Statement -Sling Health check and their status
Environment - AEM 6.3 GA
Solution :
Environment - AEM 6.3 GA
Solution :
- Go to the Felix console URL: http://localhost:4502/system/console/healthcheck
- Click on the execute selected healthcheck
- Login with username and password if not logged into the AEM server.
- See the below list of sling health check components which were failed that means below heath checks to be fixed based on their priority.
- That's it!
|
Deserialization
Firewall Attach API Readiness
|
|
Tags: [deserialization,
security] Finished: 2018-06-11 31:49 after 1ms Result: HEALTH_CHECK_ERROR
|
|
HEALTH_CHECK_ERROR VM Class
could not be found using resolvers:
{com.adobe.cq.deserfw.impl.attach.SunAttachAPIResolver,com.adobe.cq.deserfw.impl.attach.IBMAttachAPIResolver}
HEALTH_CHECK_ERROR
Deserialization firewall was not able to detect the VirtualMachine class of
the Attach API. Please see error log for nested exception details. This
usually happens when running a JRE (instead of a JDK) or a JVM that doesn't
provide the Attach API. Please review the AEM Java Deserialization Firewall
documentation for how to load the deserialization agent via JVM command line
arguments.
|
|
Deserialization
Firewall Functional
|
|
Tags: [deserialization,
security] Finished: 2018-06-11 31:49 after 1ms Result: HEALTH_CHECK_ERROR
|
|
HEALTH_CHECK_ERROR
Deserialization of org.apache.commons.collections.functors.InvokerTransformer
should have failed, however it was successful
HEALTH_CHECK_ERROR
Deserialization firewall is not blocking test classes. Your system may be
vulnerable to remote deserialization execution. Please review system log and
deserialization agent documentation for more information.
|
|
Deserialization
Firewall Loaded
|
|
Tags: [deserialization,
security] Finished: 2018-06-11 31:48 after 75ms Result: HEALTH_CHECK_ERROR
|
|
HEALTH_CHECK_ERROR
Deserialization firewall is not loaded. Your system may be vulnerable to
remote deserialization execution. Please review system log and
deserialization agent documentation for more information.
|
|
Replication Agents
Disabled
|
|
Tags: [pre-upgrade]
Finished: 2018-06-11 31:49 after 1ms Result: HEALTH_CHECK_ERROR
|
|
HEALTH_CHECK_ERROR Agent
[offloading_outbox] is enabled . Please disable it before starting the
upgrade process.
HEALTH_CHECK_ERROR Agent
[offloading_outbox1] is enabled . Please disable it before starting the
upgrade process.
HEALTH_CHECK_ERROR Agent
[publish] is enabled . Please disable it before starting the upgrade process.
HEALTH_CHECK_ERROR Agent
[publish_reverse] is enabled . Please disable it before starting the upgrade
process.
HEALTH_CHECK_ERROR Agent
[test_and_target] is enabled . Please disable it before starting the upgrade
process.
HEALTH_CHECK_ERROR Agent
[youtube] is enabled . Please disable it before starting the upgrade process.
INFO [Click here to
inspect the replication agent configurations and
queues.](/etc/replication.html)
|
|
Security Checks
|
|
Tags: [] Finished:
2018-06-11 31:49 after 308ms Result: HEALTH_CHECK_ERROR
|
|
HEALTH_CHECK_ERROR
Deserialization Firewall Attach API Readiness: VM Class could not be found
using resolvers:
{com.adobe.cq.deserfw.impl.attach.SunAttachAPIResolver,com.adobe.cq.deserfw.impl.attach.IBMAttachAPIResolver}
HEALTH_CHECK_ERROR
Deserialization Firewall Attach API Readiness: Deserialization firewall was
not able to detect the VirtualMachine class of the Attach API. Please see
error log for nested exception details. This usually happens when running a
JRE (instead of a JDK) or a JVM that doesn't provide the Attach API. Please
review the AEM Java Deserialization Firewall documentation for how to load
the deserialization agent via JVM command line arguments.
HEALTH_CHECK_ERROR
Deserialization Firewall Functional: Deserialization of org.apache.commons.collections.functors.InvokerTransformer
should have failed, however it was successful
HEALTH_CHECK_ERROR
Deserialization Firewall Functional: Deserialization firewall is not blocking
test classes. Your system may be vulnerable to remote deserialization execution.
Please review system log and deserialization agent documentation for more
information.
HEALTH_CHECK_ERROR
Deserialization Firewall Loaded: Deserialization firewall is not loaded. Your
system may be vulnerable to remote deserialization execution. Please review
system log and deserialization agent documentation for more information.
WARN CQ Dispatcher
Configuration: Unable to check the dispatcher's basic configuration because
its address is not specified.
WARN CQ HTML Library
Manager Config: Minification is not enabled.
WARN CRXDE Support: The
com.adobe.granite.crx-explorer bundle is active.
WARN CRXDE Support: The
com.adobe.granite.crxde-lite bundle is active.
WARN CRXDE Support: [You
can disable the CRX Development Bundles in the administration
console.](/system/console/bundles)
WARN CRXDE Support: [See
Disable CRXDE Support in the security
guidelines.](https://www.adobe.com/go/aem6_3_docs_security_crxde_en)
WARN DavEx Health Check:
The SlingDavExServlet is NOT configured.
WARN DavEx Health Check:
[The SlingDavExServlet should be configured on instances running in
samplecontent mode.]( )
WARN DavEx Health Check:
[Check the section about the Sling DavEx bundle and servlet in the security
guidelines.](https://www.adobe.com/go/aem6_3_docs_security_webdav_en)
WARN Default Login
Accounts: Login as [admin: admin] succeeded, was expected to fail.
WARN Default Login
Accounts: The default OSGI console credentials were not changed. It is
strongly recommended to change them.
WARN Default Login
Accounts: [You can change the OSGI admin password via the configuration of
the Apache Felix OSGI Management
Console.](/system/console/configMgr/org.apache.felix.webconsole.internal.servlet.OsgiManager)
WARN Example Content
Packages: Example content package installation found based on group
[adobe/aem6/sample]): [we.retail.client.app.ui.apps].
WARN Example Content
Packages: Example content package installation found based on group
[adobe/aem6/sample]): [we.retail.client.app.ui.content].
WARN Example Content
Packages: Example content package installation found based on group
[adobe/aem6/sample]): [we.retail.commons.content].
WARN Example Content
Packages: Example content package installation found based on group
[adobe/aem6/sample]): [we.retail.community.apps].
WARN Example Content
Packages: Example content package installation found based on group
[adobe/aem6/sample]): [we.retail.community.content].
WARN Example Content
Packages: Example content package installation found based on group
[adobe/aem6/sample]): [we.retail.community.enablement.author].
WARN Example Content
Packages: Example content package installation found based on group
[adobe/aem6/sample]): [we.retail.community.enablement.common].
WARN Example Content
Packages: Example content package installation found based on group
[adobe/aem6/sample]): [we.retail.config].
WARN Example Content
Packages: Example content package installation found based on group
[adobe/aem6/sample]): [we.retail.ui.apps].
WARN Example Content
Packages: Example content package installation found based on group
[adobe/aem6/sample]): [we.retail.ui.content].
WARN Example Content
Packages: [10 example content packages installed.]( )
WARN Replication and
Transport Users: Transport user is admin for replication agent
[Offloading_replication_bcd5477c-f9ac-4a99-99c9-e6ed1169caaf].
WARN Replication and
Transport Users: Transport user is admin for replication agent [Default
Agent].
WARN Replication and
Transport Users: Transport user is admin for replication agent [Reverse
Replication Agent].
INFO Replication and
Transport Users: [You can change the transport user by editing the agent
settings in the Replication page.](/etc/replication.html)
WARN Replication and
Transport Users: [Replication agents should not use the default 'admin' as a
transport user.]( )
WARN Sling Get Servlet: The
default XML renderer is enabled.
WARN Sling Java Script
Handler: The Sling Java Script Handler generates debug information. The
system might be exposed if used as a publish environment.
WARN Sling Jsp Script
Handler: The Sling JSP Script Handler generates debug information. The system
might be exposed if used as a publish environment.
WARN Sling Jsp Script
Handler: The Sling JSP Script Handler generates mapped content. The system
might be exposed if used as a publish environment.
WARN Sling Referrer Filter:
The Sling Referrer Filter allows empty or missing referrers. The system might
be exposed to CSRF attacks.
WARN Sling Referrer Filter:
[Check Issues with Cross-Site Request Forgery in the security
guidelines](https://www.adobe.com/go/aem6_3_docs_security_siteforgery_en)
WARN SSL Configuration: SSL
was configured, but we failed connecting to the HTTPS port (strict SSL mode,
your certificate may be self-signed). ERROR: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
WARN WCM Filters
Configuration: The WCM Filter is in edit mode. It is recommended to disable
it on production environments.
WARN WCM Filters
Configuration: The WCM Debug Filter configuration has not been changed. It is
recommended to change the default configuration for a production environment.
WARN WebDAV Health Check:
The SimpleWebDavServlet is NOT configured.
WARN WebDAV Health Check:
[Check the section about the Sling WebDAV bundle and servlet in the security
guidelines.](https://www.adobe.com/go/aem6_3_docs_security_webdav_en)
WARN Web Server
Configuration: The URL of the website served by the server is not configured.
|
|
Maintenance Task
com.day.cq.audit.impl.AuditLogMaintenanceTask
|
|
Tags: [system]
Finished: 2018-06-11 31:49 after 118ms Result: CRITICAL
|
|
CRITICAL Maintenance task
with name 'com.day.cq.audit.impl.AuditLogMaintenanceTask' failed in the last
run.
|
|
Maintenance Task
WorkflowPurgeTask
|
|
Tags: [system]
Finished: 2018-06-11 31:48 after 22ms Result: CRITICAL
|
|
CRITICAL Maintenance task
with name 'WorkflowPurgeTask' failed in the last run.
|
|
Query Performance
|
|
Tags: [] Finished:
2018-06-11 31:48 after 16ms Result: CRITICAL
|
|
INFO Maximum number of
queries per minute: 19.
INFO Maximum total query
duration: 416 ms.
INFO Maximum average query
duration: 21 ms.
CRITICAL Average query
duration exceeded the 15 ms critical threshold.
|
|
Sling Jobs
|
|
Tags: [sling, jobs]
Finished: 2018-06-11 31:49 after 0ms Result: CRITICAL
|
|
INFO Found 0 jobs queued.
CRITICAL There are active
jobs but the last job activated was over 3600sec ago (25615sec) and is not
yet finished
|
|
System Maintenance
|
|
Tags: [] Finished:
2018-06-11 31:49 after 468ms Result: CRITICAL
|
|
CRITICAL Maintenance Task
com.day.cq.audit.impl.AuditLogMaintenanceTask: Maintenance task with name
'com.day.cq.audit.impl.AuditLogMaintenanceTask' failed in the last run.
CRITICAL Maintenance Task
WorkflowPurgeTask: Maintenance task with name 'WorkflowPurgeTask' failed in
the last run.
INFO Maintenance Task
com.day.cq.wcm.core.impl.VersionPurgeTask: Maintenance task with name
'com.day.cq.wcm.core.impl.VersionPurgeTask' succeeded in the last run.
INFO Maintenance Task
DataStoreGarbageCollectionTask: Maintenance task with name
'DataStoreGarbageCollectionTask' succeeded in the last run.
INFO Maintenance Task
RevisionCleanupTask: Maintenance task with name 'RevisionCleanupTask'
succeeded in the last run.
INFO Maintenance Task
RevisionCleanupTask: Maintenance task with name 'RevisionCleanupTask'
succeeded in the last run.
|
|
Check for default AEM
content packages
|
|
Tags: [packages,
content, startup] Finished: 2018-06-11 31:49 after 275ms Result: WARN
|
|
WARN Package
cq-apns-content is not present
WARN Package cq-chart-content
is not present
WARN Package
cq-connector-content is not present
WARN Package
cq-healthcheck-content is not present
WARN 4 content packages are
missing or not installed (out of 44)
|
|
CQ Dispatcher
Configuration
|
|
Tags: [dispatcher,
production, security] Finished: 2018-06-11 31:48 after 0ms Result: WARN
|
|
WARN Unable to check the
dispatcher's basic configuration because its address is not specified.
|
|
CQ HTML Library Manager
Config
|
|
Tags: [cq, security,
production] Finished: 2018-06-11 31:48 after 1ms Result: WARN
|
|
WARN Minification is not
enabled.
|
|
CRXDE Support
|
|
Tags: [bundles,
security, production] Finished: 2018-06-11 31:49 after 3ms Result: WARN
|
|
WARN The
com.adobe.granite.crx-explorer bundle is active.
WARN The
com.adobe.granite.crxde-lite bundle is active.
WARN [You can disable the
CRX Development Bundles in the administration
console.](/system/console/bundles)
WARN [See Disable CRXDE
Support in the security
guidelines.](https://www.adobe.com/go/aem6_3_docs_security_crxde_en)
|
|
DavEx Health Check
|
|
Tags: [bundles,
security, production] Finished: 2018-06-11 31:49 after 2ms Result: WARN
|
|
WARN The SlingDavExServlet
is NOT configured.
WARN [The SlingDavExServlet
should be configured on instances running in samplecontent mode.]( )
WARN [Check the section
about the Sling DavEx bundle and servlet in the security
guidelines.](https://www.adobe.com/go/aem6_3_docs_security_webdav_en)
|
|
Default Login Accounts
|
|
Tags: [login, security,
production] Finished: 2018-06-11 31:49 after 35ms Result: WARN
|
|
WARN Login as [admin:
admin] succeeded, was expected to fail.
WARN The default OSGI
console credentials were not changed. It is strongly recommended to change
them.
WARN [You can change the
OSGI admin password via the configuration of the Apache Felix OSGI Management
Console.](/system/console/configMgr/org.apache.felix.webconsole.internal.servlet.OsgiManager)
|
|
Example Content
Packages
|
|
Tags: [login, content,
example, security, production] Finished: 2018-06-11 31:49 after 375ms
Result: WARN
|
|
WARN Example content
package installation found based on group [adobe/aem6/sample]):
[we.retail.client.app.ui.apps].
WARN Example content
package installation found based on group [adobe/aem6/sample]):
[we.retail.client.app.ui.content].
WARN Example content
package installation found based on group [adobe/aem6/sample]):
[we.retail.commons.content].
WARN Example content
package installation found based on group [adobe/aem6/sample]):
[we.retail.community.apps].
WARN Example content
package installation found based on group [adobe/aem6/sample]):
[we.retail.community.content].
WARN Example content
package installation found based on group [adobe/aem6/sample]):
[we.retail.community.enablement.author].
WARN Example content
package installation found based on group [adobe/aem6/sample]):
[we.retail.community.enablement.common].
WARN Example content
package installation found based on group [adobe/aem6/sample]):
[we.retail.config].
WARN Example content
package installation found based on group [adobe/aem6/sample]):
[we.retail.ui.apps].
WARN Example content
package installation found based on group [adobe/aem6/sample]):
[we.retail.ui.content].
WARN [10 example content
packages installed.]( )
|
|
Log Errors
|
|
Tags: [] Finished:
2018-06-11 31:48 after 1ms Result: WARN
|
|
WARN [200 ERROR log
messages found (from a total of 200 messages)]( )
|
|
Replication and
Transport Users
|
|
Tags: [security,
replication, cq] Finished: 2018-06-11 31:49 after 0ms Result: WARN
|
|
WARN Transport user is
admin for replication agent
[Offloading_replication_bcd5477c-f9ac-4a99-99c9-e6ed1169caaf].
WARN Transport user is
admin for replication agent [Default Agent].
WARN Transport user is
admin for replication agent [Reverse Replication Agent].
INFO [You can change the
transport user by editing the agent settings in the Replication
page.](/etc/replication.html)
WARN [Replication agents
should not use the default 'admin' as a transport user.]( )
|
|
Sling Get Servlet
|
|
Tags: [dos, sling,
security, production] Finished: 2018-06-11 31:49 after 1ms Result: WARN
|
|
WARN The default XML
renderer is enabled.
|
|
Sling Java Script
Handler
|
|
Tags: [sling, security,
production] Finished: 2018-06-11 31:49 after 1ms Result: WARN
|
|
WARN The Sling Java Script
Handler generates debug information. The system might be exposed if used as a
publish environment.
|
|
Sling Jsp Script
Handler
|
|
Tags: [sling, security,
production] Finished: 2018-06-11 31:48 after 1ms Result: WARN
|
|
WARN The Sling JSP Script
Handler generates debug information. The system might be exposed if used as a
publish environment.
WARN The Sling JSP Script
Handler generates mapped content. The system might be exposed if used as a
publish environment.
|
|
Sling Referrer Filter
|
|
Tags: [sling, security,
production, csrf] Finished: 2018-06-11 31:48 after 0ms Result: WARN
|
|
WARN The Sling Referrer
Filter allows empty or missing referrers. The system might be exposed to CSRF
attacks.
WARN [Check Issues with
Cross-Site Request Forgery in the security
guidelines](https://www.adobe.com/go/aem6_3_docs_security_siteforgery_en)
|
|
SSL Configuration
|
|
Tags: [security,
production, ssl] Finished: 2018-06-11 31:49 after 797ms Result: WARN
|
|
WARN SSL was configured,
but we failed connecting to the HTTPS port (strict SSL mode, your certificate
may be self-signed). ERROR: sun.security.validator.ValidatorException: PKIX
path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
|
|
WCM Filters
Configuration
|
|
Tags: [cq, security,
production] Finished: 2018-06-11 31:48 after 1ms Result: WARN
|
|
WARN The WCM Filter is in
edit mode. It is recommended to disable it on production environments.
WARN The WCM Debug Filter
configuration has not been changed. It is recommended to change the default
configuration for a production environment.
|
|
WebDAV Health Check
|
|
Tags: [bundles,
security, production] Finished: 2018-06-11 31:49 after 53ms Result: WARN
|
|
WARN The
SimpleWebDavServlet is NOT configured.
WARN [Check the section
about the Sling WebDAV bundle and servlet in the security
guidelines.](https://www.adobe.com/go/aem6_3_docs_security_webdav_en)
|
|
Web Server
Configuration
|
|
Tags: [webserver,
production, security, clickjacking] Finished: 2018-06-11 31:49 after 0ms
Result: WARN
|
|
WARN The URL of the website
served by the server is not configured.
|
|
Summary
|
|
45 HealthCheck
executed, 27 failures
|
Is there an endpoint for results in JSON instead of HTML?
ReplyDelete