Re: ps -ef for Add-on for JBoss shows userid and p...

tweaktubbie · ‎08-23-2016

When trying to get the Jboss add-on working on servers, I noticed that the configuration requires uid and pwd to connect to the jboss instance. But what's worse, it shows the credentials when doing a ps -ef|grep splunk in plain text.

splunk    7087  7042  0 Aug17 ?        00:00:00 /bin/sh /opt/splunkforwarder/etc/apps/Jboss_addon/bin/jmxstats -u splunk -p uid@pwd statistics service:jmx:remoting-jmx://localhost:99xx

The internal/local jboss account uid/pwd is said to be only accessible in Jboss console for readonly and statistics retrieval (so no alleged credentials, logs, stop/start possibilities). Haven't found any way to work around this. Yes, running the app/addon from the Splunk server and pull (via JMX) data from the jboss servers is an option, but by using a deployment server and a generic config for all jboss servers/instances, this uid/pwd looks to outsiders as non-secure. Which partly is true of course.

Any suggestions?

jeremiahc4 · ‎08-23-2016

You could add a transform to zap that data during index time to ensure it's never indexed, however, it doesn't prevent someone with access to the server seeing that process via ps -ef also.

http://docs.splunk.com/Documentation/Splunk/6.4.2/Data/Anonymizedata

ps -ef for Add-on for JBoss shows userid and password in plain text for jmxstats process. Is there a solution or workaround?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!