Bug#869912: zookeeper: JMX opened for remote hosts

Christoph Anton Mitterer calestyo at scientia.net
Thu Jul 27 15:00:24 UTC 2017


Source: zookeeper
Severity: important
Tags: security


Hi.

I've noticed that in:
 /etc/zookeeper/conf/environment
the following is set
 JMXLOCALONLY=false
which in turn sets
 com.sun.management.jmxremote.local.only=false

Is there any reason for this? It's neither the default in Java
(see e.g. http://www.oracle.com/technetwork/java/javase/compatibility-417013.html)
nor does it sound particularly secure if any remote host can connect to
JMX.

Cheers,
Chris.


-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.11.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8), LANGUAGE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)



More information about the pkg-java-maintainers mailing list