If the SELinux mechanism is enabled on a host with a filter node, it may interfere with the filter node, rendering it inoperable:
- The filter node's RPS (requests per second) and APS (attacks per second) values will not be exported to the Wallarm cloud.
- It will not be possible to export filter node metrics to monitoring systems via the TCP protocol (see “Monitoring the Filter Node”).
SELinux is installed and enabled by default on RedHat-based Linux distributions (e.g., CentOS or Amazon Linux 2). SELinux can also be installed on other Linux distributions, such as Debian or Ubuntu.
It is mandatory to either disable SELinux or configure SELinux so it does not disrupt the filter node operation.
Execute the following command:
Examine the output:
SELinux status: enabled
SELinux status: disabled
collectd utility to use a TCP socket to make the filter node operable with SELinux enabled. To do so, execute the following command:
# setsebool -P collectd_tcp_network_connect 1
Check if the aforementioned command executed successfully by running the following command:
# semanage export | grep collectd_tcp_network_connect The output should contain this string: boolean -m -1 collectd_tcp_network_connect
To set SELinux to a disabled state
- either execute the
setenforce 0command (SELinux will be disabled until the next reboot) or
- set the value of the
/etc/selinux/configfile, then reboot (SELinux will be disabled permanently).