Ordinary user operation of tomcat security protection 02/24 Update SLTechnology News&Howtos

Ordinary user operation of tomcat security protection

2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

Threats:

In general, when configuring a Tomcat production environment, you usually configure Tomcat to run under a specific identity (not root), which helps to improve security and prevent further privilege escalation after the website is hacked.

Let's not say much about the environment, ↓.

To install jdk, please refer to: http://53cto.blog.51cto.com/9899631/1697368

To install tomcat, please refer to: http://53cto.blog.51cto.com/9899631/1697386

1. Enter the bin directory under the Tomcat installation directory

Cd / usr/local/apache-tomcat-8.0.30/bin

2. Decompress commons-daemon-native.tar.gz

Tar zxvf commons-daemon-native.tar.gzcd commons-daemon-native/unix

3. Compilation tools such as gcc and make are required. If the JAVA_HOME environment variable is not specified, the-- with-java= parameter is required to specify the jdk directory.

. / configuremake

4, after make, a file named jsvc is generated under the current folder and copied to the $CATALINA_HOME/bin directory

Cp jsvc / usr/local/apache-tomcat-8.0.30/bin

5, add a program that users use to run Tomcat

Useradd-M-d /-s / usr/sbin/nologin tomcat

6. Modify the daemon.sh file in the $CATALINA_HOME/bin directory (you can ignore this step if you have configured the jdk environment variable)

Set the

TOMCAT_USER=tomcatJAVA_HOME=/usr/java/jdk1.8.0_65

7, add the run permission for the * .sh file under $CATALINA_HOME/bin if it does not have the permission to run

Chmod + x * .sh

8, set the $CATALINE_HOME folder and all its child files Owner to tomcat

Chown-R tomcat:tomcat / usr/local/apache-tomcat-8.0.30

9, start Tomcat

Daemon.sh start [root@bogon bin] #. / daemon.sh-helpUnknown command: `- help'Usage: daemon.sh (commands...) commands: run Start Tomcat without detaching from console start Start Tomcat stop Stop Tomcat version What version of commons daemon and Tomcat are you running?

10, check to see if it is launched as a tomcat user

Ps aux | grep tomcat

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.