[ZBXNEXT-6307] Hidden cert store passwords in Zabbix Java Gateway - ZABBIX SUPPORT

XML

Word

Printable

Details

Type: Change Request
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.0.28rc1, 5.0.7rc1, 5.2.3rc1, 5.4.0alpha1, 5.4 (plan)
Component/s: Java gateway (J)
Labels:
None

Team:
Team A
Sprint:
Sprint 69 (Oct 2020), Sprint 70 (Nov 2020), Sprint 71 (Dec 2020)
Story Points:
1

Description

Zabbix Java Gateway supports SSL connections with auth, but currently Java arguments must be like this:

JAVA_OPTIONS="-Dcom.sun.management.jmxremote.ssl=true -Djavax.net.ssl.keyStore=/var/lib/zabbix/certs/zabbix_java_gateway.keystore -Djavax.net.ssl.keyStorePassword=changeit -Djavax.net.ssl.trustStore=/var/lib/zabbix/certs/zabbix_java_gateway.truststore -Djavax.net.ssl.trustStorePassword=changeit"

It is impossible to hide such password from "ps ax" command output, but Java has com.sun.management.jmxremote.ssl.config.file and com.sun.management.config.file arguments. Zabbix Java Gateway ignores these options and do not use them.

Attachments

Issue Links

causes

ZBX-18928 java-gateway package use old startup.sh

Closed

Activity

People

Assignee:: Vladislavs Sokurenko

Reporter:: Alexey Pustovalov

Votes:: 1 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 2020 Oct 28 21:07

Updated:: 2021 Jan 27 18:45

Resolved:: 2020 Dec 14 10:30