Search code examples
javajvmsnmp

What can I do with read-write access with the JVM SNMP feature?

I am working with SNMP monitoring for a Java application using the tooling described here.

The ACL template has a section on the format that describes the meaning of the access and managers options:

##############################################################
#               Format of the acl group
##############################################################
#
# communities: a list of SNMP community strings to which the
#              access control applies separated by commas.
#
# access: either "read-only" or "read-write".
#
# managers: a list of hosts to be granted the access rights.
#    Each can be expressed as any one of the following:
#    - hostname: hubble
#    - ip v4 and v6 addresses: 123.456.789.12 , fe80::a00:20ff:fe9b:ea82
#    - ip v4 and v6 netmask prefix notation: 123.456.789.0/24, 
#         fe80::a00:20ff:fe9b:ea82/64  
#      see RFC 2373 (http://www.ietf.org/rfc/rfc2373.txt)
#
# An example of two community groups for multiple hosts:
#    acl = {
#     {
#       communities = public, private
#       access = read-only
#       managers = hubble, snowbell, nanak
#     }
#     {
#       communities = jerry
#       access = read-write
#       managers = hubble, telescope
#     }
#    }

If I grant a manger access = read-write what can that manager actually write or change in the running JVM?

Does write access allow the manager do something like trigger a GC or heapdump?

Solution

  • There is not much you can do with JVM SNMP write access, however, it is possible to invoke GC.

    To find everything in JVM that can be modified via SNMP, you can walk through all Jvm*Meta classes belonging to JDK built-in SNMP server and look for non-trivial SnmpValue setter:

        public SnmpValue set(SnmpValue x, long var, Object data)

    Here is a list of all writable OIDs in JDK 8u121 with the corresponding JMX methods: