Disable Data Collector karaf webport 8681 access

book

Article ID: 221237

calendar_today

Updated On:

Products

DX NetOps CA Performance Management - Usage and Administration

Issue/Introduction

The DX NetOps Performance Management Data Collector apache-karaf web services provides webport access remotely over port 8681.

This is only used externally for debugging purposes and can be disabled to prevent access remotely.

How to prevent DC remote access to the apache-karaf webport.

How to limit DC apache-karaf webport access so that it is only accessible to the DC itself via localhost.

Cause

Security requirements

Environment

All supported DX NetOps Performance Management releases

Resolution

To disable remote access to the DC karaf webport 8681 complete these steps.

  1. On the DC open the (default path) /opt/IMDataCollector/apache-karaf-<version>/etc/org.ops4j.pax.web.cfg file for editing.
  2. Add a line that states the following and save the changes to the file.
    1. org.ops4j.pax.web.listening.addresses=127.0.0.1
  3. The change is not in use until the DC dcmd service is restarted.
    1. As the install owner run this command to stop the service:
      1. systemctl stop dcmd
    2. Then run this command to start the service again:
      1. systemctl start dcmd

Additional Information

  1. After this change web pages for the DC that use karaf port 8681 will fail. The only way to obtain the information those URLs provide after the change is made is using curl based REST calls on the DC CLI.
  2. This change is applicable to all supported releases including r3.7.x, r20.2.x and r21.2.x releases.
  3. This is being changed via defect DE511111 where it will be implemented by default. The change is expected to arrive at this time (this is an ETA and subject to change) in the r21.2.3 release.