Montag, 21. Januar 2013

Find out who / what is connected to weblogic server (or to specific tcp port generally)

In the past weeks I had to stick around with outbound and inbound firewall rules. Firewalls are sometimes a real pain in the ass, but if you observe some rules, it should be possible to generate a working ruleset.

One important thing when configuring a firewall is to know which network hosts are connecting to the protected host (inbound rules) and to which hosts the protected host connects itself (outbound rules).

Very usefull tools for linux here are netstat and lsof. With that tools you can find out, what is connected to an tcp-port and which outgoing connections there are.

With netstat, you can see what services are listening on which networking interface. For example, if you have a weblogic server running on ports 7001 (AdminServer) and 7002 (managed_server0) on a specific networking device you will get something like that:

[root@linux ~]# netstat -tnlp 
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 192.168.0.20:7001         0.0.0.0:*                   LISTEN      22451/java        
tcp        0      0 192.168.0.20:7002         0.0.0.0:*                   LISTEN      22493/java          

Of course you will also see some open ports for sshd and so on.

Now if you want to know what process is behind a open port you can use ps in combination with grep.

[root@linux ~]# ps -ef | grep 22493 
  wluser   22493  6937  3 19:23 ?        00:20:13 /opt/oracle0/mwh/jrockit/bin/java -jrockit -Xms256m -Xmx1024m -Dweblogic.Name=managed_server0 -Djava.security.policy=/opt/oracle0/mwh/wlserver_10.3/server/lib/weblogic.policy -Dweblogic.ProductionModeEnabled=true -Dweblogic.security.SSL.trustedCAKeyStore=/opt/oracle0/mwh/wlserver_10.3/server/lib/cacerts -Dweblogic.ProductionModeEnabled=true -da -Dplatform.home=/opt/oracle0/mwh/wlserver_10.3 -Dwls.home=/opt/oracle0/mwh/wlserver_10.3/server -Dweblogic.home=/opt/oracle0/mwh/wlserver_10.3/server -Dcommon.components.home=/opt/oracle0/mwh/oracle_common -Djrf.version=11.1.1 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Ddomain.home=/opt/oracle0/projects/domains/domain0 -Djrockit.optfile=/opt/oracle0/mwh/oracle_common/modules/oracle.jrf_11.1.1/jrocket_optfile.txt -Doracle.server.config.dir=/opt/oracle0/projects/domains/domain0/config/fmwconfig/servers/AdminServer -Doracle.domain.config.dir=/opt/oracle0/projects/domains/domain0/config/fmwconfig -Digf.arisidbeans.carmlloc=/opt/oracle0/projects/domains/domain0/config/fmwconfig/carml -Digf.arisidstack.home=/opt/oracle0/projects/domains/domain0/config/fmwconfig/arisidprovider -Doracle.security.jps.config=/opt/oracle0/projects/domains/domain0/config/fmwconfig/jps-config.xml -Doracle.deployed.app.dir=/opt/oracle0/projects/domains/domain0/servers/AdminServer/tmp/_WL_user -Doracle.deployed.app.ext=/- -Dweblogic.alternateTypesDirectory=/opt/oracle0/mwh/oracle_common/modules/oracle.ossoiap_11.1.1,/opt/oracle0/mwh/oracle_common/modules/oracle.oamprovider_11.1.1 -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Dweblogic.jdbc.remoteEnabled=false -DEPM_ORACLE_HOME=/opt/oracle0/mwh/bip0 -DHYPERION_HOME=/opt/oracle0/mwh/bip0 -DEPM_ORACLE_INSTANCE=novalue -Dhyperion.home=/opt/oracle0/mwh/bip0 -DEPM_REG_PROPERTIES_PATH=/opt/oracle0/projects/domains/domain0/config/fmwconfig -Depm.useApplicationContextId=false -Doracle.biee.search.bisearchproperties=/opt/oracle0/mwh/bip0/bifoundation/jee/BISearchConfig.properties -Dweblogic.management.clearTextCredentialAccessEnabled=true -Doracle.notification.filewatching.interval=2000 -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.SSL.enableJSSE=true -Dfile.encoding=utf-8 -Duser.language=en -Duser.region=US -Dxdo.server.config.dir=/opt/oracle0/projects/domains/domain0/config/bipublisher -DXDO_FONT_DIR=/opt/oracle0/mwh/bip0/common/fonts -Dem.oracle.home=/opt/oracle0/mwh/oracle_common -Djava.awt.headless=true -Dweblogic.management.discover=true -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=/opt/oracle0/mwh/patch_wls1035/profiles/default/sysext_manifest_classpath:/opt/oracle0/mwh/patch_ocp360/profiles/default/sysext_manifest_classpath -Djava.io.tmpdir=/opt/oracle0/tmp -da -Dplatform.home=/opt/oracle0/mwh/wlserver_10.3 -Dwls.home=/opt/oracle0/mwh/wlserver_10.3/server -Dweblogic.home=/opt/oracle0/mwh/wlserver_10.3/server -Dcommon.components.home=/opt/oracle0/mwh/oracle_common -Djrf.version=11.1.1 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Ddomain.home=/opt/oracle0/projects/domains/domain0 -Djrockit.optfile=/opt/oracle0/mwh/oracle_common/modules/oracle.jrf_11.1.1/jrocket_optfile.txt -Doracle.server.config.dir=/opt/oracle0/projects/domains/domain0/config/fmwconfig/servers/managed_server0 -Doracle.domain.config.dir=/opt/oracle0/projects/domains/domain0/config/fmwconfig -Digf.arisidbeans.carmlloc=/opt/oracle0/projects/domains/domain0/config/fmwconfig/carml -Digf.arisidstack.home=/opt/oracle0/projects/domains/domain0/config/fmwconfig/arisidprovider -Doracle.security.jps.config=/opt/oracle0/projects/domains/domain0/config/fmwconfig/jps-config.xml -Doracle.deployed.app.dir=/opt/oracle0/projects/domains/domain0/servers/managed_server0/tmp/_WL_user -Doracle.deployed.app.ext=/- -Dweblogic.alternateTypesDirectory=/opt/oracle0/mwh/oracle_common/modules/oracle.ossoiap_11.1.1,/opt/oracle0/mwh/oracle_common/modules/oracle.oamprovider_11.1.1 -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Dweblogic.jdbc.remoteEnabled=false -DEPM_ORACL

OK, now you know what process runs the port. Now you can use lsof to determine which connections there are to and from the specified tcp-port.

[root@linux ~]# lsof -i tcp:7002
COMMAND   PID    USER   FD   TYPE   DEVICE SIZE NODE NAME
java    22493 wluser  290u  IPv4 61184208       TCP localhost:7002->clusterpartner1:55879 (ESTABLISHED)
java    22493 wluser  303u  IPv4 61184159       TCP localhost:7002->clusterpartner1:35736 (ESTABLISHED)
java    22493 wluser  382u  IPv4 61189759       TCP localhost:7002->clusterpartner1:55955 (ESTABLISHED)
java    22493 wluser  386u  IPv4 61170023       TCP localhost:7002->localhost:54803 (ESTABLISHED)
java    22493 wluser  389u  IPv4 61170863       TCP localhost:7002 (LISTEN)
java    22493 wluser  390u  IPv4 61170864       TCP
java    22493 wluser  398u  IPv4 61170992       TCP localhost:7002->localhost:54793 (ESTABLISHED)
java    22493 wluser  399u  IPv4 61171023       TCP localhost:7002->localhost:54799 (ESTABLISHED)
java    22493 wluser  400u  IPv4 61184168       TCP localhost:7002->clusterpartner1:35773 (ESTABLISHED)
java    22493 wluser  401u  IPv4 61171039       TCP localhost:7002->localhost:54903 (ESTABLISHED)
java    22493 wluser  405u  IPv4 61189776       TCP localhost:7002->clusterpartner1:55993 (ESTABLISHED) 

You can see my Managed Server (PID 22493) has some ingoing and outgoing connections to it's clusterpartner. So you can get an idea of which ports are needed and should be opened in local firewall.
Eingestellt von
Labels: , , , , , ,

Keine Kommentare:

Kommentar veröffentlichen

Abonnieren Kommentare zum Post (Atom)