Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Configuration Management System (CMS)2018.05

Use > Hardening > Introduction to Hardening > System Access > Java JMX Access Hardening

Java JMX Access Hardening

Note The procedure described here can also be used for the Data Flow Probe JMX.

In order to ensure that the JMX RMI port is accessible only when providing user credentials, perform the following procedure:

In the wrapper.conf file on the server, located at C:\UCMDB\UCMDBServer\bin, set the following:

wrapper.java.additional.16=-Dcom.sun.management.jmxremote.authenticate=true

This setting requires the JMX to ask for authentication.
- For the Data Flow Probe JMX, perform the following:
  
  In the files WrapperGateway.conf and WrapperManager.conf, located at C:\UCMDB\DataFlowProbe\bin\, set the following:
  
  wrapper.java.additional.17=-Dcom.sun.management.jmxremote.authenticate=true
Rename the file jmxremote.password.template (located at: C:\UCMDB\UCMDBServer\bin\jre\lib\management\) to jmxremote.password.

Note For the Data Flow Probe JMX, this file is located at: C:\UCMDB\DataFlowProbe\bin\jre\lib\management\.
In jmxremote.password, add passwords for the roles monitorRole and controlRole.

For example:

monitorRole QED

controlRole R&D

would assign the password QED to monitorRole and the password R&D to controlRole.

Note Ensure that only the owner has read and write permissions on jmxremote.password because it contains the passwords in clear text. The file owner must be the same user under which UCMDB Server is running.
In the file jmxremote.access (located at C:\UCMDB\UCMDBServer\bin\jre\lib\management\), assign access to monitorRole and controlRole.

For example:

monitorRole readonly

controlRole readwrite

would assign read-only access to monitorRole and read-write access to controlRole.

Note For the Data Flow Probe JMX, this file is located at: C:\UCMDB\DataFlowProbe\bin\jre\lib\management\.
Secure files as follows:
- For Windows only: Run the following commands from the command line to secure files:
  
  icacls jmxremote.password /grant Administrator:F
  
  icacls jmxremote.access /grant Administrator:R
  
  where <username> is the file owner visible in the properties of both files. Open properties of these files and ensure that they are correct and have only one owner.
- For Solaris and Linux operating systems: Set the file permissions for the password file by running:
  
  chmod 600 jmxremote.password
For Service Pack upgrades, Server migrations and Disaster Recovery: Change ownership of the file jmxremote.access (located at C:\UCMDB\UCMDBServer\bin\jre\lib\management\) to the operating system user running the upgrade or migration installation.
Note
- For the Data Flow Probe JMX, this file is located at: C:\UCMDB\DataFlowProbe\bin\jre\lib\management\.
- Before uninstalling the product, edit the file permissions for <UCMDB_install_dir>\bin\jre\lib\management\jmxremote.password so the user you are logged in with can edit it.

Send Help Center feedback