LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 01-25-2009, 05:53 AM   #1
tanveer
Member
 
Registered: Feb 2004
Location: e@rth
Distribution: RHEL-3/4/5,Gloria,opensolaris
Posts: 489

Rep: Reputation: 37
Angry How Jboss finds about Network access


Dear All,

I have deployed a jboss server 4.2.2 in location /usr/local/src/jboss-4.2.2-GA and ran that using ./run.sh -b 0.0.0.0 &
As the installation was with default settings so we could view the jboss web console via http://ip:8080. And I have very little knowledge on Jboss.

Now the application team started building their application and after around 2 months they knocked me saying some one was IP constantly trying to access in that server . The reason for that was security team was running vulnerability check on that Jboss server.

NOW MY QUESTION IS HOW DID THEY COME TO KNOW OF THIS? IS THERE ANYTHING ON JBOSS WHICH CAN FIND OUT ABOUT THIS?

As application team has a normal user account so thats not possible for them to know who tried or failed to access to system but they knew. As root only I can view the /var/log/secure and know who tried and failed or succed but how come they know that.

Also one more thing, to my surprise I found that the jboss log is showing its been shutdown but I can see the server running using 'ps afx' command. How come this is possible?

Also FYI, I had given full permission to the application users only on the Jboss directory that is /usr/local/src/jboss-4.2.2-GA. So did they change anything as they can now start/stop the jboss service.

Thanks
 
Old 01-25-2009, 06:13 AM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
They probably have a tap output on a switch where they can monitor traffic rather than monitoring the traffic on the server itself. Nmap will be able to query the port(s) that jboss uses and the results may have indicated that jboss wasn't answering on the port as expected. So they can know whether a service is running based on outside behavior.

I'm not familiar with Jboss, but you seem to be indicating the directory for it's source rather than where the service is located.

The mysql server for example has a large manual with an entire section dealing with security. I'd bet that your manual for Jboss has something similar. Do the users need full administration access?
 
Old 01-27-2009, 11:14 PM   #3
tanveer
Member
 
Registered: Feb 2004
Location: e@rth
Distribution: RHEL-3/4/5,Gloria,opensolaris
Posts: 489

Original Poster
Rep: Reputation: 37
Thanks for your help.

As I also don't know how to optimize the def. installation of Jboss so I gave them privilege on to that dir with acl so that they can develop their application and make necessary changes and start/stop the jboss service only.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
RHEL 5, ipw2200 - Finds wireless access points but can not connect? onur.aktas Linux - Wireless Networking 1 08-11-2008 06:00 PM
finds wireless network but doesn't connect branden_burger Linux - Networking 1 05-23-2008 09:34 AM
YUM finds 4 updates while up2date finds 29? guest Linux - Newbie 3 03-15-2005 09:01 PM
wireless finds ip address but cant see the network markhod Linux - Hardware 1 11-11-2003 08:32 PM
Gaim 0.71: pkg-config finds 2.2.3, ./configure finds 2.2.1 GreenPenInc Linux - Software 3 10-23-2003 08:00 PM


All times are GMT -5. The time now is 10:31 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration