Skip to content

Commit 8990f3f

Browse files
PerfectSlayerPerfectSlayer
authored
feat(ssi): Add JMXFetch to denylist (#7970)
1 parent f3f2b15 commit 8990f3f

File tree

3 files changed

+61
-0
lines changed

3 files changed

+61
-0
lines changed

metadata/denied-arguments.tsv

+3
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,9 @@ apache_solr8_start -Dsolr.solr.home=*
2626
apache_solr8_stop *solr/server/start.jar Skip Apache Solr 8 stop using path to jar
2727
apache_solr8_tools org.apache.solr.util.SolrCLI Skip Apache Solr 8 CLI tools
2828

29+
# DataDog JMXFetch
30+
datadog_jmxfetch org.datadog.jmxfetch.App Skip DataDog JMXFetch
31+
2932
# Elastic Search 7+
3033
elasticsearch7 -Des.path.home=* Skip Elastic Search 7+ commands
3134

metadata/requirements-block.json

+41
Original file line numberDiff line numberDiff line change
@@ -197,5 +197,46 @@
197197
"arch": "x64",
198198
"libc": "glibc:2.17"
199199
}
200+
},
201+
{
202+
"name": "should block JMXFetch instance from DataDog Agent",
203+
"filepath": "/opt/java/openjdk/bin/java",
204+
"args": [
205+
"java",
206+
"-Djdk.attach.allowAttachSelf=true",
207+
"-XX:+UseContainerSupport",
208+
"-XX:MaxRAMPercentage=25.0000",
209+
"-classpath",
210+
"/opt/datadog-agent/bin/agent/dist/jmx/jmxfetch.jar",
211+
"org.datadog.jmxfetch.App",
212+
"--ipc_host",
213+
"localhost",
214+
"--ipc_port",
215+
"5001",
216+
"--check_period",
217+
"15000",
218+
"--thread_pool_size",
219+
"3",
220+
"--collection_timeout",
221+
"60",
222+
"--reconnection_timeout",
223+
"60",
224+
"--reconnection_thread_pool_size",
225+
"3",
226+
"--log_level",
227+
"INFO",
228+
"--reporter",
229+
"statsd:unix:///var/run/datadog/statsd.sock",
230+
"--statsd_queue_size",
231+
"4096",
232+
"--jmxfetch_telemetry",
233+
"collect"
234+
],
235+
"envars": [],
236+
"host": {
237+
"os": "linux",
238+
"arch": "x64",
239+
"libc": "glibc:2.17"
240+
}
200241
}
201242
]

metadata/requirements.json

+17
Original file line numberDiff line numberDiff line change
@@ -303,6 +303,23 @@
303303
],
304304
"envars": null
305305
},
306+
{
307+
"id": "datadog_jmxfetch",
308+
"description": "Skip DataDog JMXFetch",
309+
"os": null,
310+
"cmds": [
311+
"**/java"
312+
],
313+
"args": [
314+
{
315+
"args": [
316+
"org.datadog.jmxfetch.App"
317+
],
318+
"position": null
319+
}
320+
],
321+
"envars": null
322+
},
306323
{
307324
"id": "elasticsearch7",
308325
"description": "Skip Elastic Search 7+ commands",

0 commit comments

Comments
 (0)