Thanks for all your help Adrian,
Checked out Scott's mail. Sounds exactly what I'll need. I'll muddle through it myself till then :-)
One thing about securing the web-console - the forum says you have to protect the applet aswell. I understand the basics of web app security using jaas - have used it to secure the jmx console. However, I'm unsure how to do this for the applet. Any idea how?
IMHO Signed JAR's. As all of the stuff rely on. org.jboss.Main should run under the hood of a java.security.Manager impl.
bax
Thanks very much,
Brian
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adrian Brock Sent: 31 October 2003 14:04 To: [EMAIL PROTECTED] Subject: RE: [JBoss-user] Securing JBoss
On Fri, 2003-10-31 at 13:48, Brian McSweeney wrote:Hi Adrian,jboss
I saw that file before, but it isn't used in the default deploy ofright?forums
I've spent a good few hours reading the JBoss admin docs, and theand Unfortunately there doesn't seem to be a decent single "how to manage/secure a default jboss server"
Correct. There was some talk about delivering a "secure" configuration of jboss like all or minimal. It would be completely unusable until you explicity configured the security. It hasn't been done yet.
Is the binding manager a good place to manage all the ports for jboss, and if so, why isn't this service used by a default jboss?
The binding manager was written to allow two jboss instances to run on the same machine. It isn't enabled by default, because JBoss uses a component view of services rather than a server view (which is what the binding manager is). i.e. you can configure each component in one place without some magic overriding your configuration.
Also, searching on the forums led me to find things like:
http://www.jboss.org/thread.jsp?forum=63&thread=37875
which says the web-console must be secured, but doesn't say how to do this.
This is just standard web app security, see the jaas howto
for
I think jboss is brilliant, and advancing so fast, but for a new user setting up a default server, this information is crucial. We've paidthe admin docs, but still can't seem to find what and how needs to be secured.
Scott has started this documentation. See this post to jboss-dev. It is probably too much of a 10,000 ft view and too limited in scope for your current needs. http://www.mail-archive.com/jboss-development%40lists.sourceforge.net/ms g38012.html
Regards, Adrian
areThanks for all your help, Brian
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adrian Brock Sent: 31 October 2003 13:14 To: [EMAIL PROTECTED] Subject: Re: [JBoss-user] Securing JBoss
You can find the list of port bindings in docs/examples/binding-manager/sample-bindings.xml
Look at the "default" section
I hope you can read xsl :-)
Regards, Adrian
On Fri, 2003-10-31 at 12:11, Brian McSweeney wrote: > Hi all, > > Following on Sebastian Hauer's email advice I used the following program > to find out what ports JBoss uses. > > http://www.tucows.com/preview/213738.html > > I think the following information might help others too when they> deploying jboss. My application is probably quite like what othersaredefault> doing. It's very standard in architecture. > > Struts --- > Stateless Session Beans --- > CMP EJBs / and MDBs > > Basically, a simple web application. > > A port scan reveals the following ports are being used by thewould> folder when my ear is deployed on JBoss 3.2.2. > > If people are able to tell me what the few unknown ports are it========================================================================be > helpful too. > > All comments are much appreciated! Hopefully this can help others as to > what the average user should shut down to secure and optimize a default > jboss 3.2.2. > > List of open ports with a JBoss 3.2.2 running port scan > > I found that there are 14 open ports on my default deploy of JBoss 3.2.2 >
sends error> = > > > Port Number Open: 3246 > Associated Function: unknown > What it does: unknown > How to disable: unknown > > > Port Number Open: 1162 > Associated Function: SNMP manager > What it does: Simple Network Management Protocol -Layer> messages via snmp protocol > How to disable: remove snmp-adaptor.sar from deploy > folder? > Should I disable probably > > > Port Number Open: 3251 > Associated Function: unknown > What it does: unknown > How to disable: unknown > Should I disable unknown > > Port Number Open: 8093 > Associated Function: Unified Invocation Layer > What it does: not sure, but the JBossMQ might use it > How to disable: remove the /deploy/jms/uil2-service.xml > file? > Should I disable unknown > > > Port Number Open: 3248 > Associated Function: unknown > What it does: unknown > How to disable: unknown > Should I disable unknown > > > Port Number Open: 8092 > Associated Function: OIL2 service - Optimizated InvocationLayer> What it does: not sure, but the JBossMQ might use it > How to disable: remove the /deploy/jms/oil2-service.xml > file? > Should I disable unknown > > > Port Number Open: 8090 > Associated Function: OIL service - Optimizated Invocationapache> What it does: not sure, but the JBossMQ might use it > How to disable: remove the /deploy/jms/oil-service.xml > file? > Should I disable unknown > Should I disable unknown > > > Port Number Open: 8009 > Associated Function: A AJP 1.3 Connector > What it does: allows tomcat to connect to front endmanager?> How to disable: comment out the AJP section in the > /deploy/jbossweb-tomcat41.sar/META-INF/jboss-service.xml file? > Should I disable probably > > > Port Number Open: 4445 > Associated Function: PooledInvoker > What it does: database pool, or perhaps bean pool> How to disable: comment out in the > /conf/jboss-service.xml file > Should I disable probably not > > > Port Number Open: 4444 > Associated Function: RMI/JRMP invoker > What it does: rmi manager? > How to disable: comment out in the > /conf/jboss-service.xml file > Should I disable probably not > > Port Number Open: 1099 > Associated Function: naming service > What it does: JNDI - directory location for all > services/beans/etc > How to disable: comment out in the > /conf/jboss-service.xml file > Should I disable no > > Port Number Open: 1098 > Associated Function: rmi port > What it does: Remote method invocation port > How to disable: comment out in the > /conf/jboss-service.xml file > Should I disable no > > Port Number Open: 8083 > Associated Function: web services > What it does: web services invocation port??? > How to disable: comment out in the > /conf/jboss-service.xml file > Should I disable probably > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: SF.net Giveback Program. > Does SourceForge.net help you be more productive? Does it > help you create better code? SHARE THE LOVE, and help us help > YOU! Click Here: http://sourceforge.net/donate/ > _______________________________________________ > JBoss-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/jboss-user
-- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
