About the Security Checkup Tool
Oracle WebLogic Server Administration console includes a security checkup tool that displays security check warnings.
In case of Oracle WebLogic Server for
OKE instances created after July 20, 2021, or the instances on which the July
2021 PSUs are applied, the message Security warnings detected. Click here to
view the report and recommended remedies
is displayed at the top of the
Oracle WebLogic Server Administration console. When you click the message, a list of
security warnings are displayed as listed in the following table.
The warning messages listed in the table are examples.
Security Warnings
Warning Message | Resolution |
---|---|
|
Run the following command in the administration
server as
|
|
Set the java properties for anonymous RMI T3 and IIOP requests during server start up. See Set the Java Properties. |
Note:
For existing Oracle WebLogic Server for OKE instances (created before July 20, 2021), you see the SSL host name verification warnings. For details, see Security Checkup Tool Warnings.After you address the warnings, you must click Refresh Warnings to see the warnings removed in the console.
For Oracle WebLogic Server for OKE instances created after July 20, 2021, though the java properties to disable anonymous requests for preventing anonymous RMI access are configured, the warnings still appear. This is a known issue in Oracle WebLogic Server.
Set the Java Properties
-
Edit the
domain.yaml
located in/u01/shared/weblogic-domains/<domain_name>/domain.yaml
for all instances ofserverPod
definitions as follows:serverPod: env: - name: USER_MEM_ARGS #admin server memory is explicitly set to min of 256m and max of 512m and GC algo is G1GC value: "-Xms256m -Xmx512m -XX:+UseG1GC -Djava.security.egd=file:/dev/./urandom" - name: JAVA_OPTIONS value: "-Dweblogic.store.file.LockEnabled=false -Dweblogic.rjvm.allowUnknownHost=true -Dweblogic.security.remoteAnonymousRMIT3Enabled=false -Dweblogic.security.remoteAnonymousRMIIIOPEnabled=false"
-
Apply the
domain.yaml
using thekubectl
command:kubectl -f <path_to_domain.yaml>