DDF-3111 Prevent connections to JMX (#2128)

* DDF-3111 Prevented connections to JMX by default * DDF-3111 Changed JVM minHeap size to 2g and maxHeap size to 4g
codice · Jul 17, 2017 · 8098c2f · 8098c2f
1 parent e209bc8
commit 8098c2f
Show file tree

Hide file tree

Showing 6 changed files with 80 additions and 37 deletions.
diff --git a/distribution/ddf-common/src/main/resources/bin/setenv b/distribution/ddf-common/src/main/resources/bin/setenv
@@ -58,10 +58,11 @@ export EXTRA_JAVA_OPTS
 # karaf scripts
 #
 
-# export JAVA_MIN_MEM # Minimum memory for the JVM
-export JAVA_MAX_MEM=4096M
+# export JAVA_MIN_MEM=2g # Minimum memory for the JVM
+# export JAVA_MAX_MEM=4g # Maximum memory for the JVM
 # export KARAF_HOME # Karaf home folder
 # export KARAF_DATA # Karaf data folder
 # export KARAF_BASE # Karaf base folder
 
 export KARAF_OPTS="-Dfile.encoding=UTF8 -Dddf.home=$DDF_HOME"
+export JAVA_OPTS=-"server -Xms2g -Xmx4g -XX:+UnlockDiagnosticVMOptions -XX:+UnsyncloadClass -XX:+DisableAttachMechanism"
diff --git a/distribution/ddf-common/src/main/resources/bin/setenv.bat b/distribution/ddf-common/src/main/resources/bin/setenv.bat
@@ -42,9 +42,9 @@ rem
 rem Window name of the windows console
 SET KARAF_TITLE=${command.prompt.title}
 rem Minimum memory for the JVM
-rem SET JAVA_MIN_MEM
+rem SET JAVA_MIN_MEM=2g
 rem Maximum memory for the JVM
-rem SET JAVA_MAX_MEM=2048M
+rem SET JAVA_MAX_MEM=4g
 rem Minimum perm memory for the JVM
 rem SET JAVA_PERM_MEM=128M
 rem Maximum memory for the JVM
@@ -56,10 +56,10 @@ rem SET KARAF_DATA
 rem Karaf base folder
 rem SET KARAF_BASE
 rem Additional available Karaf options
-rem SET KARAF_OPTS=-Dderby.system.home="..\data\derby"  -Dderby.storage.fileSyncTransactionLog=true -Dcom.sun.management.jmxremote -Dfile.encoding=UTF8 -Dddf.home=%DDF_HOME%
+rem SET KARAF_OPTS=-Dderby.system.home="..\data\derby"  -Dderby.storage.fileSyncTransactionLog=true -Dfile.encoding=UTF8 -Dddf.home=%DDF_HOME% -XX:+DisableAttachMechanism
 
 rem comment out the line below to enable cxf logging interceptors
 rem set EXTRA_JAVA_OPTS="-Dcom.sun.xml.ws.transport.http.HttpAdapter.dump=true"
 
-set JAVA_OPTS=-server -Xmx4096M -Dderby.system.home="%DDF_HOME%\data\derby"  -Dderby.storage.fileSyncTransactionLog=true -Dcom.sun.management.jmxremote -Dfile.encoding=UTF8 -Dddf.home=%DDF_HOME%
-:: set JAVA_OPTS=-server -Xmx2048M -Dfile.encoding=UTF8 -Djavax.net.ssl.keyStore=../etc/keystores/serverKeystore.jks -Djavax.net.ssl.keyStorePassword=changeit -Djavax.net.ssl.trustStore=../etc/keystores/serverTruststore.jks -Djavax.net.ssl.trustStorePassword=changeit -Dddf.home=%DDF_HOME%
+set JAVA_OPTS=-server -Xms2g -Xmx4g -Dderby.system.home="%DDF_HOME%\data\derby"  -Dderby.storage.fileSyncTransactionLog=true -Dfile.encoding=UTF8 -Dddf.home=%DDF_HOME% -XX:+DisableAttachMechanism
+:: set JAVA_OPTS=-server -Xms2g -Xmx4g -Dfile.encoding=UTF8 -Djavax.net.ssl.keyStore=../etc/keystores/serverKeystore.jks -Djavax.net.ssl.keyStorePassword=changeit -Djavax.net.ssl.trustStore=../etc/keystores/serverTruststore.jks -Djavax.net.ssl.trustStorePassword=changeit -Dddf.home=%DDF_HOME%
diff --git a/...on/docs/src/main/jdocs/content/_configuring/environment-hardening-contents.adoc b/...on/docs/src/main/jdocs/content/_configuring/environment-hardening-contents.adoc
@@ -23,9 +23,7 @@ It is recommended to apply the following security mitigations to the ${branding}
 
 |JMX
 |tampering, information disclosure, and unauthorized access
-a|* Remove `-Dcom.sun.management.jmxremote` from `<${branding}_HOME>/bin/karaf`. +
-* Disable ${branding}'s JMX management `rmiRegistryPort` and `rmiServerPort` (`1099`, `44444`) by removing these entries from `etc/org.apache.karaf.management.cfg`. +
-* Uninstall the management bundle using the command line console: `uninstall management`. +
+a|* Stop the management feature using the command line console: `feature:stop management`. +
 
 |File System Access
 |tampering, information disclosure, and denial of service

diff --git a/distribution/docs/src/main/jdocs/content/_running/starting-intro-contents.adoc b/distribution/docs/src/main/jdocs/content/_running/starting-intro-contents.adoc
@@ -14,7 +14,7 @@ If the ${branding} will be running memory-intensive applications, consider incre
 .Setenv Script: *NIX
 ----
 <${branding}_HOME>/bin/setenv
-Update the JAVA_MAX_MEM property
+Update the JAVA_OPTS -Xmx value
 ----
 
 .Setenv Script: Windows
@@ -24,6 +24,25 @@ Update the JAVA_OPTS -Xmx value
 ----
 ====
 
+.JMX Connectivity Considerations
+[NOTE]
+====
+[[jmx-connectivity-configuration]]
+By default the ${branding} prevents connections to JMX. To monitor the ${branding} via tools such as JConsole, consider removing the no attach mechanism by updating the setenv script:
+
+.Setenv Script: *NIX
+----
+<${branding}_HOME>/bin/setenv
+Remove -XX:+DisableAttachMechanism from JAVA_OPTS
+----
+
+.Setenv Script: Windows
+----
+<${branding}_HOME>/bin/setenv.bat
+Remove -XX:+DisableAttachMechanism from JAVA_OPTS
+----
+====
+
 ==== Starting from Startup Scripts
 
 Run one of the start scripts from a command shell to start the distribution and open a local console:
@@ -145,21 +164,26 @@ RUN_AS_USER=<${branding-lowercase}-user>
 wrapper.java.additional.10=-D${ddf-branding-lowercase}.home=%KARAF_HOME%
 wrapper.java.additional.11=-Dderby.storage.fileSyncTransactionLog=true
 wrapper.java.additional.12=-server
-wrapper.java.additional.13=-Dcom.sun.management.jmxremote
-wrapper.java.additional.14=-Djava.security.egd=file:/dev/./urandom
-wrapper.java.additional.15=-Dfile.encoding=UTF8
-wrapper.java.additional.16=-Dkaraf.instances=%KARAF_HOME%/instances
-wrapper.java.additional.17=-Dkaraf.restart.jvm.supported=true
-wrapper.java.additional.18=-Djava.io.tmpdir=%KARAF_HOME%/data/tmp
-wrapper.java.additional.19=-Djava.util.logging.config.file=%KARAF_HOME%/etc/java.util.logging.properties
-wrapper.java.additional.20=-XX:+UnlockDiagnosticVMOptions
-wrapper.java.additional.21=-XX:+UnsyncloadClass
-wrapper.java.additional.22=-Dderby.system.home=%KARAF_HOME%/data/derby
-wrapper.java.additional.23=-Djava.awt.headless=true
+wrapper.java.additional.13=-Djava.security.egd=file:/dev/./urandom
+wrapper.java.additional.14=-Dfile.encoding=UTF8
+wrapper.java.additional.15=-Dkaraf.instances=%KARAF_HOME%/instances
+wrapper.java.additional.16=-Dkaraf.restart.jvm.supported=true
+wrapper.java.additional.17=-Djava.io.tmpdir=%KARAF_HOME%/data/tmp
+wrapper.java.additional.18=-Djava.util.logging.config.file=%KARAF_HOME%/etc/java.util.logging.properties
+wrapper.java.additional.19=-XX:+UnlockDiagnosticVMOptions
+wrapper.java.additional.20=-XX:+UnsyncloadClass
+wrapper.java.additional.21=-Dderby.system.home=%KARAF_HOME%/data/derby
+wrapper.java.additional.22=-Djava.awt.headless=true
+
+# Set the JVM min heap space as desired
+wrapper.java.additional.23=-Xms2g
 
 # Set the JVM max heap space as desired
 wrapper.java.additional.24=-Xmx4g
 
+# (Preferred) Optionally add the disable attach mechanism to prevent connections to JMX
+wrapper.java.additional.25=-XX:+DisableAttachMechanism
+
 ----
 +
 . Install the wrapper startup/shutdown scripts.

diff --git a/...ibution/docs/src/main/resources/_contents/_running/starting-intro-contents.adoc b/...ibution/docs/src/main/resources/_contents/_running/starting-intro-contents.adoc
@@ -10,7 +10,7 @@ If the ${branding} will be running memory-intensive applications, consider incre
 .Setenv Script: *NIX
 ----
 <${branding}_HOME>/bin/setenv
-Update the JAVA_MAX_MEM property
+Update the JAVA_OPTS -Xmx value
 ----
 
 .Setenv Script: Windows
@@ -19,7 +19,24 @@ Update the JAVA_MAX_MEM property
 Update the JAVA_OPTS -Xmx value
 ----
 ====
+.JMX Connectivity Considerations
+[NOTE]
+====
+[[jmx-connectivity-configuration]]
+By default the ${branding} prevents connections to JMX. To monitor the ${branding} via tools such as JConsole, consider removing the no attach mechanism by updating the setenv script:
+
+.Setenv Script: *NIX
+----
+<${branding}_HOME>/bin/setenv
+Remove -XX:+DisableAttachMechanism from JAVA_OPTS
+----
 
+.Setenv Script: Windows
+----
+<${branding}_HOME>/bin/setenv.bat
+Remove -XX:+DisableAttachMechanism from JAVA_OPTS
+----
+====
 ==== Starting from Startup Scripts
 
 Run one of the start scripts from a command shell to start the distribution and open a local console:
@@ -141,21 +158,26 @@ RUN_AS_USER=<${branding-lowercase}-user>
 wrapper.java.additional.10=-D${ddf-branding-lowercase}.home=%KARAF_HOME%
 wrapper.java.additional.11=-Dderby.storage.fileSyncTransactionLog=true
 wrapper.java.additional.12=-server
-wrapper.java.additional.13=-Dcom.sun.management.jmxremote
-wrapper.java.additional.14=-Djava.security.egd=file:/dev/./urandom
-wrapper.java.additional.15=-Dfile.encoding=UTF8
-wrapper.java.additional.16=-Dkaraf.instances=%KARAF_HOME%/instances
-wrapper.java.additional.17=-Dkaraf.restart.jvm.supported=true
-wrapper.java.additional.18=-Djava.io.tmpdir=%KARAF_HOME%/data/tmp
-wrapper.java.additional.19=-Djava.util.logging.config.file=%KARAF_HOME%/etc/java.util.logging.properties
-wrapper.java.additional.20=-XX:+UnlockDiagnosticVMOptions
-wrapper.java.additional.21=-XX:+UnsyncloadClass
-wrapper.java.additional.22=-Dderby.system.home=%KARAF_HOME%/data/derby
-wrapper.java.additional.23=-Djava.awt.headless=true
+wrapper.java.additional.13=-Djava.security.egd=file:/dev/./urandom
+wrapper.java.additional.14=-Dfile.encoding=UTF8
+wrapper.java.additional.15=-Dkaraf.instances=%KARAF_HOME%/instances
+wrapper.java.additional.16=-Dkaraf.restart.jvm.supported=true
+wrapper.java.additional.17=-Djava.io.tmpdir=%KARAF_HOME%/data/tmp
+wrapper.java.additional.18=-Djava.util.logging.config.file=%KARAF_HOME%/etc/java.util.logging.properties
+wrapper.java.additional.19=-XX:+UnlockDiagnosticVMOptions
+wrapper.java.additional.20=-XX:+UnsyncloadClass
+wrapper.java.additional.21=-Dderby.system.home=%KARAF_HOME%/data/derby
+wrapper.java.additional.22=-Djava.awt.headless=true
+
+# Set the JVM min heap space as desired
+wrapper.java.additional.23=-Xms2g
 
 # Set the JVM max heap space as desired
 wrapper.java.additional.24=-Xmx4g
 
+# (Preferred) Optionally add the disable attach mechanism to prevent connections to JMX
+wrapper.java.additional.25=-XX:+DisableAttachMechanism
+
 ----
 +
 . Install the wrapper startup/shutdown scripts.

diff --git a/...docs/src/main/resources/_contents/_securing/environment-hardening-contents.adoc b/...docs/src/main/resources/_contents/_securing/environment-hardening-contents.adoc
@@ -18,9 +18,7 @@ It is recommended to apply the following security mitigations to the ${branding}
 
 |JMX
 |tampering, information disclosure, and unauthorized access
-a|* Remove `-Dcom.sun.management.jmxremote` from `<${branding}_HOME>/bin/karaf`. +
-* Disable ${branding}'s JMX management `rmiRegistryPort` and `rmiServerPort` (`1099`, `44444`) by removing these entries from `etc/org.apache.karaf.management.cfg`. +
-* Uninstall the management bundle using the command line console: `uninstall management`. +
+a|* Stop the management feature using the command line console: `feature:stop management`. +
 
 |File System Access
 |tampering, information disclosure, and denial of service