Security Considerations When Using JMX ports
Publish date: Jun 19, 2019
The main security considerations when using JMX ports are as follows:
Loopback Interface Only
The JMX port should be loopback only. If it must be open to external interfaces, think again a few times. And again.
TLS
If you really insist on opening JMX port for external interfaces, enable SSL for JMX port and make sure client validates SSL cert when connecting.
RBAC and Security Policy
A custom security policy should be defined to create roles that allow performing only the specific actions needed.
At least a predefined role should be used e.g. monitorRole for monitoring purposes.
Authentication
Strong authentication mechanisms should be used such as LDAP/password based authentication.
If using passwords, use strong randomly generated passwords for authentication, don’t pass them on command line, the password file should not be readable by other users on the system (use 600 ACL protected file).
.
Thank you!