So, nobody is able to explain to me why puppetdb is running Java RMI service on all interfaces when it's otherwise not configured to?
Really, there's got to be a way to stop this aside from using iptables. $ lsof -i -n -P | grep java | grep LISTEN java 31464 puppetdb 21u IPv6 715671 0t0 TCP *:1099 (LISTEN) java 31464 puppetdb 22u IPv6 717146 0t0 TCP *:40196 (LISTEN) # note: port changes since original post java 31464 puppetdb 39u IPv6 717150 0t0 TCP 127.0.0.1:8080 (LISTEN) java 31464 puppetdb 44u IPv6 715700 0t0 TCP 127.0.0.1:8081 (LISTEN) $ uname -a Linux neocrime.net 3.6.11 #5 SMP Sat Dec 22 21:02:13 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 12.04.1 LTS Release: 12.04 Codename: precise $dpkg -l puppetdb puppetmaster postgresql rubygems openjdk-6-jre-headless ... ii openjdk-6-jre-headle 6b24-1.11.5-0ubuntu1 OpenJDK Java runtime, using Hotspot JIT (headless) ii postgresql 9.1+129ubuntu1 object-relational SQL database (supported version) ii puppetdb 1.0.5-1puppetlabs1 PuppetDB Centralized Storage. ii puppetmaster 3.0.2-1puppetlabs1 Centralized configuration management - master startup an ii rubygems 1.8.21-0~28~precise1 package management framework for Ruby libraries/applicat $ cat /etc/apt/sources.list.d/PuppetLabs.list deb http://apt.puppetlabs.com precise main $ cat /etc/puppetdb/conf.d/* | grep -v '^#' [global] vardir = /var/lib/puppetdb logging-config = /etc/puppetdb/conf.d/../log4j.properties resource-query-limit = 20000 [command-processing] [database] classname = org.postgresql.Driver subprotocol = postgresql subname = //localhost:5432/puppetdb log-slow-statements = 10 syntax_pgs = true gc-interval = 60 username = puppetdb password = redacted [jetty] host = localhost port = 8080 ssl-host = localhost ssl-port = 8081 keystore = /etc/puppetdb/ssl/keystore.jks truststore = /etc/puppetdb/ssl/truststore.jks key-password = redacted trust-password = redacted [repl] enabled = false type = nrepl port = 8082 On Monday, December 24, 2012 1:27:24 AM UTC-8, Michael Henry wrote: > > PuppetDB is operating fine, but I can't figure out how to disable it from > listening globally on TCP 1099 or 58722 > > How do I disable them from listening globally without having to resort to > iptables? > > $ lsof -i -n -P | grep java | grep LISTEN > java 30115 puppetdb 22u IPv6 119118 0t0 TCP *:1099 (LISTEN) > java 30115 puppetdb 23u IPv6 117236 0t0 TCP *:58772 (LISTEN) > java 30115 puppetdb 40u IPv6 117241 0t0 TCP > 127.0.0.1:8080(LISTEN) > java 30115 puppetdb 45u IPv6 117247 0t0 TCP > 127.0.0.1:8081(LISTEN) > > $ netstat -tnlp | grep java > tcp6 0 0 :::1099 :::* > LISTEN 30115/java > tcp6 0 0 127.0.0.1:8080 :::* > LISTEN 30115/java > tcp6 0 0 127.0.0.1:8081 :::* > LISTEN 30115/java > tcp6 0 0 :::58772 :::* > LISTEN 30115/java > > This is what NMAP says they are: > > PORT STATE SERVICE VERSION > 1099/tcp open jrmi Java RMI > 58772/tcp open unknown > > Java RMI: http://en.wikipedia.org/wiki/Java_remote_method_invocation > > My relevant configurations: > $ egrep '(port|host|1099|58772)' /etc/puppetdb/conf.d/* > /etc/puppetdb/conf.d/database.ini:# For PostgreSQL: > //host:port/databaseName > /etc/puppetdb/conf.d/database.ini:subname = //localhost:5432/puppetdb > /etc/puppetdb/conf.d/jetty.ini:# Hostname to list for clear-text HTTP. > Default is localhost > /etc/puppetdb/conf.d/jetty.ini:host = localhost > /etc/puppetdb/conf.d/jetty.ini:port = 8080 > /etc/puppetdb/conf.d/jetty.ini:ssl-host = localhost > /etc/puppetdb/conf.d/jetty.ini:ssl-port = 8081 > /etc/puppetdb/conf.d/repl.ini:# What port the REPL should listen on > /etc/puppetdb/conf.d/repl.ini:port = 8082 > > OS: Ubuntu 12.04 LTS x86_64 > Puppetdb 1.0.5 > Puppet 3.0.1 > > Is there a setting I've missed? > > Thanks in advance. > > Respectfully, > > Michael Henry (Mike) > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/6gA8u8I8NAcJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
