Re: ps -ef for Add-on for JBoss shows userid and p...

tweaktubbie · ‎08-23-2016

When trying to get the Jboss add-on working on servers, I noticed that the configuration requires uid and pwd to connect to the jboss instance. But what's worse, it shows the credentials when doing a ps -ef|grep splunk in plain text.

splunk    7087  7042  0 Aug17 ?        00:00:00 /bin/sh /opt/splunkforwarder/etc/apps/Jboss_addon/bin/jmxstats -u splunk -p uid@pwd statistics service:jmx:remoting-jmx://localhost:99xx

The internal/local jboss account uid/pwd is said to be only accessible in Jboss console for readonly and statistics retrieval (so no alleged credentials, logs, stop/start possibilities). Haven't found any way to work around this. Yes, running the app/addon from the Splunk server and pull (via JMX) data from the jboss servers is an option, but by using a deployment server and a generic config for all jboss servers/instances, this uid/pwd looks to outsiders as non-secure. Which partly is true of course.

Any suggestions?

jeremiahc4 · ‎08-23-2016

You could add a transform to zap that data during index time to ensure it's never indexed, however, it doesn't prevent someone with access to the server seeing that process via ps -ef also.

http://docs.splunk.com/Documentation/Splunk/6.4.2/Data/Anonymizedata

ps -ef for Add-on for JBoss shows userid and password in plain text for jmxstats process. Is there a solution or workaround?

Introducing the Splunk Community Dashboard Challenge!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Wondering How to Build Resiliency in the Cloud?