Buscar este blog

viernes, 31 de marzo de 2017

JBoss EAP Allow weak password

In order to allow weak user passwords edit JBOSS_HOME/bin/add-user.properties file.

Set de following config keys:
  • password.restriction=RELAX
  • password.restriction.minLength=4
  • password.restriction.mustNotMatchUsername=FALSE
  • password.restriction.forbiddenValue=
  • password.restriction.strength=VERY_WEAK

# Valid values: RELAX, WARN or REJECT
# RELAX : Don't perform any strength checks on the password in both interactive and non-interactive mode
# WARN : Display a message about the strength of the password. Ask confirmation if the password is weak in interactive mode
# REJECT : Display a message about the strength of the password (if the password is weak, the user is not created).
# Ask confirmation if the password is weak in interactive mode
password.restriction=RELAX

# Password minimum length
password.restriction.minLength=4

# Password must contains at least one alpha
password.restriction.minAlpha=1

# Password must contains at least one digit
password.restriction.minDigit=1

# Password must contains at least one symbol
password.restriction.minSymbol=1

# Password must not match the username. Valid values: TRUE or FALSE.
password.restriction.mustNotMatchUsername=FALSE

# Comma separated list of forbidden passwords (easily guessable)
password.restriction.forbiddenValue=

# Password strength. Valid values: VERY_WEAK, WEAK, MODERATE, MEDIUM, STRONG, VERY_STRONG or EXCEPTIONAL.
# If not present, it defaults to "MODERATE"
password.restriction.strength=VERY_WEAK

# Class of password strength checker.
# If not present, utility will revert to default implementation
password.restriction.checker=org.jboss.as.domain.management.security.password.simple.SimplePasswordStrengthChecker

A dream come true for lazy (and bad memory) developers.
Publicado por en No hay comentarios:
Etiquetas:

jueves, 9 de marzo de 2017

JavaMelody Collect Server - CentOS - Configure as Service

This is how I configured the JavaMelody Collect Server to start as a service in CentOS 6. The collect server is deployed as a WAR with its embedded server.

JavaMelody: https://github.com/javamelody/javamelody/wiki
JavaMelody Collect Server: https://github.com/javamelody/javamelody/wiki/UserGuideAdvanced#optional-centralization-server-setup

Directory structure:
 - /opt/javamelody
     - javamelody-X.X.X.war
     - javamelody.war (symbolic link to the previous war)
     - conf
         - javamelody.sh (launch script)
      - work
         - tmp (java temp directory for de process)
         - storage (storage directory for monitor info)


First, create the directoy structure:
mkdir /opt/javamelody

cp javamelody-1.63.0.war /opt/javamelody/

ln -s  /opt/javamelody/javamelody-1.63.0.war /opt/javamelody/javamelody.war

mkdir /opt/javamelody/work

mkdir /opt/javamelody/work/tmp

mkdir /opt/javamelody/work/storage

mkdir /opt/javamelody/conf

In /opt/javamelody/conf you have to create the launching script, called javamelody.sh:
#!/bin/sh
#
# JavaMelody script
# 09/03/2017
#
# https://github.com/javamelody/javamelody/wiki/UserGuideAdvanced#3-simpler-alternative-of-deployment-of-the-webapp-of-monitoring
#
# Params:
# - JMELODY_CONSOLE_LOG : Log directory
# - JMELODY_PIDFILE : File where the pid is stored
#
#

JAVA_OPTS="-server -Xmx256m"
JAVA_OPTS="$JAVA_OPTS -Djava.io.tmpdir=/opt/javamelody/work/tmp"
JAVA_OPTS="$JAVA_OPTS -Djavamelody.storage-directory=/opt/javamelody/work/storage"
JAVA_OPTS="$JAVA_OPTS -Djavamelody.authorized-users=sisifo:sisifo"

JMELODY_WAR=/opt/javamelody/javamelody.war

JMELODY_OPTS="--httpPort=9080"

# Run and store the PID
nohup java $JAVA_OPTS -jar $JMELODY_WAR $JMELODY_OPTS 0</dev/null 2>&1 >> $JMELODY_CONSOLE_LOG &
JMELODY_PID=$!
echo $JMELODY_PID > $JMELODY_PIDFILE

JavaMelody will be executed with its own user, called 'javamelody':
useradd -U javamelody

chown -Rf javamelody:javamelody /opt/javamelody/

Now, you have to create the service script called javamelody in /etc/init.d:
#!/bin/sh
#
# JavaMeoldy Collect Server script
#


# Source function library.
. /etc/init.d/functions

JMELODY_SCRIPT=/opt/javamelody/conf/javamelody.sh


JMELODY_CONSOLE_LOG=/var/log/javamelody/javamelody.log
JMELODY_PIDFILE=/var/run/javamelody.pid


JMELODY_USER=javamelody
prog='JavaMelody Collect Server'



# Set defaults.
if [ -z "$JMELODY_PIDFILE" ]; then
  JMELODY_PIDFILE=/var/run/javamelody.pid

fi
export JMELODY_PIDFILE


if [ -z "$JMELODY_CONSOLE_LOG" ]; then
  JMELODY_CONSOLE_LOG=/var/log/javamelody/javamelody.log
fi


if [ -z "$STARTUP_WAIT" ]; then
  STARTUP_WAIT=30
fi

if [ -z "$SHUTDOWN_WAIT" ]; then
  SHUTDOWN_WAIT=30
fi



start() {
  echo -n "Starting $prog: "
  if [ -f $JMELODY_PIDFILE ]; then
    read ppid < $JMELODY_PIDFILE
    if [ `ps --pid $ppid 2> /dev/null | grep -c $ppid 2> /dev/null` -eq '1' ]; then
      echo -n "$prog is already running"
      failure
      echo
      return 1
    else
      rm -f $JMELODY_PIDFILE
    fi
  fi
  mkdir -p $(dirname $JMELODY_CONSOLE_LOG)
  cat /dev/null > $JMELODY_CONSOLE_LOG
  chown -Rf $JMELODY_USER $(dirname $JMELODY_CONSOLE_LOG) || true


  mkdir -p $(dirname $JMELODY_PIDFILE)
  chown $JMELODY_USER $(dirname $JMELODY_PIDFILE) || true

  
  daemon --user $JMELODY_USER --pidfile $JMELODY_PIDFILE JMELODY_PIDFILE=$JMELODY_PIDFILE JMELODY_CONSOLE_LOG=$JMELODY_CONSOLE_LOG $JMELODY_SCRIPT
 

  count=0
  launched=false

  until [ $count -gt $STARTUP_WAIT ]
  do
    grep 'Winstone Servlet * Engine' $JMELODY_CONSOLE_LOG > /dev/null
    if [ $? -eq 0 ] ; then
      launched=true
      break
    fi
    sleep 1
    let count=$count+1;
  done


  success
  echo
  return 0
}

stop() {
  echo -n $"Stopping $prog: "
  count=0;

  if [ -f $JMELODY_PIDFILE ]; then
    read kpid < $JMELODY_PIDFILE
    let kwait=$SHUTDOWN_WAIT

    # Try issuing SIGTERM

    kill -15 $kpid
    until [ `ps --pid $kpid 2> /dev/null | grep -c $kpid 2> /dev/null` -eq '0' ] || [ $count -gt $kwait ]
    do
      sleep 1
      let count=$count+1;
    done

    if [ $count -gt $kwait ]; then
      kill -9 $kpid
    fi
  fi
  rm -f $JMELODY_PIDFILE
  success
  echo
}

status() {
  if [ -f $JMELODY_PIDFILE ]; then
    read ppid < $JMELODY_PIDFILE
    if [ `ps --pid $ppid 2> /dev/null | grep -c $ppid 2> /dev/null` -eq '1' ]; then
      echo "$prog is running (pid $ppid)"
      return 0
    else
      echo "$prog dead but pid file exists"
      return 1
    fi
  fi
  echo "$prog is not running"
  return 3
}

case "$1" in
  start)
      start
      ;;
  stop)
      stop
      ;;
  restart)
      $0 stop
      $0 start
      ;;
  status)
      status
      ;;
  *)
      ## If no parameters are given, print which are avaiable.
      echo "Usage: $0 {start|stop|status|restart|reload}"
      exit 1
      ;;
esac

Finally, just configure it as an automatic service:
chmod +x /etc/init.d/javamelody

chkconfig --add javamelody
chkconfig javamelody on
service javamelody start
Publicado por en No hay comentarios:
Etiquetas: ,
Suscribirse a: Entradas (Atom)