and users to Splunk roles using configuration files
- Test your LDAP configuration on Splunk Enterprise
- Change authentication schemes from native to LDAP on Splunk Enterprise
- Remove an LDAP user safely on Splunk Enterprise
- Configure single sign-on with SAML
- Configure SSO with PingIdentity as your SAML identity provider
- Configure SSO with Okta as your identity provider
- Configure SSO with Microsoft Azure AD or AD FS as your Identity Provider
- Configure SSO with OneLogin as your identity provider
- Configure SSO with Optimal as your identity provider
- Configure SSO in Computer Associates (CA) SiteMinder
- Secure SSO with TLS certificates
- Configuring SAML in a search head cluster
- Configure Ping Identity with leaf or intermediate SSL certificate chains
- Configure SAML SSO for other IdPs
- Configure advanced settings for SSO
- Map groups on a SAML identity provider to Splunk roles
- Modify or remove role mappings
- Configure SAML SSO in the configuration files
- Troubleshoot SAML SSO
- Splunk Enterprise Down After Successfully Installe...
- Enterprise Security installation - index=notable n...
- Enterprise Security app
- How to install enterprise security app on Splunk c...
- Splunk enterprise security-is there a way to execu...
- Error message in Enterprise Security
- About installing Splunk Enterprise Security
- Splunk App for Enterprise Security Installation?
- How to install Enterprise Security, licensing and ...
- Error while installing Splunk Enterprise security
Install Splunk Enterprise securely
To install Splunk Enterprise securely, you must have an installation package that you have confirmed is authentic and has not been modified in any way since Splunk created it. Splunk provides a Message Digest 5 (MD5) secure hash for every installation package that it generates. You can download this hash to quickly verify that the package you downloaded is authentic and has not been changed since its creation.
You can also compare the Secure Hash Algorithm-512 (SHA-512) hashes for the installation package by opening a case with Splunk Support.
Prerequisites for verifying installation package integrity
You must have the following to verify the contents of packages that you download from Splunk:
- The
md5sumprogram, which prints the hash of the file that you supply, and comes with most versions of Linux. On Windows, you can use thecertutiltool to verify MD5 hashes. - Alternatively, the
sha512sumprogram prints SHA512 hashes for the file that you supply. - The MD5 or SHA512 hash files, in text format, which Splunk provide
- Access to a shell prompt
Verify installation package integrity
After you download the Splunk Enterprise package, verify it by using a trusted version of the OpenSSL suite to compare the MD5 or SHA-512 hashes to the hash of the installation package. If the hash output for the package you downloaded matches the hash file that Splunk provides, then you have downloaded a valid, secure installation package and can proceed with installation.
Download Splunk Enterprise installation package and MD5 hash
Confirm that you download the MD5 hash file that exactly matches the version of the installation package that you downloaded. Downloading a different version of the file results in the hashes not matching.
- Go to the Splunk.com download page.
- Under Splunk Enterprise, select Get my free trial.
- Under Start your free download, select Log in if you already have a splunk.com account, or enter your information into the text fields to create a splunk.com account.
- Log into your splunk.com account with your credentials.
- Select the tab for the operating system for which you want to download Splunk software.
- Select the Download Now link for the OS version and installation package type that you want to install with.
- On the next page that loads, read the Splunk Software License Agreement.
- Select the I have read, understood, and hereby agree to the above Agreement checkbox.
- Select Access program. The page refreshes and the download begins.
- On the next page that loads, in the Useful tools box, select MD5 to verify. A second file, the MD5 hash file, begins to download.
- After both downloads finish, complete the "Verify hashes" procedure as described later in this topic.
Download Splunk Enterprise installation package and request SHA512 hash from Splunk Support
- Complete Steps 1 through 10 of the "Download Splunk Enterprise installation package and MD5 hash" procedure.
- Open a case with Splunk Support to receive the SHA512 hash file. When you open the case, provide a link to the version, operating system, and type of installation package you downloaded.
- After you receive a link to the hash file, follow the link to download it.
- After the package and SHA512 hash downloads finish, complete the "Verify hashes" procedure.
Verify hashes
After you download the package, verify it by running either the md5sum or sha512sum utilities:
- Open a shell prompt.
- Change to the directory where you downloaded the installation package and the MD5 hash.
- Print the contents of the hash file that you downloaded:
MD5 SHA512 cat splunk-xxxx-release.tgz.md5
cat splunk-xxxx-release.tgz.sha512
- Run the
md5sumorsha512sumtool on the installation package that you downloaded:MD5 SHA512 md5sum splunk-xxxx-release.tgz
sha512sum splunk-xxxx-release.tgz
- Compare the output from the MD5 or SHA512 hash file against the result from the
md5sumorsha512sumutilities. - If the hashes match exactly, then the package you downloaded is authentic and you can continue with the installation. If the hash does not match, try downloading the package again as it is incomplete or has possibly been modified.
Verify signatures
If you choose to install Splunk Enterprise using a RedHat Package Manager (RPM) installation package file, you can verify that package using the Splunk GnuPG Public key as follows.
- Download the GnuPG Public key file (yes, this link is over TLS).
- Install the GnuPG public key:
rpm --import <filename>
- Verify the package signature using:
rpm -K <filename>
Proceed with installation from your authenticated installation package
After you have successfully verified your installation package as authentic, you can proceed with installation.
See Installation instructions in the Installation Manual.
| How to secure and harden your Splunk software installation | Secure your admin account |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.3.4, 9.4.0, 9.4.1, 9.4.2
Comments
Download manual
You must be logged into splunk.com in order to post comments. Log in now.
Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.
Your Comment Has Been Posted Above
Feedback submitted, thanks!