/etc/java-11-openjdk/management/management.properties is in openjdk-11-jre-headless 10.0.1+10-3ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 | #####################################################################
# Default Configuration File for Java Platform Management
#####################################################################
#
# The Management Configuration file (in java.util.Properties format)
# will be read if one of the following system properties is set:
# -Dcom.sun.management.jmxremote.port=<port-number>
# or -Dcom.sun.management.snmp.port=<port-number>
# or -Dcom.sun.management.config.file=<this-file>
#
# The default Management Configuration file is:
#
# $JRE/conf/management/management.properties
#
# Another location for the Management Configuration File can be specified
# by the following property on the Java command line:
#
# -Dcom.sun.management.config.file=<this-file>
#
# If -Dcom.sun.management.config.file=<this-file> is set, the port
# number for the management agent can be specified in the config file
# using the following lines:
#
# ################ Management Agent Port #########################
#
# For setting the JMX RMI agent port use the following line
# com.sun.management.jmxremote.port=<port-number>
#
# For setting the SNMP agent port use the following line
# com.sun.management.snmp.port=<port-number>
#####################################################################
# Optional Instrumentation
#####################################################################
#
# By default only the basic instrumentation with low overhead is on.
# The following properties allow to selectively turn on optional
# instrumentation which are off by default and may have some
# additional overhead.
#
# com.sun.management.enableThreadContentionMonitoring
#
# This option enables thread contention monitoring if the
# Java virtual machine supports such instrumentation.
# Refer to the specification for the java.lang.management.ThreadMBean
# interface - see isThreadContentionMonitoringSupported() method.
#
# To enable thread contention monitoring, uncomment the following line
# com.sun.management.enableThreadContentionMonitoring
#####################################################################
# SNMP Management Properties
#####################################################################
#
# If the system property -Dcom.sun.management.snmp.port=<port-number>
# is set then
# - The SNMP agent (with the Java virtual machine MIB) is started
# that listens on the specified port for incoming SNMP requests.
# - the following properties for read for SNMP management.
#
# The configuration can be specified only at startup time.
# Later changes to the above system property (e.g. via setProperty method), this
# config file, or the ACL file has no effect to the running SNMP agent.
#
#
# ##################### SNMP Trap Port #########################
#
# com.sun.management.snmp.trap=<trap-destination-port-number>
# Specifies the remote port number at which managers are expected
# to listen for trap. For each host defined in the ACL file,
# the SNMP agent will send traps at <host>:<trap-destination-port-number>
# Default for this property is 162.
#
# To set port for sending traps to a different port use the following line
# com.sun.management.snmp.trap=<trap-destination-port-number>
#
# ################ SNMP listen interface #########################
#
# com.sun.management.snmp.interface=<InetAddress>
# Specifies the local interface on which the SNMP agent will bind.
# This is useful when running on machines which have several
# interfaces defined. It makes it possible to listen to a specific
# subnet accessible through that interface.
# Default for this property is "localhost".
#
# The format of the value for that property is any string accepted
# by java.net.InetAddress.getByName(String).
#
# For restricting the port on which SNMP agent listens use the following line
# com.sun.management.snmp.interface=<InetAddress>
#
# #################### SNMP ACL file #########################
#
# com.sun.management.snmp.acl=true|false
# Default for this property is true. (Case for true/false ignored)
# If this property is specified as false then the ACL file
# is not checked: all manager hosts are allowed all access.
#
# For SNMP without checking ACL file uncomment the following line
# com.sun.management.snmp.acl=false
#
# com.sun.management.snmp.acl.file=filepath
# Specifies location for ACL file
# This is optional - default location is
# $JRE/conf/management/snmp.acl
#
# If the property "com.sun.management.snmp.acl" is set to false,
# then this property and the ACL file are ignored.
# Otherwise the ACL file must exist and be in the valid format.
# If the ACL file is empty or non existent then no access is allowed.
#
# The SNMP agent will read the ACL file at startup time.
# Modification to the ACL file has no effect to any running SNMP
# agents which read that ACL file at startup.
#
# For a non-default acl file location use the following line
# com.sun.management.snmp.acl.file=filepath
#####################################################################
# RMI Management Properties
#####################################################################
#
# If system property -Dcom.sun.management.jmxremote.port=<port-number>
# is set then
# - A MBean server is started
# - JRE Platform MBeans are registered in the MBean server
# - RMI connector is published in a private readonly registry at
# specified port using a well known name, "jmxrmi"
# - the following properties are read for JMX remote management.
#
# The configuration can be specified only at startup time.
# Later changes to above system property (e.g. via setProperty method),
# this config file, the password file, or the access file have no effect to the
# running MBean server, the connector, or the registry.
#
#
# ########## RMI connector settings for local management ##########
#
# com.sun.management.jmxremote.local.only=true|false
# Default for this property is true. (Case for true/false ignored)
# If this property is specified as true then the local JMX RMI connector
# server will only accept connection requests from clients running on
# the host where the out-of-the-box JMX management agent is running.
# In order to ensure backwards compatibility this property could be
# set to false. However, deploying the local management agent in this
# way is discouraged because the local JMX RMI connector server will
# accept connection requests from any client either local or remote.
# For remote management the remote JMX RMI connector server should
# be used instead with authentication and SSL/TLS encryption enabled.
#
# For allowing the local management agent accept local
# and remote connection requests use the following line
# com.sun.management.jmxremote.local.only=false
#
# ###################### RMI SSL #############################
#
# com.sun.management.jmxremote.ssl=true|false
# Default for this property is true. (Case for true/false ignored)
# If this property is specified as false then SSL is not used.
#
# For RMI monitoring without SSL use the following line
# com.sun.management.jmxremote.ssl=false
# com.sun.management.jmxremote.ssl.config.file=filepath
# Specifies the location of the SSL configuration file. A properties
# file can be used to supply the keystore and truststore location and
# password settings thus avoiding to pass them as cleartext in the
# command-line.
#
# The current implementation of the out-of-the-box management agent will
# look up and use the properties specified below to configure the SSL
# keystore and truststore, if present:
# javax.net.ssl.keyStore=<keystore-location>
# javax.net.ssl.keyStorePassword=<keystore-password>
# javax.net.ssl.trustStore=<truststore-location>
# javax.net.ssl.trustStorePassword=<truststore-password>
# Any other properties in the file will be ignored. This will allow us
# to extend the property set in the future if required by the default
# SSL implementation.
#
# If the property "com.sun.management.jmxremote.ssl" is set to false,
# then this property is ignored.
#
# For supplying the keystore settings in a file use the following line
# com.sun.management.jmxremote.ssl.config.file=filepath
# com.sun.management.jmxremote.ssl.enabled.cipher.suites=<cipher-suites>
# The value of this property is a string that is a comma-separated list
# of SSL/TLS cipher suites to enable. This property can be specified in
# conjunction with the previous property "com.sun.management.jmxremote.ssl"
# in order to control which particular SSL/TLS cipher suites are enabled
# for use by accepted connections. If this property is not specified then
# the SSL/TLS RMI Server Socket Factory uses the SSL/TLS cipher suites that
# are enabled by default.
#
# com.sun.management.jmxremote.ssl.enabled.protocols=<protocol-versions>
# The value of this property is a string that is a comma-separated list
# of SSL/TLS protocol versions to enable. This property can be specified in
# conjunction with the previous property "com.sun.management.jmxremote.ssl"
# in order to control which particular SSL/TLS protocol versions are
# enabled for use by accepted connections. If this property is not
# specified then the SSL/TLS RMI Server Socket Factory uses the SSL/TLS
# protocol versions that are enabled by default.
#
# com.sun.management.jmxremote.ssl.need.client.auth=true|false
# Default for this property is false. (Case for true/false ignored)
# If this property is specified as true in conjunction with the previous
# property "com.sun.management.jmxremote.ssl" then the SSL/TLS RMI Server
# Socket Factory will require client authentication.
#
# For RMI monitoring with SSL client authentication use the following line
# com.sun.management.jmxremote.ssl.need.client.auth=true
# com.sun.management.jmxremote.registry.ssl=true|false
# Default for this property is false. (Case for true/false ignored)
# If this property is specified as true then the RMI registry used
# to bind the RMIServer remote object is protected with SSL/TLS
# RMI Socket Factories that can be configured with the properties:
# com.sun.management.jmxremote.ssl.config.file
# com.sun.management.jmxremote.ssl.enabled.cipher.suites
# com.sun.management.jmxremote.ssl.enabled.protocols
# com.sun.management.jmxremote.ssl.need.client.auth
# If the two properties below are true at the same time, i.e.
# com.sun.management.jmxremote.ssl=true
# com.sun.management.jmxremote.registry.ssl=true
# then the RMIServer remote object and the RMI registry are
# both exported with the same SSL/TLS RMI Socket Factories.
#
# For using an SSL/TLS protected RMI registry use the following line
# com.sun.management.jmxremote.registry.ssl=true
#
# ################ RMI User authentication ################
#
# com.sun.management.jmxremote.authenticate=true|false
# Default for this property is true. (Case for true/false ignored)
# If this property is specified as false then no authentication is
# performed and all users are allowed all access.
#
# For RMI monitoring without any checking use the following line
# com.sun.management.jmxremote.authenticate=false
#
# ################ RMI Login configuration ###################
#
# com.sun.management.jmxremote.login.config=<config-name>
# Specifies the name of a JAAS login configuration entry to use when
# authenticating users of RMI monitoring.
#
# Setting this property is optional - the default login configuration
# specifies a file-based authentication that uses the password file.
#
# When using this property to override the default login configuration
# then the named configuration entry must be in a file that gets loaded
# by JAAS. In addition, the login module(s) specified in the configuration
# should use the name and/or password callbacks to acquire the user's
# credentials. See the NameCallback and PasswordCallback classes in the
# javax.security.auth.callback package for more details.
#
# If the property "com.sun.management.jmxremote.authenticate" is set to
# false, then this property and the password & access files are ignored.
#
# For a non-default login configuration use the following line
# com.sun.management.jmxremote.login.config=<config-name>
#
# ################ RMI Password file location ##################
#
# com.sun.management.jmxremote.password.file=filepath
# Specifies location for password file
# This is optional - default location is
# $JRE/conf/management/jmxremote.password
#
# If the property "com.sun.management.jmxremote.authenticate" is set to
# false, then this property and the password & access files are ignored.
# Otherwise the password file must exist and be in the valid format.
# If the password file is empty or non-existent then no access is allowed.
#
# For a non-default password file location use the following line
# com.sun.management.jmxremote.password.file=filepath
#
# ################# Hash passwords in password file ##############
# com.sun.management.jmxremote.password.toHashes = true|false
# Default for this property is true.
# Specifies if passwords in the password file should be hashed or not.
# If this property is true, and if the password file is writable, and if the
# system security policy allows writing into the password file,
# all the clear passwords in the password file will be replaced by
# their SHA3-512 hash when the file is read by the server
#
#
# ################ RMI Access file location #####################
#
# com.sun.management.jmxremote.access.file=filepath
# Specifies location for access file
# This is optional - default location is
# $JRE/conf/management/jmxremote.access
#
# If the property "com.sun.management.jmxremote.authenticate" is set to
# false, then this property and the password & access files are ignored.
# Otherwise, the access file must exist and be in the valid format.
# If the access file is empty or non-existent then no access is allowed.
#
# For a non-default password file location use the following line
# com.sun.management.jmxremote.access.file=filepath
#
# ################ Management agent listen interface #########################
#
# com.sun.management.jmxremote.host=<host-or-interface-name>
# Specifies the local interface on which the JMX RMI agent will bind.
# This is useful when running on machines which have several
# interfaces defined. It makes it possible to listen to a specific
# subnet accessible through that interface.
#
# The format of the value for that property is any string accepted
# by java.net.InetAddress.getByName(String).
#
# ################ Filter for ObjectInputStream #############################
# com.sun.management.jmxremote.serial.filter.pattern=<filter-string>
# A filter, if configured, is used by java.io.ObjectInputStream during
# deserialization of parameters sent to the JMX default agent to validate the
# contents of the stream.
# A filter is configured as a sequence of patterns, each pattern is either
# matched against the name of a class in the stream or defines a limit.
# Patterns are separated by ";" (semicolon).
# Whitespace is significant and is considered part of the pattern.
#
# If a pattern includes a "=", it sets a limit.
# If a limit appears more than once the last value is used.
# Limits are checked before classes regardless of the order in the sequence of patterns.
# If any of the limits are exceeded, the filter status is REJECTED.
#
# maxdepth=value - the maximum depth of a graph
# maxrefs=value - the maximum number of internal references
# maxbytes=value - the maximum number of bytes in the input stream
# maxarray=value - the maximum array length allowed
#
# Other patterns, from left to right, match the class or package name as
# returned from Class.getName.
# If the class is an array type, the class or package to be matched is the element type.
# Arrays of any number of dimensions are treated the same as the element type.
# For example, a pattern of "!example.Foo", rejects creation of any instance or
# array of example.Foo.
#
# If the pattern starts with "!", the status is REJECTED if the remaining pattern
# is matched; otherwise the status is ALLOWED if the pattern matches.
# If the pattern contains "/", the non-empty prefix up to the "/" is the module name;
# if the module name matches the module name of the class then
# the remaining pattern is matched with the class name.
# If there is no "/", the module name is not compared.
# If the pattern ends with ".**" it matches any class in the package and all subpackages.
# If the pattern ends with ".*" it matches any class in the package.
# If the pattern ends with "*", it matches any class with the pattern as a prefix.
# If the pattern is equal to the class name, it matches.
# Otherwise, the status is UNDECIDED.
|