Closing ActiveMQ Port TCP 8161/8162.
Article ID: 248841
Updated On:
Products
Issue/Introduction
SOI Manager has a TCP Port open on 8161 or (if SSL configured) on TCP/8162 for the activemq admin console.
We can access the port using a web browser and we can login to the web page using the default credentials (admin:admin)
Do we need to keep the port open at the SOI manager to guarantee a working system?
How do we close TCP Port open on 8161/8162.
Environment
Release : 4.2
Component : CA Service Operations Insight
This affects the SOI manager host only.
Cause
The activemq administrative console is enabled by default with the default credentials.
This is sometimes used for debugging activemq.
Resolution
This port is for ActiveMQ Web Console, we use this for debugging/troubleshooting purposes.
You can either block the port
You can disable the Web Console:
comment out the below snippet in
<SOI Install Directory>\apache-activemq\conf\jetty.xml
change:
<bean id="Connector" class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="Server" />
<property name="host" value="#{systemProperties['jetty.host']}" />
<property name="port" value="#{systemProperties['jetty.port']}" />
</bean>
to:
<!-- this section was disabled for security reasons, reference broadcom techdoc 248841
<bean id="Connector" class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="Server" />
<property name="host" value="#{systemProperties['jetty.host']}" />
<property name="port" value="#{systemProperties['jetty.port']}" />
</bean>
end of comment -->
save the file and recycle the
CA SOI MQ Server
service in windows services:
.
*
Additional Information
The communication ports diagram does not list this port.
Feedback
