On Mon, Aug 14, 2023 at 9:41 PM Alan Ma <alanma@xxxxxxxxxxxxxx> wrote: > > Hello SELinux experts, > > I have one odd RHEL 8 AWS host that refuses to allow me to run on port 8000 for Splunk to run it's Web application when SElinux is enforcing or permissive. I have another host with the same AMI and VLAN that works flawlessly. > > I have reviewed all Splunk, and Firewalld configurations. > > The host is not throwing any deny or errors in var/log/audit or /messages. > > The only time SplunkWeb loads is when SELinux is disabled. > > The browser will throw an error when SELinux is enabled. > > I suspect this maybe a bug as Splunk and SELinux had a known compatibility issue almost 20 years ago. > > However, those old fixes no longer work. > > I appreciate and look forward to everyone's response. Thank you in advance. Can you provide the following information from the host in question: 1. semanage port -l | grep 8000 2. sestatus -v 3. Check for any log or audit messages at all (not just avc messages) around the time of the failure in journalctl -b output (assuming you trigger the error again after the most recent boot).