Dear All,

I have deployed a jboss server 4.2.2 in location /usr/local/src/jboss-4.2.2-GA and ran that using ./run.sh -b 0.0.0.0 &
As the installation was with default settings so we could view the jboss web console via http://ip:8080. And I have very little knowledge on Jboss.

Now the application team started building their application and after around 2 months they knocked me saying some one was IP constantly trying to access in that server . The reason for that was security team was running vulnerability check on that Jboss server.

NOW MY QUESTION IS HOW DID THEY COME TO KNOW OF THIS? IS THERE ANYTHING ON JBOSS WHICH CAN FIND OUT ABOUT THIS?

As application team has a normal user account so thats not possible for them to know who tried or failed to access to system but they knew. As root only I can view the /var/log/secure and know who tried and failed or succed but how come they know that.

Also one more thing, to my surprise I found that the jboss log is showing its been shutdown but I can see the server running using 'ps afx' command. How come this is possible?

Also FYI, I had given full permission to the application users only on the Jboss directory that is /usr/local/src/jboss-4.2.2-GA. So did they change anything as they can now start/stop the jboss service.

Thanks

They probably have a tap output on a switch where they can monitor traffic rather than monitoring the traffic on the server itself. Nmap will be able to query the port(s) that jboss uses and the results may have indicated that jboss wasn't answering on the port as expected. So they can know whether a service is running based on outside behavior.

I'm not familiar with Jboss, but you seem to be indicating the directory for it's source rather than where the service is located.

The mysql server for example has a large manual with an entire section dealing with security. I'd bet that your manual for Jboss has something similar. Do the users need full administration access?

Thanks for your help.

As I also don't know how to optimize the def. installation of Jboss so I gave them privilege on to that dir with acl so that they can develop their application and make necessary changes and start/stop the jboss service only.