> From: Leon Rosenberg [mailto:rosenberg.l...@googlemail.com]
> Subject: Re: tomcat server hacked
>
> Have you run your tomcat as root and what is your
> kernel version?
According to the first post, Tomcat runs via jsvc with the userid Tomcat.
> If you don't run your to
> From: BJ Selman [mailto:bjsel...@travelhost.com]
> Subject: RE: tomcat server hacked
>
> What does your tomcat-users.xml look like? (sans the p/w of course)
Note that using the toy tomcat-users.xml for authentication is inappropriate
for a secure environment.
- Chuck
THIS C
Nick Knol wrote:
> First post, sorry if I'm breaking protocol. I could really use help
> tightening up security with the tomcat web server I'm running. A hacker got
> in and trashed a bunch of files and I'm scared to death it will happen
> again. I've been setting up a tomcat web server with th
What does your tomcat-users.xml look like? (sans the p/w of course)
-Original Message-
From: Nick Knol [mailto:nickk...@gmail.com]
Sent: Tuesday, August 18, 2009 8:45 AM
To: users@tomcat.apache.org
Subject: tomcat server hacked
First post, sorry if I'm breaking protocol. I could really
just a quick shot. Have you run your tomcat as root and what is your
kernel version?
If you don't run your tomcat as root and have a more or less uptodate
kernel without local root exploits, its highly unprobable that
you got hacked via tomcat.
Do you have anything that proves it anyway? :-)
bes
Hello Nick,
probably someone of the tomcat developers will comment this related to
tomcat but
-/etc/ssh/ssh_host_key.pub file was modified (one key added, another
deleted)
This is owned by root and only root have access to modify it.
Are you sure your root account is compromised?
Best rega
