Grep the config for the ports returned by lsof:
egrep '(5005|42862|36495|1099|44444|8181|1527|8101|61616)' ${KARAF_HOME}/etc
./activemq.xml: <transportConnector name="openwire" uri="tcp://
0.0.0.0:61616?maximumConnections=1000"/>
./jetty.xml: <Property name="jetty.port" default="8181"/>
./org.apache.activemq.webconsole.cfg:webconsole.jms.url=tcp://0.0.0.0:61616
./org.apache.karaf.management.cfg:rmiRegistryPort = 9901
./org.apache.karaf.management.cfg:rmiServerPort = 44444
./org.apache.karaf.shell.cfg:sshPort=8101
Or with Karaf shell, try: config:list | grep -i port
Some common defaults:
5005 Karaf debug port
44444 and 1099 RMI server and registry
8181 default for PaxWeb
8101 SSH (shown as ldoms-migr in your listing)
61616 ActiveMq
1527 Derby dB
${KARAF_HOME}/data/port contains a port number used to trigger shutdown by
service scripts. In your lsof it looks like the shutdown port is on 59113
(that's why it's only open on localhost).
You can always try: telenet localhost PORTNUM to see if the other side
displays any protocol info (enter, ^D or ^C to exit).
To make things more secure without disabling services etc, set the host to
localhost / 127.0.0.1 in various config files to ensure the ports are not
exposed to the network: grep -i host ${KARAF_HOME}/etc
cheers,
Caspar
On 14 February 2013 07:00, Christian Schneider <[email protected]>wrote:
> When looking at the security please be aware that the ssh port allows
> access with a default private key that is publicly available.
> So make sure you remove the line karaf=... in etc/keys.properties and you
> should also change the password of the karaf user in user.properties.
>
> Christian
>
> Am 12.02.2013 10:44, schrieb Graham Leggett:
>
>> Hi all,
>>
>> I am currently trying to security harden the default version of karaf.
>> When the default latest version of v2.3.0 is started up with a default
>> configuration, it binds to and listens on the following ports:
>>
>> [minfrin@localhost bin]$ lsof -p 11151 | grep LISTEN
>> java 11151 minfrin 15u IPv6 357257 0t0 TCP
>> *:59514 (LISTEN)
>> java 11151 minfrin 68u IPv6 357493 0t0 TCP
>> localhost:59113 (LISTEN)
>> java 11151 minfrin 87u IPv6 357859 0t0 TCP
>> *:rmiregistry (LISTEN)
>> java 11151 minfrin 88u IPv6 357860 0t0 TCP
>> *:44444 (LISTEN)
>> java 11151 minfrin 99u IPv6 358277 0t0 TCP
>> *:ldoms-migr (LISTEN)
>>
>> Can anyone confirm what services these ports are exposing, and how they
>> can be controlled, secured, or switched off?
>>
>> Regards,
>> Graham
>> --
>>
>>
>
> --
> Christian Schneider
> http://www.liquid-reality.de
>
> Open Source Architect
> Talend Application Integration Division http://www.talend.com
>
>
