Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About sd306
sd306
Explorer
Member since:
03-12-2018
11-03-2022
Community Statistics
| Posts | 6 |
| Solutions | 1 |
| Karma Given | 0 |
| Karma Received | 7 |
| Member Since | 03-12-2018 |
Activity Feed
- Got Karma for Re: How do I script install Splunk 7.0.2 on CentOS 7 64 bit (THP, ulimit, permissions, ports, and inputs settings)?. 10-23-2023 07:31 PM
- Got Karma for Re: How do I script install Splunk 7.0.2 on CentOS 7 64 bit (THP, ulimit, permissions, ports, and inputs settings)?. 08-11-2022 08:24 PM
- Got Karma for Re: How do I script install Splunk 7.0.2 on CentOS 7 64 bit (THP, ulimit, permissions, ports, and inputs settings)?. 06-05-2020 12:49 AM
- Got Karma for Re: How do I script install Splunk 7.0.2 on CentOS 7 64 bit (THP, ulimit, permissions, ports, and inputs settings)?. 06-05-2020 12:49 AM
- Got Karma for Re: How do I script install Splunk 7.0.2 on CentOS 7 64 bit (THP, ulimit, permissions, ports, and inputs settings)?. 06-05-2020 12:49 AM
- Got Karma for Re: How do I script install Splunk 7.0.2 on CentOS 7 64 bit (THP, ulimit, permissions, ports, and inputs settings)?. 06-05-2020 12:49 AM
- Got Karma for Re: How do I script install Splunk 7.0.2 on CentOS 7 64 bit (THP, ulimit, permissions, ports, and inputs settings)?. 06-05-2020 12:49 AM
- Posted Re: How do I script install Splunk 7.0.2 on CentOS 7 64 bit (THP, ulimit, permissions, ports, and inputs settings)? on Deployment Architecture. 02-27-2019 07:58 AM
- Posted Re: How do I script install Splunk 7.0.2 on CentOS 7 64 bit (THP, ulimit, permissions, ports, and inputs settings)? on Deployment Architecture. 07-09-2018 10:09 AM
- Posted Re: How do I script install Splunk 7.0.2 on CentOS 7 64 bit (THP, ulimit, permissions, ports, and inputs settings)? on Deployment Architecture. 03-12-2018 12:10 PM
- Posted Re: How do I script install Splunk 7.0.2 on CentOS 7 64 bit (THP, ulimit, permissions, ports, and inputs settings)? on Deployment Architecture. 03-12-2018 11:48 AM
- Posted Re: How do I script install Splunk 7.0.2 on CentOS 7 64 bit (THP, ulimit, permissions, ports, and inputs settings)? on Deployment Architecture. 03-12-2018 11:11 AM
- Posted How do I script install Splunk 7.0.2 on CentOS 7 64 bit (THP, ulimit, permissions, ports, and inputs settings)? on Deployment Architecture. 03-12-2018 10:50 AM
- Tagged How do I script install Splunk 7.0.2 on CentOS 7 64 bit (THP, ulimit, permissions, ports, and inputs settings)? on Deployment Architecture. 03-12-2018 10:50 AM
- Tagged How do I script install Splunk 7.0.2 on CentOS 7 64 bit (THP, ulimit, permissions, ports, and inputs settings)? on Deployment Architecture. 03-12-2018 10:50 AM
- Tagged How do I script install Splunk 7.0.2 on CentOS 7 64 bit (THP, ulimit, permissions, ports, and inputs settings)? on Deployment Architecture. 03-12-2018 10:50 AM
- Tagged How do I script install Splunk 7.0.2 on CentOS 7 64 bit (THP, ulimit, permissions, ports, and inputs settings)? on Deployment Architecture. 03-12-2018 10:50 AM
- Tagged How do I script install Splunk 7.0.2 on CentOS 7 64 bit (THP, ulimit, permissions, ports, and inputs settings)? on Deployment Architecture. 03-12-2018 10:50 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
02-27-2019
07:58 AM
You're welcome! I also created one for signing certs with your own CA, but may not post that until later.
... View more
07-09-2018
10:09 AM
Sandeeprachuri,
You're welcome! I actually am working on some other simple scripts to create index clusters, etc.
While I don't have a RHEL 7 system to test, I don't believe any change is needed. THP used to be located in different areas on CentOS and RHEL 6, but now I believe they are the same on CentOS and RHEL 7.
Please test this on test RHEL 7 64 server and report back!
Thanks,
SD306
... View more
03-12-2018
12:10 PM
How-to:
1. Login as root
2. Create a file called "removeSplunk702.sh" in your home directory using the command: vi removeSplunk702.sh
3. Press "i" when you are in "vi" to insert text. Copy and paste the below script into the window:
#!/bin/bash
echo
echo '##############################################'
echo '# #'
echo '# Welcome to the Splunk 7.0.2 auto- #'
echo '# uninstaller for CentOS 7 x64. #'
echo '# This should ONLY be used to remove Splunk #'
echo '# 7.0.2 that was installed with the auto- #'
echo '# installer. #'
echo '# Last updated 03/12/2018. #'
echo '# Press enter TWICE to remove Splunk 7.0.2. #'
echo '# #'
echo '##############################################'
echo
read -p ""
read -p ""
if [[ ! -f /opt/splunk/bin/splunk ]] ; then
echo Splunk is not installed, removal aborted.
exit 1
fi
/opt/splunk/bin/splunk stop --accept-license
echo
echo Splunk stopped.
echo
/opt/splunk/bin/splunk disable boot-start
echo
echo Splunk boot-start disabled.
echo
runuser -l splunk -c 'ulimit -u 4096'
userdel -rf splunk
echo
echo Removed splunk linux user.
echo
rm -rf /opt/splunk
echo
echo Removed Splunk folders.
echo
systemctl stop disable-thp
systemctl disable disable-thp
rm -rf /etc/systemd/system/disable-thp.service
systemctl daemon-reload
echo "always" > /sys/kernel/mm/transparent_hugepage/enabled
echo "always" > /sys/kernel/mm/transparent_hugepage/defrag
echo
echo "Enabled Transparent Huges Pages (THP)."
echo
ulimit -n 1024
sed -i '/DefaultLimitFSIZE=-1/d' /etc/systemd/system.conf
sed -i '/DefaultLimitNOFILE=65535/d' /etc/systemd/system.conf
sed -i '/DefaultLimitNPROC=20480/d' /etc/systemd/system.conf
echo
echo Set ulimit settings to default.
echo
afz=`firewall-cmd --get-active-zone | head -1`
firewall-cmd --zone=$afz --remove-port=8000/tcp --permanent
firewall-cmd --zone=$afz --remove-port=8089/tcp --permanent
firewall-cmd --zone=$afz --remove-port=8191/tcp --permanent
firewall-cmd --zone=$afz --remove-port=9997/tcp --permanent
firewall-cmd --zone=$afz --remove-port=8080/tcp --permanent
firewall-cmd --zone=$afz --remove-port=10514/udp --permanent
firewall-cmd --reload
echo
echo "Firewall ports used by Splunk closed."
echo
if [[ ! -f /opt/splunk/bin/splunk ]]
then
echo Splunk Enterprise has been removed successfully.
echo
else
echo Splunk Enterprise removal has FAILED!
echo
fi
#End of File
Continued from above:
4. Press "esc" key once.
5. Hold "Shift" and press "z" twice to save.
6. Run the following command to make the script executable: chmod 700 removeSplunk702.sh
7. Then run the script using: ./removeSplunk702.sh
Suggestions/Questions?
... View more
03-12-2018
11:48 AM
Thanks self. Now how would I remove it automatically?
... View more
03-12-2018
11:11 AM
7 Karma
Hello self,
You can use the following automated shell script for CentOS 7 64 bit ONLY 😉
Features:
-Installs wget and downloads the Splunk installer from the web.
-Disables THP.
-Sets ulimit.
-Installs Splunk 7.0.2 on CentOS 7 64 bit ONLY, automatically.
-Creates Linux user "splunk" and sets password.
-Sets proper permissions.
-Opens firewall ports.
-Creates SplunkTCP input over 9997.
-Create UDP input over 10514.
-Adjusts splunk-launch.conf to mitigate privilege escalation attack.
How-to:
1. Login as root
2. Create a file called "installSplunk702.sh" in your home directory using the command: vi installSplunk702.sh
3. Press "i" when you are in "vi" to insert text. Copy and paste the below script into the window:
#!/bin/bash
echo
echo '##############################################'
echo '# #'
echo '# Welcome to the Splunk 7.0.2 auto-installer #'
echo '# for CentOS 7 x64. #'
echo '# Last updated 03/12/2018. #'
echo '# Enter the "splunk" linux user account #'
echo '# password and press enter to let the magic #'
echo '# happen. Note: You will change the Splunk #'
echo '# Web admin password upon first login. #'
echo '# #'
echo '##############################################'
echo
read splunkPassword
echo
echo "never" > /sys/kernel/mm/transparent_hugepage/enabled
echo "never" > /sys/kernel/mm/transparent_hugepage/defrag
echo "[Unit]" > /etc/systemd/system/disable-thp.service
echo "Description=Disable Transparent Huge Pages" >> /etc/systemd/system/disable-thp.service
echo "" >> /etc/systemd/system/disable-thp.service
echo "[Service]" >> /etc/systemd/system/disable-thp.service
echo "Type=simple" >> /etc/systemd/system/disable-thp.service
echo 'ExecStart=/bin/sh -c "echo never > /sys/kernel/mm/transparent_hugepage/enabled && echo never > /sys/kernel/mm/transparent_hugepage/defrag"' >> /etc/systemd/system/disable-thp.service
echo "Type=simple" >> /etc/systemd/system/disable-thp.service
echo "" >> /etc/systemd/system/disable-thp.service
echo "[Install]" >> /etc/systemd/system/disable-thp.service
echo "WantedBy=multi-user.target" >> /etc/systemd/system/disable-thp.service
systemctl daemon-reload
systemctl start disable-thp
systemctl enable disable-thp
echo
echo "Transparent Huge Pages (THP) Disabled."
echo
ulimit -n 64000
ulimit -u 20480
echo "DefaultLimitFSIZE=-1" >> /etc/systemd/system.conf
echo "DefaultLimitNOFILE=64000" >> /etc/systemd/system.conf
echo "DefaultLimitNPROC=20480" >> /etc/systemd/system.conf
echo
echo "ulimit Increased."
echo
yum install wget -y
cd /tmp
wget -O splunk-7.0.2-03bbabbd5c0f-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.0.2&product=splunk&filename=splunk-7.0.2-03bbabbd5c0f-Linux-x86_64.tgz&wget=true'
echo
echo "Splunk Downloaded."
echo
tar -xzvf /tmp/splunk-7.0.2-03bbabbd5c0f-Linux-x86_64.tgz -C /opt
rm -f /tmp/splunk-7.0.2-03bbabbd5c0f-Linux-x86_64.tgz
useradd splunk
echo splunk:$splunkPassword > /tmp/pwdfile
cat /tmp/pwdfile | chpasswd
rm -f /tmp/pwdfile
echo
echo "Splunk installed and splunk linux user created."
echo
echo "[settings]" > /opt/splunk/etc/system/local/web.conf
echo "enableSplunkWebSSL = true" >> /opt/splunk/etc/system/local/web.conf
echo
echo "HTTPS enabled for Splunk Web using self-signed certificate."
echo
chown -R splunk:splunk /opt/splunk
afz=`firewall-cmd --get-active-zone | head -1`
firewall-cmd --zone=$afz --add-port=8000/tcp --permanent
firewall-cmd --zone=$afz --add-port=8065/tcp --permanent
firewall-cmd --zone=$afz --add-port=8089/tcp --permanent
firewall-cmd --zone=$afz --add-port=8191/tcp --permanent
firewall-cmd --zone=$afz --add-port=9997/tcp --permanent
firewall-cmd --zone=$afz --add-port=8080/tcp --permanent
firewall-cmd --zone=$afz --add-port=10514/udp --permanent
firewall-cmd --reload
echo
echo "Firewall ports used by Splunk opened."
echo "[splunktcp]" > /opt/splunk/etc/system/local/inputs.conf
echo "[splunktcp://9997]" >> /opt/splunk/etc/system/local/inputs.conf
echo "index = main" >> /opt/splunk/etc/system/local/inputs.conf
echo "disabled = 0" >> /opt/splunk/etc/system/local/inputs.conf
echo "" >> /opt/splunk/etc/system/local/inputs.conf
echo "[udp://10514]" >> /opt/splunk/etc/system/local/inputs.conf
echo "index = main" >> /opt/splunk/etc/system/local/inputs.conf
echo "disabled = 0" >> /opt/splunk/etc/system/local/inputs.conf
chown splunk:splunk /opt/splunk/etc/system/local/inputs.conf
echo
echo "Enabled Splunk TCP input over 9997 and UDP traffic input over 10514."
echo
runuser -l splunk -c '/opt/splunk/bin/splunk start --accept-license'
/opt/splunk/bin/splunk enable boot-start -user splunk
runuser -l splunk -c '/opt/splunk/bin/splunk stop'
chown root:splunk /opt/splunk/etc/splunk-launch.conf
chmod 644 /opt/splunk/etc/splunk-launch.conf
echo
echo "Splunk test start and stop complete. Enabled Splunk to start at boot. Also, adjusted splunk-launch.conf to mitigate privilege escalation attack."
echo
runuser -l splunk -c '/opt/splunk/bin/splunk start'
if [[ -f /opt/splunk/bin/splunk ]]
then
echo Splunk Enterprise
cat /opt/splunk/etc/splunk.version | head -1
echo "has been installed, configured, and started!"
echo "Visit the Splunk server using https://hostNameORip:8000 as mentioned above."
echo
echo
echo " HAPPY SPLUNKING!!!"
echo
echo
echo
else
echo Splunk Enterprise has FAILED install!
fi
#End of File
Continued from above:
4. Press "esc" key once.
5. Hold "Shift" and press "z" twice to save.
6. Run the following command to make the script executable: chmod 700 installSplunk702.sh
7. Then run the script using: ./installSplunk702.sh
Suggestions/Questions?
... View more
03-12-2018
10:50 AM
I am looking for an automated way to install Splunk 7.0.2 on CentOS 7 64 bit using the best practices for setting Transparent Huge Pages (THP), ulimit, permissions, ports, and inputs settings.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-03-2022
06:39 PM
|
Karma from
