We are looking to scan CA PPM and any of our customized content for security vulnerabilities with a tool called Contrast (http://www.contrastsecurity.com). Contrast is a jar file that is triggered as an agent running on the JVM that is used by the application server, in our case Tomcat. There are some variables that need to be passed in typically to make this happen:
-XX:MaxPermSize=512M -javaagent:D:\Apps\Contrast\contrast.jar -Dcontrast.standalone.appname=Clarity-Dev -Dcontrast.log=D:\Apps\Contrast\logs\contrast.log -Dcontrast.level=error -Dcontrast.log.daily=false -Dcontrast.log.backups=0 -Dcontrast.log.size=10 -Dcontrast.disabledrules=crypto-bad-mac,crypto-weak-randomness,header-injection
Detailed Explanation: -XX:MaxPermSize=512M This is a memory setting that we need to adjust the JVM
This is the JVM parameter that is used to load the Contrast.jar file in as an agent.
These are all parameters that are required by the Contrast agent that tell it how to operate.
We have installed this successfully in many other Java application servers including Tomcat but we have done this modifying the command lines and base configuration files which does not appear to work here. We tried to put the entire JVM parameters string into the JVM Parameters textbox in the Clarity admin console (CSA). It took them but when we rebooted the services the Contrast agent did not run, nor did it even through an error that we could find in the logs. We do not understand how we can install this for Clarity so any help the support team can provide would be much appreciated
Just GUESSing, but...
When we deploy a PPM service it creates a new set of files under the (example) tomcat-app-deploy directory in the home directory (where PPM is installed) on your server - is what you need to affect contained in any of the tomcat files in the conf directory under there perhaps?
Thank you David , that helped. The moment we re-deployed the Clarity services , the logs were generating on the Contrast console
The moment you redeploy the services it will pick and deploy the services from out of box files, so changing the servicesbat or .sh won't work. However if you just add to the JVM without modifying the command line and base configuration, what is the challenge you are facing?
Thank you Suman, that helped. The moment we re-deployed the Clarity services , the logs were generating on the Contrast console
I agree with Suman, as when the services are redeployed, these will pick them from OOTB files. After redeploying, if you can not see the desired change in the tomcat-app-deploy, where the files go after deployment of services. Then, the change has not been taken into account, thus not getting any error in the logs.
Thank you Kritika, that helped. The moment we re-deployed the Clarity services , the logs were generating on the Contrast console