All Apps and Add-ons

ps -ef for Add-on for JBoss shows userid and password in plain text for jmxstats process. Is there a solution or workaround?

tweaktubbie
Communicator

When trying to get the Jboss add-on working on servers, I noticed that the configuration requires uid and pwd to connect to the jboss instance. But what's worse, it shows the credentials when doing a ps -ef|grep splunk in plain text.

splunk    7087  7042  0 Aug17 ?        00:00:00 /bin/sh /opt/splunkforwarder/etc/apps/Jboss_addon/bin/jmxstats -u splunk -p uid@pwd statistics service:jmx:remoting-jmx://localhost:99xx

The internal/local jboss account uid/pwd is said to be only accessible in Jboss console for readonly and statistics retrieval (so no alleged credentials, logs, stop/start possibilities). Haven't found any way to work around this. Yes, running the app/addon from the Splunk server and pull (via JMX) data from the jboss servers is an option, but by using a deployment server and a generic config for all jboss servers/instances, this uid/pwd looks to outsiders as non-secure. Which partly is true of course.

Any suggestions?

0 Karma

jeremiahc4
Builder

You could add a transform to zap that data during index time to ensure it's never indexed, however, it doesn't prevent someone with access to the server seeing that process via ps -ef also.

http://docs.splunk.com/Documentation/Splunk/6.4.2/Data/Anonymizedata

0 Karma
Get Updates on the Splunk Community!

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

Cisco Use Cases, ITSI Best Practices, and More New Articles from Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...