The DX NetOps Performance Management Data Collector apache-karaf web services provides webport access remotely over port 8681.

This is only used externally for debugging purposes and can be disabled to prevent access remotely.

How to prevent DC remote access to the apache-karaf webport.

How to limit DC apache-karaf webport access so that it is only accessible to the DC itself via localhost.

All supported DX NetOps Performance Management releases r21.2.1 and older

Security requirements

To disable remote access to the DC karaf webport 8681 complete these steps.

1. On the DC open the (default path) /opt/IMDataCollector/apache-karaf-<version>/etc/org.ops4j.pax.web.cfg file for editing.
2. Add a line that states the following and save the changes to the file.
   1. org.ops4j.pax.web.listening.addresses=127.0.0.1
3. The change is not in use until the DC dcmd service is restarted.
   1. As the install owner run this command to stop the service:
      1. systemctl stop dcmd
   2. Then run this command to start the service again:
      1. systemctl start dcmd

1. After this change web pages for the DC that use karaf port 8681 will fail. The only way to obtain the information those URLs provide after the change is made is using curl based REST calls on the DC CLI.
2. This change is applicable to all supported releases r21.2.1 and older including the r3.7.x, r20.2.x release streams.
3. This was changed via defect DE511111 in the r21.2.2 release. These steps are now implemented by default in r21.2.2 and newer releases.