You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cloudstack.apache.org by "Clement Chen (JIRA)" <ji...@apache.org> on 2012/10/02 23:17:08 UTC

[jira] [Created] (CLOUDSTACK-243) Management Server starts with JMX port open and without authentication

Clement Chen created CLOUDSTACK-243:
---------------------------------------

             Summary: Management Server starts with JMX port open and without authentication
                 Key: CLOUDSTACK-243
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-243
             Project: CloudStack
          Issue Type: Bug
          Components: Install and Setup
    Affects Versions: 4.0.0
            Reporter: Clement Chen


Tomcat on CloudStack management server is started with "-Dcom.sun.management.jmxremote.port=45219 -Dcom.sun.management.jmxremote.authenticate=false" flag. As a result, the JMX port is open without authentication.

Do we need the JMX port? If not, we should close it.

If we need it, we will want to add authentication. Ideally we should add it in default installation. Or we should mention it in the document.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (CLOUDSTACK-243) Management Server starts with JMX port open and without authentication

Posted by "Alex Huang (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13484533#comment-13484533 ] 

Alex Huang commented on CLOUDSTACK-243:
---------------------------------------

JMX port is open because you can plugin a JMX console and access information that CloudStack publishes.  We should document that this port should be closed on the OS at all times.
                
> Management Server starts with JMX port open and without authentication
> ----------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-243
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-243
>             Project: CloudStack
>          Issue Type: Bug
>          Components: Install and Setup
>    Affects Versions: 4.0.0
>            Reporter: Clement Chen
>              Labels: documentation, security
>             Fix For: 4.1.0
>
>
> Tomcat on CloudStack management server is started with "-Dcom.sun.management.jmxremote.port=45219 -Dcom.sun.management.jmxremote.authenticate=false" flag. As a result, the JMX port is open without authentication.
> Do we need the JMX port? If not, we should close it.
> If we need it, we will want to add authentication. Ideally we should add it in default installation. Or we should mention it in the document.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (CLOUDSTACK-243) Management Server starts with JMX port open and without authentication

Posted by "Alex Huang (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-243?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alex Huang updated CLOUDSTACK-243:
----------------------------------

    Fix Version/s: 4.1.0
    
> Management Server starts with JMX port open and without authentication
> ----------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-243
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-243
>             Project: CloudStack
>          Issue Type: Bug
>          Components: Install and Setup
>    Affects Versions: 4.0.0
>            Reporter: Clement Chen
>              Labels: documentation, security
>             Fix For: 4.1.0
>
>
> Tomcat on CloudStack management server is started with "-Dcom.sun.management.jmxremote.port=45219 -Dcom.sun.management.jmxremote.authenticate=false" flag. As a result, the JMX port is open without authentication.
> Do we need the JMX port? If not, we should close it.
> If we need it, we will want to add authentication. Ideally we should add it in default installation. Or we should mention it in the document.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira