Violation w.r.t extraction of executable Kafka jar in our temp directory
Hi Team,
As part of kafka, we are seeing a jar being extracted at our temp directory and executing during runtime.
/pega_installation_directory/pega-tempdir/kafka- Proprietary information hidden/libs/lz4-java-1.4.jar
We need to avoid these kind of Pega installation directory executable as part of our security policies.
Could you please let us know a way to specify the lib path for kafka instead of pega extracting the jar file during runtime?
***Edited by Moderator Marije to add Capability tags***
Accepted Solution
Updated: 31 Mar 2023 9:33 EDT
Bits In Glass
CA
In Pega, the Kafka libraries are bundled with the Pega installation and extracted to a temporary directory when the Kafka service is started. However, you can specify the lib path for Kafka by setting the following system properties in your Pega application server's startup script:
- kafka.logs.dir: The path to the Kafka logs directory
- kafka.logs.dir.permissions: The permissions for the Kafka logs directory
- kafka.logs.dir.owner: The owner of the Kafka logs directory
- kafka.logs.dir.group: The group of the Kafka logs directory
- kafka.lib.dir: The path to the Kafka libraries directory
- kafka.lib.dir.permissions: The permissions for the Kafka libraries directory
- kafka.lib.dir.owner: The owner of the Kafka libraries directory
- kafka.lib.dir.group: The group of the Kafka libraries directory
By setting these system properties, you can specify the location of the Kafka libraries directory, and ensure that it is not extracted to the Pega temporary directory.
Here's an example of how to set the system properties in a Tomcat server startup script:
export CATALINA_OPTS="$CATALINA_OPTS -Dkafka.logs.dir=/kafka/logs -Dkafka.logs.dir.permissions=755 -Dkafka.logs.dir.owner=kafka -Dkafka.logs.dir.group=kafka -Dkafka.lib.dir=/kafka/libs -Dkafka.lib.dir.permissions=755 -Dkafka.lib.dir.owner=kafka -Dkafka.lib.dir.group=kafka"
In Pega, the Kafka libraries are bundled with the Pega installation and extracted to a temporary directory when the Kafka service is started. However, you can specify the lib path for Kafka by setting the following system properties in your Pega application server's startup script:
- kafka.logs.dir: The path to the Kafka logs directory
- kafka.logs.dir.permissions: The permissions for the Kafka logs directory
- kafka.logs.dir.owner: The owner of the Kafka logs directory
- kafka.logs.dir.group: The group of the Kafka logs directory
- kafka.lib.dir: The path to the Kafka libraries directory
- kafka.lib.dir.permissions: The permissions for the Kafka libraries directory
- kafka.lib.dir.owner: The owner of the Kafka libraries directory
- kafka.lib.dir.group: The group of the Kafka libraries directory
By setting these system properties, you can specify the location of the Kafka libraries directory, and ensure that it is not extracted to the Pega temporary directory.
Here's an example of how to set the system properties in a Tomcat server startup script:
export CATALINA_OPTS="$CATALINA_OPTS -Dkafka.logs.dir=/kafka/logs -Dkafka.logs.dir.permissions=755 -Dkafka.logs.dir.owner=kafka -Dkafka.logs.dir.group=kafka -Dkafka.lib.dir=/kafka/libs -Dkafka.lib.dir.permissions=755 -Dkafka.lib.dir.owner=kafka -Dkafka.lib.dir.group=kafka"
Replace the values for kafka.logs.dir and kafka.lib.dir with the paths to your desired directories.
Note that this method may require additional configuration depending on your specific environment and deployment requirements. You may also need to update the Kafka configuration files to point to the new lib path.
MORGAN STANLEY
IN
@Sumit Kumar Thanks for prompt response. Let me try this once.