Data Repository failing security scan on port 5444 or 8443
search cancel

Data Repository failing security scan on port 5444 or 8443

book

Article ID: 191757

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

Security scans keep flagging our Data Repositories on port 5444 for HTTPS certificate violation.

Security scans keep flagging our Data Repositories on port 8443 for HTTPS certificate violation.

Environment

All supported releases of Performance Management

Cause

Port 5444 is used by the vertica agent.

We ship the vertica agent and it is installed by default but it is only used for the vertica management console (MC) which we do not ship, use or support.

Port 8443 is used by the HTTPService which was introduced in Vertica 23.x and included in NetOps Performance Management 23.3.11+

Resolution

5444 is only used by the Vertica agent and only needed by The Management Console (MC) which is not installed by default.

You can just disable the agent and the scan should pass with no changes in functionality.  

    1. systemctl stop vertica_agent
    2. systemctl disable vertica_agent

Note: This may get turned back on after upgrades of Vertica, so you may need to disable it again after an upgrade.

 

8443 is only used by the HTTPService and is not utilized by Performance Management

You can just disable the service and the scan should pass with no changes in functionality.  

    1. Login to vSQL via the adminTools "Connect to database" option
    2. Issue the below vSQL query:
      • SELECT SET_CONFIG_PARAMETER ('EnableHTTPServer', '0');
    3. Stop and restart the database

Note: This may get turned back on after upgrades of Vertica, so you may need to disable it again after an upgrade.