Configuring SELinux¶
If the SELinux mechanism is enabled on a host with a filter node, it may interfere with the filter node, rendering it inoperable:
-
The filter node's RPS (requests per second) and APS (attacks per second) values will not be exported to the Wallarm cloud.
-
It will not be possible to export filter node metrics to monitoring systems via the TCP protocol (see “Monitoring the Filter Node”).
SELinux is installed and enabled by default on RedHat‑based Linux distributions (e.g., CentOS or Amazon Linux 2.0.2021x and lower). SELinux can also be installed on other Linux distributions, such as Debian or Ubuntu.
It is mandatory to either disable SELinux or configure SELinux so it does not disrupt the filter node operation.
Check SELinux Status¶
Execute the following command:
Examine the output:
-
SELinux status: enabled
-
SELinux status: disabled
Configure SELinux¶
Allow the collectd
utility to use a TCP socket to make the filter node operable with SELinux enabled. To do so, execute the following command:
Check if the aforementioned command executed successfully by running the following command:
The output should contain this string:
Disable SELinux¶
To set SELinux to a disabled state
-
either execute the
setenforce 0
command (SELinux will be disabled until the next reboot) or -
set the value of the
SELINUX
variable todisabled
in the/etc/selinux/config
file, then reboot (SELinux will be disabled permanently).