Hello Yanna,
we are not using APM, only the SystemEdge. When I check the ports on a host I see this:
> ss -tulpn
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 0.0.0.0:49017 0.0.0.0:* users:(("sysedge",pid=4162,fd=6))
udp UNCONN 0 0 1.2.3.4:1691 0.0.0.0:* users:(("sysedge",pid=4162,fd=8))
udp UNCONN 0 0 0.0.0.0:4104 0.0.0.0:* users:(("camf",pid=4150,fd=5))
udp UNCONN 0 0 1.2.3.4:60886 0.0.0.0:* users:(("sysedge",pid=4162,fd=7))
tcp LISTEN 0 128 0.0.0.0:4105 0.0.0.0:* users:(("camf",pid=4150,fd=6))
<....>
> ps -efx | grep cam
4150 ? Ss 3:29 cam LD_LIBRARY_PATH=/opt/CA/SystemEDGE/bin:/opt/CA/SharedComponents/lib:/opt/CA/CAlib CA_LOCALE=enu PATH=/bin:/usr/bin:/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/opt/CA/SharedComponents/bin:/opt/CA/SharedComponents/ccs/cam/bin CA_CAILANGUAGE=enu SERVICE_PATH=/opt/CA/SystemEDGE/bin PWD=/ CA_UNISRVCNTR_CALLED=3890.2 LANG=en_US.UTF-8 CASYSEDGE=/opt/CA/SystemEDGE SHLVL=3 CANOLOG_flag= CA_SECTION=all CASHCOMP=/opt/CA/SharedComponents CAI_MSQ=/opt/CA/SharedComponents/ccs/cam AWSCOMM_DIR=/opt/CA/SystemEDGE CABIN=/opt/CA/SharedComponents/bin CALIB=/opt/CA/SharedComponents/lib _=/opt/CA/SharedComponents/ccs/cam/bin/cam
> ./sysedgectl start
Starting cam in /opt/CA/SharedComponents/ccs/cam <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< This should be permanent disabled
Executed CA-cam start............................................OK
Starting CA-SystemEDGE service.
CA SystemEDGE Version x.x.x - sysedge
I found a way. I moved the cam/camf to cam.bak/camf.bak and now the process can't start.
BUT: The SystemEdge opens additional ports? Why?
> ss -tulpn | egrep "cam|sys"
udp UNCONN 0 0 1.2.3.4:1691 0.0.0.0:* users:(("sysedge",pid=12534,fd=8))
udp UNCONN 0 0 1.2.3.4:40437 0.0.0.0:* users:(("sysedge",pid=12534,fd=7)) <<<<<<<<<<<<<<<<<<<
udp UNCONN 0 0 0.0.0.0:42026 0.0.0.0:* users:(("sysedge",pid=12534,fd=6)) <<<<<<<<<<<<<<<<<<<
Kind regards
Karsten
Original Message:
Sent: 03-27-2020 10:35 AM
From: Gnanawathy Hareendran
Subject: disable SystemEdge Ports: 60405 and 45432
Please check the bundle.properties file in apmia/extensions/HostMonitor directory.
By default it uses port 1791 and for traps port 1792.
Please refer:
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/application-performance-management/10-7/implementing-agents/infrastructure-agent/host-monitoring/install-the-ca-apm-infrastructure-agent-and-ca-apm-host-monitoring.html
Thanks,
Yanna.
Original Message:
Sent: 03-27-2020 06:24 AM
From: Karsten Ballandis
Subject: disable SystemEdge Ports: 60405 and 45432
Hello,
we using the SystemEdge on Linux and I must disable all unwanted ports (for security). How can I disable this ports (this is only an exampe, because on a different host I see other ports):
Local Address PID/Program name
0.0.0.0:60405 24638/sysedge
0.0.0.0:45432 24638/sysedge
Additional I want to disable this ports for CAM:
tcp 0.0.0.0:4105 10670/cam
udp 0.0.0.0:4104 10670/cam
Why are 5 ports (including 4 unnecessary) opened when the SystemEdge is installed?
Kind regards
Karsten