Logstash will not start with the /tmp directory mounted as noexec on RHEL 8.6.
We fixed this with Elasticsearch. However, do not have the proper variables, guidance on how to fix this with Logstash.
Thank You For Your Help !!
Change the value of java.io.tmpdir. I am surprised that Elastic would even consider suggesting mounting /tmp without the noexec option, it opens up all kinds of security holes.
Thank You !!
It seems to be working with /tmp mounted as noexec
Will post again if we have problems.
Still causing issues
I made a directory /usr/share/logstash/tmp gave it 755 permissions and set its owner to logstash
I added the following to /etc/logstash/jvm.options
-Djava.io.tmpdir=/usr/share/logstash/tmp
Cannot start logstash when /tmp is mounted no exec.
When we worked on elasticsearch with this problem we added
Environment=ES_TMPDIR=/usr/share/elasticsearch/tmp to
/usr/lib/systemd/system/elasticsearch.service
Also added
ES_TMPDIR=/usr/share/elasticsearch/tmp to
/etc/sysconfig/elasticsearch
Is there an equivalent to ES_TMPDIR in Logstash ?
Thanks For Your Help !!
Any other ideas on this ?
Logstash still wont start
Thank You for Your Help !!
This is RHEL 8 with systemd running
Hello,
Made a directory /usr/share/logstash/tmp with 755 permissions
Added
LS_JAVA_OPTS="-Djava.io.tmpdir="/usr/share/logstash/tmpdir="/usr/share/logstash/tmp""
to /usr/lib/systemd/system/logstash.service
Remounted /tmp as exec "mount -o remount,exec /tmp"
Stopped fapolicyd
Ran systemctl daemon-reload
Stopped logstash
Started fapolicyd
Ran the following fapolicyd commands
fapolicyd-cli --file add /usr/share/logstash --trust-file logstash.trust
fapolicyd-cli --update
Remounted /tmp as noexec "mount -o remount,noexec /tmp" (the mount point is listed as noexec in /etc/fstab)
Restarted logstash (logstash runs)
Rebooted VM
Logstash started again
After another reboot, logstash started again fapolicyd enabled and "/tmp" mounted as "noexec"
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.