Bug#869912: zookeeper: JMX opened for remote hosts
Christoph Anton Mitterer
calestyo at scientia.net
Thu Jul 27 15:00:24 UTC 2017
Source: zookeeper
Severity: important
Tags: security
Hi.
I've noticed that in:
/etc/zookeeper/conf/environment
the following is set
JMXLOCALONLY=false
which in turn sets
com.sun.management.jmxremote.local.only=false
Is there any reason for this? It's neither the default in Java
(see e.g. http://www.oracle.com/technetwork/java/javase/compatibility-417013.html)
nor does it sound particularly secure if any remote host can connect to
JMX.
Cheers,
Chris.
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.11.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8), LANGUAGE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
More information about the pkg-java-maintainers
mailing list