我可以使用 JVM SNMP 功能对读写访问做什么?
What can I do with read-write access with the JVM SNMP feature?
我正在使用工具 described here.
对 Java 应用程序进行 SNMP 监控
ACL 模板有一个格式部分描述了 access 和 managers 选项的含义:
##############################################################
# Format of the acl group
##############################################################
#
# communities: a list of SNMP community strings to which the
# access control applies separated by commas.
#
# access: either "read-only" or "read-write".
#
# managers: a list of hosts to be granted the access rights.
# Each can be expressed as any one of the following:
# - hostname: hubble
# - ip v4 and v6 addresses: 123.456.789.12 , fe80::a00:20ff:fe9b:ea82
# - ip v4 and v6 netmask prefix notation: 123.456.789.0/24,
# fe80::a00:20ff:fe9b:ea82/64
# see RFC 2373 (http://www.ietf.org/rfc/rfc2373.txt)
#
# An example of two community groups for multiple hosts:
# acl = {
# {
# communities = public, private
# access = read-only
# managers = hubble, snowbell, nanak
# }
# {
# communities = jerry
# access = read-write
# managers = hubble, telescope
# }
# }
如果我授予经理 access = read-write 那个经理实际上可以在 运行 JVM 中编写或更改什么?
写入权限是否允许管理器执行诸如触发 GC 或堆转储之类的操作?
对于 JVM SNMP 写访问,您无能为力,但是,可以调用 GC。
要查找 JVM 中可以通过 SNMP 修改的所有内容,您可以遍历属于 JDK built-in SNMP server 的所有 Jvm*Meta 类 并查找 non-trivial SnmpValue setter:
public SnmpValue set(SnmpValue x, long var, Object data)
这是 JDK 8u121 中所有可写 OID 的列表以及相应的 JMX 方法:
ClassLoadingMXBean.setVerbose
(1.3.6.1.4.1.42.2.145.3.163.1.1.1.4)MemoryMXBean.setVerbose (1.3.6.1.4.1.42.2.145.3.163.1.1.2.2)MemoryMXBean.gc (1.3.6.1.4.1.42.2.145.3.163.1.1.2.3)MemoryPoolMXBean.setCollectionUsageThreshold (1.3.6.1.4.1.42.2.145.3.163.1.1.2.110.1.131)MemoryPoolMXBean.setUsageThreshold (1.3.6.1.4.1.42.2.145.3.163.1.1.2.110.1.110)MemoryPoolMXBean.resetPeakUsage (1.3.6.1.4.1.42.2.145.3.163.1.1.2.110.1.5)ThreadMXBean.setThreadContentionMonitoringEnabled (1.3.6.1.4.1.42.2.145.3.163.1.1.3.5)ThreadMXBean.setThreadCpuTimeEnabled (1.3.6.1.4.1.42.2.145.3.163.1.1.3.6)ThreadMXBean.resetPeakThreadCount (1.3.6.1.4.1.42.2.145.3.163.1.1.3.7)
我正在使用工具 described here.
对 Java 应用程序进行 SNMP 监控ACL 模板有一个格式部分描述了 access 和 managers 选项的含义:
##############################################################
# Format of the acl group
##############################################################
#
# communities: a list of SNMP community strings to which the
# access control applies separated by commas.
#
# access: either "read-only" or "read-write".
#
# managers: a list of hosts to be granted the access rights.
# Each can be expressed as any one of the following:
# - hostname: hubble
# - ip v4 and v6 addresses: 123.456.789.12 , fe80::a00:20ff:fe9b:ea82
# - ip v4 and v6 netmask prefix notation: 123.456.789.0/24,
# fe80::a00:20ff:fe9b:ea82/64
# see RFC 2373 (http://www.ietf.org/rfc/rfc2373.txt)
#
# An example of two community groups for multiple hosts:
# acl = {
# {
# communities = public, private
# access = read-only
# managers = hubble, snowbell, nanak
# }
# {
# communities = jerry
# access = read-write
# managers = hubble, telescope
# }
# }
如果我授予经理 access = read-write 那个经理实际上可以在 运行 JVM 中编写或更改什么?
写入权限是否允许管理器执行诸如触发 GC 或堆转储之类的操作?
对于 JVM SNMP 写访问,您无能为力,但是,可以调用 GC。
要查找 JVM 中可以通过 SNMP 修改的所有内容,您可以遍历属于 JDK built-in SNMP server 的所有 Jvm*Meta 类 并查找 non-trivial SnmpValue setter:
public SnmpValue set(SnmpValue x, long var, Object data)
这是 JDK 8u121 中所有可写 OID 的列表以及相应的 JMX 方法:
ClassLoadingMXBean.setVerbose(1.3.6.1.4.1.42.2.145.3.163.1.1.1.4)MemoryMXBean.setVerbose(1.3.6.1.4.1.42.2.145.3.163.1.1.2.2)MemoryMXBean.gc(1.3.6.1.4.1.42.2.145.3.163.1.1.2.3)MemoryPoolMXBean.setCollectionUsageThreshold(1.3.6.1.4.1.42.2.145.3.163.1.1.2.110.1.131)MemoryPoolMXBean.setUsageThreshold(1.3.6.1.4.1.42.2.145.3.163.1.1.2.110.1.110)MemoryPoolMXBean.resetPeakUsage(1.3.6.1.4.1.42.2.145.3.163.1.1.2.110.1.5)ThreadMXBean.setThreadContentionMonitoringEnabled(1.3.6.1.4.1.42.2.145.3.163.1.1.3.5)ThreadMXBean.setThreadCpuTimeEnabled(1.3.6.1.4.1.42.2.145.3.163.1.1.3.6)ThreadMXBean.resetPeakThreadCount(1.3.6.1.4.1.42.2.145.3.163.1.1.3.7)