All Apps and Add-ons

ps -ef for Add-on for JBoss shows userid and password in plain text for jmxstats process. Is there a solution or workaround?

tweaktubbie
Communicator

When trying to get the Jboss add-on working on servers, I noticed that the configuration requires uid and pwd to connect to the jboss instance. But what's worse, it shows the credentials when doing a ps -ef|grep splunk in plain text.

splunk    7087  7042  0 Aug17 ?        00:00:00 /bin/sh /opt/splunkforwarder/etc/apps/Jboss_addon/bin/jmxstats -u splunk -p uid@pwd statistics service:jmx:remoting-jmx://localhost:99xx

The internal/local jboss account uid/pwd is said to be only accessible in Jboss console for readonly and statistics retrieval (so no alleged credentials, logs, stop/start possibilities). Haven't found any way to work around this. Yes, running the app/addon from the Splunk server and pull (via JMX) data from the jboss servers is an option, but by using a deployment server and a generic config for all jboss servers/instances, this uid/pwd looks to outsiders as non-secure. Which partly is true of course.

Any suggestions?

0 Karma

jeremiahc4
Builder

You could add a transform to zap that data during index time to ensure it's never indexed, however, it doesn't prevent someone with access to the server seeing that process via ps -ef also.

http://docs.splunk.com/Documentation/Splunk/6.4.2/Data/Anonymizedata

0 Karma
Get Updates on the Splunk Community!

Notification Email Migration Announcement

The Notification Team is migrating our email service provider from Postmark to AWS Simple Email Service (SES) ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...

Splunk Edge Processor | Popular Use Cases to Get Started with Edge Processor

Splunk Edge Processor offers more efficient, flexible data transformation – helping you reduce noise, control ...