Node/VM/EC2

Install and attach K2's Java Language Agent with your Java application hosted on Node/VM/EC2 for Runtime Self Application Protection.

Prerequisites

We assume here you are able to successfully install our K2 agents in your infrastructure.

‌Docker

Steps to protect Java Web Application

• The Java language agent is placed at one of the following locations(a.k.a LANGUAGE_COLLECTORS_HOME) based on the agent installation,

  • In /opt/k2-ic if the installation of agent is done via a privileged user(Eg. root).

  • In ${HOME}/k2-ic if the installation of agent is done via an unprivileged user.

    • ${HOME} points to the home directory of the linux user used to run the agent on the host.

  • In [sharable-directory]/k2-ic if a shareable-directory is configured in the env.properties file during the installation of agent.

• For any containerized Java web application (Docker/K8s), the host path LANGUAGE_COLLECTORS_HOME is to be mounted at "/opt/k2-ic" inside the container with option 'z'.

• Attach the java agent to any Java application by adding the following to its JVM arguments. If you use more than one JVM agent in your application, be sure to require the Java Agent last in the JVM arguments.:

  -javaagent:/opt/k2-ic/K2-JavaAgent-1.0.0-jar-with-dependencies.jar									

  Note:

  • If you are using Java 9 or above, please ensure to add java.sql module to your env. This can be done by adding a JVM argument to your application startup script. The said argument is --add-modules java.sql

• To verify if the given application is protected by Prevent-Web, refer to the "Protected processes" subsection of the "Applications" page and locate the application based on name and node IP. The host namespace PID(in case of a host application) and container namespace PID(in case of a containerised application) can also be used to locate the protected application.

• You can check your application in Protected processes View under applications on K2 Portal. Alternatively go to Applications | K2 Portal

Now your application is successfully registered with K2 platform and hence protected.

Non Docker

Steps to protect Java Web Application

• The Java language agent is placed at one of the following locations(a.k.a LANGUAGE_COLLECTORS_HOME) based on the agent installation,

  • In /opt/k2-ic if the installation of agent is done via a privileged user(Eg. root).

  • In ${HOME}/k2-ic if the installation of agent is done via an unprivileged user.

    • ${HOME} points to the home directory of the linux user used to run the agent on the host.

  • In [sharable-directory]/k2-ic if a shareable-directory is configured in the env.properties file during the installation of agent.

• Attach the java agent to any Java application by adding the following to its JVM arguments. If you use more than one JVM agent in your application, be sure to require the Java Agent last in the JVM arguments.:

  -javaagent:[LANGUAGE_COLLECTORS_HOME]/K2-JavaAgent-1.0.0-jar-with-dependencies.jar							

  Note:

  • If you are using Java 9 or above, please ensure to add java.sql module to your env. This can be done by adding a JVM argument to your application startup script. The said argument is --add-modules java.sql

• To verify if the given application is protected by Prevent-Web, refer to the "Protected processes" subsection of the "Applications" page and locate the application based on name and node IP. The host namespace PID(in case of a host application) and container namespace PID(in case of a containerised application) can also be used to locate the protected application

• You can check your application in Protected processes View under applications on K2 Portal. Alternatively go to Applications | K2 Portal

Now your application is successfully registered with K2 platform and hence protected.