RHEL7 netbox fips compliant install #2066

New Issue

Closed

opened 2025-12-29 17:21:57 +01:00 by adam · 1 comment

adam commented 2025-12-29 17:21:57 +01:00

Owner

Copy Link

Originally created by @ghost on GitHub (Oct 12, 2018).

Change Type

[x ] Addition
[ ] Correction
[ ] Deprecation
[ ] Cleanup (formatting, typos, etc.)

Proposed Changes

I get that the official documentation is light on purpose but for those looking to run Netbox on RHEL7 in a secure environment I would suggest the following steps; this should also work on CentOS 7. Hopefully someone else finds this useful I burnt up a few hours racking my brain to get it to work without negating SELinux.

• SELinux mode must be set to enforcing

  # sestatus

  SELinux status: enabled
  SELinuxfs mount: /sys/fs/selinux
  SELinux root directory: /etc/selinux
  Loaded policy name: targeted
  Current mode: enforcing
  Mode from config file: enforcing
  Policy MLS status: enabled
  Policy deny_unknown status: allowed
  Max kernel policy version: 31

• Prior to running migrate...
  # python3 /opt/netbox/netbox/manage.py migrate
  Check md5 is not being used for security
  # grep md5 /usr/lib/python3.4/site-packages/django/db/backends/base/schema.py
# vim /usr/lib/python3.4/site-packages/django/db/backends/base/schema.py

  h = hashlib.md5()
  h = hashlib.md5(usedforsecurity=False)

• Set listen to 8080 or greater than 1024 that's not currently being used
  vi /etc/nginx/conf.d/netbox.conf

• nginx should be able to access netbox
  chown root:nginx /opt/netbox/ -R

• Check for denials and SElinux file context
  tail /var/log/nginx/error.log
ls -lZ /opt/netbox

• Check nginx user name is what's being used by gunicorn if you're still seeing 502

Again, I wouldn't expect this to be adopted but if you're looking for an install that doesn't negate SELinux and is FIPS mode complaint here maybe this is useful. Other than that the official install guide works great for Red Hat; just follow the CentOS steps.

Originally created by @ghost on GitHub (Oct 12, 2018). <!-- Please indicate the nature of the change by placing an X in one of the boxes below. --> ### Change Type [x ] Addition [ ] Correction [ ] Deprecation [ ] Cleanup (formatting, typos, etc.) <!-- Describe the proposed change(s). --> ### Proposed Changes I get that the official documentation is light on purpose but for those looking to run Netbox on RHEL7 in a secure environment I would suggest the following steps; this should also work on CentOS 7. Hopefully someone else finds this useful I burnt up a few hours racking my brain to get it to work without negating SELinux. * SELinux mode must be set to enforcing `# sestatus` > SELinux status: enabled > SELinuxfs mount: /sys/fs/selinux > SELinux root directory: /etc/selinux > Loaded policy name: targeted > Current mode: enforcing > Mode from config file: enforcing > Policy MLS status: enabled > Policy deny_unknown status: allowed > Max kernel policy version: 31 * Prior to running migrate... `# python3 /opt/netbox/netbox/manage.py migrate` Check md5 is **not** being used for security `# grep md5 /usr/lib/python3.4/site-packages/django/db/backends/base/schema.py` `# vim /usr/lib/python3.4/site-packages/django/db/backends/base/schema.py` > _h = hashlib.md5()_ > _h = hashlib.md5(usedforsecurity=False)_ * Set listen to 8080 or greater than 1024 that's not currently being used `vi /etc/nginx/conf.d/netbox.conf` * nginx should be able to access netbox `chown root:nginx /opt/netbox/ -R` * Check for denials and SElinux file context `tail /var/log/nginx/error.log` `ls -lZ /opt/netbox` * Check nginx user name is what's being used by gunicorn if you're still seeing 502 Again, I wouldn't expect this to be adopted but if you're looking for an install that doesn't negate SELinux and is FIPS mode complaint here maybe this is useful. Other than that the official install guide works great for Red Hat; just follow the CentOS steps.

adam closed this issue 2025-12-29 17:21:57 +01:00

adam commented 2025-12-29 17:21:58 +01:00

Author

Owner

Copy Link

@lampwins commented on GitHub (Oct 15, 2018):

While I appreciate the information sharing, you are correct that this cannot be adopted in the docs, simply because these procedures are not unique to NetBox. We must be careful not become just another place on the internet for such information.

@lampwins commented on GitHub (Oct 15, 2018): While I appreciate the information sharing, you are correct that this cannot be adopted in the docs, simply because these procedures are not unique to NetBox. We must be careful not become just another place on the internet for such information.

adam referenced this issue 2025-12-29 22:20:47 +01:00

[PR #2074] [CLOSED] Restrict view to specific Tenant according to LDAP Group belonging #12309

adam referenced this issue 2025-12-29 22:20:51 +01:00

[PR #2152] [MERGED] Release v2.3.4 #12320

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

update-changelog-comments-docs

feature-removal-issue-type

20911-dropdown

20239-plugin-menu-classes-mutable-state

21097-graphql-id-lookups

feature

fix_module_substitution

20923-dcim-templates

20044-elevation-stuck-lightmode

feature-ip-prefix-link

v4.5-beta1-release

20068-import-moduletype-attrs

20766-fix-german-translation-code-literals

20378-del-script

7604-filter-modifiers-v3

circuit-swap

12318-case-insensitive-uniqueness

20637-improve-device-q-filter

20660-script-load

19724-graphql

20614-update-ruff

14884-script

02496-max-page

19720-macaddress-interface-generic-relation

19408-circuit-terminations-export-templates

20203-openapi-check

fix-19669-api-image-download

7604-filter-modifiers

19275-fixes-interface-bulk-edit

fix-17794-get_field_value_return_list

11507-show-aggregate-and-rir-on-api

9583-add_column_specific_search_field_to_tables

v4.5.0

v4.4.10

v4.4.9

v4.5.0-beta1

v4.4.8

v4.4.7

v4.4.6

v4.4.5

v4.4.4

v4.4.3

v4.4.2

v4.4.1

v4.4.0

v4.3.7

v4.4.0-beta1

v4.3.6

v4.3.5

v4.3.4

v4.3.3

v4.3.2

v4.3.1

v4.3.0

v4.2.9

v4.3.0-beta2

v4.2.8

v4.3.0-beta1

v4.2.7

v4.2.6

v4.2.5

v4.2.4

v4.2.3

v4.2.2

v4.2.1

v4.2.0

v4.1.11

v4.1.10

v4.1.9

v4.1.8

v4.2-beta1

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.11

v4.0.10

v4.0.9

v4.1-beta1

v4.0.8

v4.0.7

v4.0.6

v4.0.5

v4.0.3

v4.0.2

v4.0.1

v4.0.0

v3.7.8

v3.7.7

v4.0-beta2

v3.7.6

v3.7.5

v4.0-beta1

v3.7.4

v3.7.3

v3.7.2

v3.7.1

v3.7.0

v3.6.9

v3.6.8

v3.6.7

v3.7-beta1

v3.6.6

v3.6.5

v3.6.4

v3.6.3

v3.6.2

v3.6.1

v3.6.0

v3.5.9

v3.6-beta2

v3.5.8

v3.6-beta1

v3.5.7

v3.5.6

v3.5.5

v3.5.4

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.10

v3.4.9

v3.5-beta2

v3.4.8

v3.5-beta1

v3.4.7

v3.4.6

v3.4.5

v3.4.4

v3.4.3

v3.4.2

v3.4.1

v3.4.0

v3.3.10

v3.3.9

v3.4-beta1

v3.3.8

v3.3.7

v3.3.6

v3.3.5

v3.3.4

v3.3.3

v3.3.2

v3.3.1

v3.3.0

v3.2.9

v3.2.8

v3.3-beta2

v3.2.7

v3.3-beta1

v3.2.6

v3.2.5

v3.2.4

v3.2.3

v3.2.2

v3.2.1

v3.2.0

v3.1.11

v3.1.10

v3.2-beta2

v3.1.9

v3.2-beta1

v3.1.8

v3.1.7

v3.1.6

v3.1.5

v3.1.4

v3.1.3

v3.1.2

v3.1.1

v3.1.0

v3.0.12

v3.0.11

v3.0.10

v3.1-beta1

v3.0.9

v3.0.8

v3.0.7

v3.0.6

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.11.12

v3.0-beta2

v2.11.11

v2.11.10

v3.0-beta1

v2.11.9

v2.11.8

v2.11.7

v2.11.6

v2.11.5

v2.11.4

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.10

v2.10.9

v2.11-beta1

v2.10.8

v2.10.7

v2.10.6

v2.10.5

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.11

v2.10-beta2

v2.9.10

v2.10-beta1

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.9-beta2

v2.8.9

v2.9-beta1

v2.8.8

v2.8.7

v2.8.6

v2.8.5

v2.8.4

v2.8.3

v2.8.2

v2.8.1

v2.8.0

v2.7.12

v2.7.11

v2.7.10

v2.7.9

v2.7.8

v2.7.7

v2.7.6

v2.7.5

v2.7.4

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.12

v2.6.11

v2.6.10

v2.6.9

v2.7-beta1

Solcon-2020-01-06

v2.6.8

v2.6.7

v2.6.6

v2.6.5

v2.6.4

v2.6.3

v2.6.2

v2.6.1

v2.6.0

v2.5.13

v2.5.12

v2.6-beta1

v2.5.11

v2.5.10

v2.5.9

v2.5.8

v2.5.7

v2.5.6

v2.5.5

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.9

v2.5-beta2

v2.4.8

v2.5-beta1

v2.4.7

v2.4.6

v2.4.5

v2.4.4

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.7

v2.4-beta1

v2.3.6

v2.3.5

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.10

v2.3-beta2

v2.2.9

v2.3-beta1

v2.2.8

v2.2.7

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.6

v2.2-beta2

v2.1.5

v2.2-beta1

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.10

v2.1-beta1

v2.0.9

v2.0.8

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v2.0-beta3

v1.9.6

v1.9.5

v2.0-beta2

v1.9.4-r1

v1.9.3

v2.0-beta1

v1.9.2

v1.9.1

v1.9.0-r1

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.7.3

v1.7.2-r1

v1.7.1

v1.7.0

v1.6.3

v1.6.2-r1

v1.6.1-r1

1.6.1

v1.6.0

v1.5.2

v1.5.1

v1.5.0

v1.4.2

v1.4.1

v1.4.0

v1.3.2

v1.3.1

v1.3.0

v1.2.2

v1.2.1

v1.2.0

v1.1.0

v1.0.7-r1

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3-r1

v1.0.3

1.0.0

Labels

Clear labels

beta

breaking change

complexity: high

complexity: low

complexity: medium

needs milestone

netbox

pending closure

plugin candidate

pull-request

Mirrored from GitHub Pull Request

severity: high

severity: low

severity: medium

status: accepted

status: backlog

status: blocked

status: duplicate

status: needs owner

status: needs triage

status: revisions needed

status: under review

topic: GraphQL

topic: Internationalization

topic: OpenAPI

topic: UI/UX

topic: cabling

topic: event rules

topic: htmx navigation

topic: industrialization

topic: migrations

topic: plugins

topic: scripts

topic: templating

topic: testing

type: bug

type: deprecation

type: documentation

type: feature

type: housekeeping

type: translation

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

adam

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/netbox#2066