I have deployed a jboss server 4.2.2 in location /usr/local/src/jboss-4.2.2-GA and ran that using ./run.sh -b 0.0.0.0 &
As the installation was with default settings so we could view the jboss web console via http://ip:8080
. And I have very little knowledge on Jboss.
Now the application team started building their application and after around 2 months they knocked me saying some one was IP constantly trying to access in that server . The reason for that was security team was running vulnerability check on that Jboss server.
NOW MY QUESTION IS HOW DID THEY COME TO KNOW OF THIS? IS THERE ANYTHING ON JBOSS WHICH CAN FIND OUT ABOUT THIS?
As application team has a normal user account so thats not possible for them to know who tried or failed to access to system but they knew. As root only I can view the /var/log/secure and know who tried and failed or succed but how come they know that.
Also one more thing, to my surprise I found that the jboss log is showing its been shutdown but I can see the server running using 'ps afx' command. How come this is possible?
Also FYI, I had given full permission to the application users only on the Jboss directory that is /usr/local/src/jboss-4.2.2-GA. So did they change anything as they can now start/stop the jboss service.