반응형

갑자기 개발자분이 특정 IP 대역에서

 

무차별 웹 페이지 검색이 일어난다고 알려주셨네요

 

응?

 

Tomcat 상에서는 server.xml 파일 내역을 통해

 

특정 여러 IP들을 막을수 있습니다.

 

아래 예제는 111.222.111.222 IP와 111.222.111.223 IP를 웹 접속시 403 에러를 발생시켜 접근 금지시키는 설정입니다.

(IP 사이에 . 앞에 \를 붙이지 않아도 동작 하기는 합니다만, 정식 설정 페이지에서는 \를 붙이는 것을 가이드함)

 

관련 Apache 페이지 : http://tomcat.apache.org/tomcat-9.0-doc/config/valve.html

 

<Context path="" docBase="/" reloadable="true">

   <Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="111\.222\.111\.222|111\.222\.111\.223" />

</Context>

 

하는 김에 서버 자체에 대한 접근을 막는것도 추가를 하였습니다.

 

우리 서버는 소중하니까요!

 

다만, 유동 IP에는 위험할 수는 있습니다.

(제 IP가 바뀌니까요!)

 

/etc/hosts.deny

 

sshd:ALL
mysqld:ALL

 

아래는 회사가 11.73.xxx.xxx 대역대에 있다는 가정하에 작성합니다.

 

(참고 : http://www.findip.kr/  사이트에 방문하면 외부에서 보여지는 (NAT 설정 등....) IP 주소를 확인 가능합니다.)

 

/etc/hosts.allow

sshd:11.73.
mysqld:11.73.

 

모두 마쳤으면

 

아래와 같이 서비스를 재시작 합니다.

 

# service mysqld restart

# service sshd restart

반응형
반응형

기본적으로 systemctl 명령을 통한 방식 (CASE 1)과 Startup.sh 및 Shutdown.sh 2가지 방식(CASE 2)이 있습니다.

 

설정하는 환경에 따른 차이로

 

공통적으로 시작 및 종료를 하기 위해서는

 

정확하게 쉘을 수행하는 것이 좋습니다.

 

systemctl 명령을 통해 시작한 tomcat은 Shutdown.sh를 수행하여도

 

잠시뒤에 다시 시작하는 현상도 볼수 있습니다.

 

1. Tomcat 시작하는 쉘

- CASE 1 방식

# Systemctl 서비스 시작 방식

MYID=`whoami`

# CHECK WAS PORT
WASPORT=`lsof -i TCP:80 | grep -i java | wc -l`

if [ ${WASPORT} -gt 0 ]; then
        echo ""
        echo "====================================="
        echo " 이미 WAS(Tomcat)가 실행 중입니다."
        echo ""

        echo " 종료한 뒤 수행해 주세요."
        echo "===================================="
        echo ""

        exit 0

fi

if [ ${MYID} = "root" ]; then
        systemctl start tomcat
else

        echo " root 계정만 실행 가능합니다."
fi

- CASE 2 방식

# WAS 서비스 시작 방식
WASHOME='/apache-tomcat-8.5.40/bin'

MYID=`whoami`

# CHECK WAS PORT
WASPORT=`lsof -i TCP:80 | wc -l`

if [ ${WASPORT} -gt 0 ]; then
        echo ""
        echo "====================================="
        echo " 이미 WAS(Tomcat)가 실행 중입니다."
        echo ""

        echo " 종료한 뒤 수행해 주세요."
        echo "===================================="
        echo ""

        exit 0

fi

if [ ${MYID} = "root" ]; then
        cd ${WASHOME}
        ./startup.sh
else

        echo " root 계정만 실행 가능합니다."
fi

 

2. Tomcat 종료하는 쉘

- CASE 1

# Systemctl 서비스 종료 방식
MYID=`whoami`

# CHECK WAS PORT
WASPORT=`lsof -i TCP:80 | wc -l`

if [ ${WASPORT} -eq 0 ]; then
        echo ""
        echo "====================================="
        echo " WAS가 기동중인 상태가 아닙니다."
        echo ""

        echo " 종료한 뒤 수행해 주세요."
        echo "===================================="
        echo ""

        exit 0

fi

if [ ${MYID} = "root" ]; then
        systemctl stop tomcat
else

        echo " root 계정만 실행 가능합니다."
fi

- CASE 2

# WAS 서비스 종료 방식
WASHOME='/apache-tomcat-8.5.40/bin'

MYID=`whoami`

# CHECK WAS PORT
WASPORT=`lsof -i TCP:80 | wc -l`

if [ ${WASPORT} -eq 0 ]; then
        echo ""
        echo "====================================="
        echo " WAS가 기동중인 상태가 아닙니다."
        echo ""

        echo " 종료한 뒤 수행해 주세요."
        echo "===================================="
        echo ""

        exit 0

fi

if [ ${MYID} = "root" ]; then
        cd ${WASHOME}
        ./shutdown.sh
else

        echo " root 계정만 실행 가능합니다."
fi

 

3. 서비스 포트에 수행되는 PID 확인

# Tomcat 기준

echo ""
echo "==================================================="
echo ""
echo " Use Port : 80, 8005, 8009, 8443, 8080 "
echo ""
echo "==================================================="

echo ""
echo "***************************************************"
echo " 1. Search : 80 Port "
lsof -i TCP:80
echo "***************************************************"
echo ""

echo ""
echo "***************************************************"
echo " 2. Search : 8005 Port "
lsof -i TCP:8005
echo "***************************************************"

echo ""
echo "***************************************************"
echo " 3. Search : 8009 Port "
lsof -i TCP:8009
echo "***************************************************"

echo ""
echo "***************************************************"
echo " 4. Search : 8443 Port "
lsof -i TCP:8443
echo "***************************************************"

echo ""
echo "***************************************************"
echo " 5. Search : 8080 Port "
lsof -i TCP:8080
echo "***************************************************"

echo ""

 

4. tomcat 에 WAR 파일 Deploy 하는 쉘

echo ""
echo "===================================================================="
echo ""
echo " Deploy Shell "
echo ""
echo "===================================================================="

############################# Define Path ################################
BACKUP_ROOT="/home/tomcat/backup"
WAR_DIR="/apache-tomcat-8.5.40/webapps"
WAR_FILE="deploy.war"

##########################################################################


if [ $# -eq 1 ]; then


        echo ""
        echo " 1. Check Deploy File Exist....."
        echo ""

        if [ -f $1 ]; then

                echo ""
                echo " 2. Check WAR File Exist..... "

                if [ -f ${WAR_DIR}/${WAR_FILE} ]; then

                        echo ""
                        echo " 3. Exist deploy.war File Backup"
                        echo "    Backup Folder => $BACKUP_ROOT "
                        echo ""

                        BK_NAME=`date +%Y%m%d_%H%M%S`

                        echo " *  cp ${WAR_DIR}/${WAR_FILE} ${BACKUP_ROOT}/${WAR_FILE}_${BK_NAME}"
                        cp ${WAR_DIR}/${WAR_FILE} ${BACKUP_ROOT}/${WAR_FILE}_${BK_NAME}
                        echo ""

                else

                        echo " *  Don't Backup Run becase, War File Not Exist "
                fi

                # delete old deploy folder
###                rm -rf ${WAR_DIR}/factory

                # Deploy File
                echo " *  cp $1 ${WAR_DIR}/${WAR_FILE}"
                cp $1 ${WAR_DIR}/${WAR_FILE}
                echo ""
                echo " >>> Please Restart Tomcat Service"
                echo ""

        else
                echo ""
                echo " $1 File not Exist .... Please check!"
                echo ""
        fi

else

        echo ""
        echo " Usage : $0 ${WAR_FILE} "
        echo ""
fi

echo ""
echo "===================================================================="
echo ""

 

반응형
반응형

어느날 갑자기

 

잘 WAR 배포 되던 사이트에서

 

tomcat 시작시 오류가 발생했습니다.

 

물론 간헐적으로 종종 있었지만,

 

아에 시작이 안되는 오류가 발생한것은 처음이었지요

 

-------------------- 오류 내역 ----------------------

 

23-Apr-2019 08:41:39.156 심각 [Catalina-startStop-1] org.apache.catalina.core.ContainerBase.startInternal A child container failed during start
 java.util.concurrent.ExecutionException: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[]]
        at java.util.concurrent.FutureTask.report(FutureTask.java:122)
        at java.util.concurrent.FutureTask.get(FutureTask.java:192)
        at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:942)
        at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:872)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1423)
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1413)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[]]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
        ... 6 more
Caused by: org.apache.catalina.LifecycleException: Failed to start component [org.apache.catalina.webresources.StandardRoot@1e50349c]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
        at org.apache.catalina.core.StandardContext.resourcesStart(StandardContext.java:4885)
        at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5020)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
        ... 6 more
Caused by: java.lang.IllegalArgumentException: The main resource set specified [/factory] is not valid
        at org.apache.catalina.webresources.StandardRoot.createMainResourceSet(StandardRoot.java:748)
        at org.apache.catalina.webresources.StandardRoot.startInternal(StandardRoot.java:706)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
        ... 9 more

 

23-Apr-2019 08:41:39.158 심각 [main] org.apache.catalina.core.ContainerBase.startInternal A child container failed during start
 java.util.concurrent.ExecutionException: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost]]
        at java.util.concurrent.FutureTask.report(FutureTask.java:122)
        at java.util.concurrent.FutureTask.get(FutureTask.java:192)
        at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:942)
        at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:262)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
        at org.apache.catalina.core.StandardService.startInternal(StandardService.java:422)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
        at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:793)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:688)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:353)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:493)
Caused by: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost]]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1423)
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1413)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.catalina.LifecycleException: A child container failed during start
        at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:953)
        at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:872)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
        ... 6 more
Caused by: java.util.concurrent.ExecutionException: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[]]
        at java.util.concurrent.FutureTask.report(FutureTask.java:122)
        at java.util.concurrent.FutureTask.get(FutureTask.java:192)
        at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:942)
        ... 8 more

 

Caused by: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[]]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
        ... 6 more
Caused by: org.apache.catalina.LifecycleException: Failed to start component [org.apache.catalina.webresources.StandardRoot@1e50349c]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
        at org.apache.catalina.core.StandardContext.resourcesStart(StandardContext.java:4885)
        at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5020)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
        ... 6 more
Caused by: java.lang.IllegalArgumentException: The main resource set specified [/factory] is not valid
        at org.apache.catalina.webresources.StandardRoot.createMainResourceSet(StandardRoot.java:748)
        at org.apache.catalina.webresources.StandardRoot.startInternal(StandardRoot.java:706)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
        ... 9 more

 

23-Apr-2019 08:41:39.160 심각 [main] org.apache.catalina.startup.Catalina.start The required Server component failed to start so Tomcat is unable to start.
 org.apache.catalina.LifecycleException: Failed to start component [StandardServer[8005]]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:688)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:353)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:493)
Caused by: org.apache.catalina.LifecycleException: Failed to start component [StandardService[Catalina]]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
        at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:793)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
        ... 7 more
Caused by: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina]]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
        at org.apache.catalina.core.StandardService.startInternal(StandardService.java:422)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
        ... 9 more
Caused by: org.apache.catalina.LifecycleException: A child container failed during start
        at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:953)
        at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:262)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
        ... 11 more
Caused by: java.util.concurrent.ExecutionException: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost]]
        at java.util.concurrent.FutureTask.report(FutureTask.java:122)
        at java.util.concurrent.FutureTask.get(FutureTask.java:192)
        at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:942)
        ... 13 more
Caused by: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost]]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1423)
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1413)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.catalina.LifecycleException: A child container failed during start
        at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:953)
        at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:872)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
        ... 6 more

 

-------------------------------------------------------------

 

해당 원인

1. Tomcat JMX(Java Management Extensions) 사용 + STS JMX 사용 = 2개 포트 중복으로 인한 충돌 발생
2. Local 개발 환경에서는 Tomcat을 사용하지 않아 발생하지 않음
3. 개발 서버에서는 Startup 시 Tomcat JMX가 먼저 부팅되는 경우(그동안) 정상적으로 UP이 되었으나
    언젠가는 발생해야 하는 문제였음.

해결 방법

1. STS 에서 사용하는 JMX 사용하지 않기(Tomcat만 사용하기)
    application.properties 설정 변경 방식 => 이 방식 설정 (우리는 JMX를 쓰지 않음, 만약 쓰고 싶다면 2번 해결 방식 참고)
2. STS에서 사용하는 JMX 포트 변경
    There are a few things we could do to avoid the error. We could open the editor again and change the JMX port as well, or we could disable ‘Live Bean Support’. But probably we don’t really want to run more than one copy of our app in this scenario. So we should just stop the already running instance before launching a new one. As this is such a common thing to do, STS provides a Relaunch Toolbar Button for just this purpose. Click the Button, the running app is stopped and restarted with the changes you just made to the Launch Configuration now taking effect. If it worked you should now have a 404 error page at http://localhost:8888 instead of 8080. (Note: the Relaunch button won’t work if you haven’t launched anything yet because it works from your current session’s launch history. However if you’ve launched an app at least once, it is okay to ‘Relaunch’ an app that is already terminated)

    https://spring.io/blog/2015/03/18/spring-boot-support-in-spring-tool-suite-3-6-4

관련 정보

1. 외국 관련 정보 사이트
https://stackoverflow.com/questions/28607506/disabling-jmx-in-a-spring-application/30853954  


application.properties 추가 내역
============================================================================================================================ 
 
# Prevent Spring from automatically exposing beans to JMX. Tomcat automatically creates an MBean when setting the
# JNDI data source, and an error gets thrown if spring then tries to add the data source MBean itself.
# 번역 : Spring이 자동으로 Bean을 JMX에 노출시키는 것을 방지한다. Tomcat은 JNDI 데이터 소스를 설정할 때 자동으로 MBean을 만들고, 스프링이 데이터 소스 MBean 자체를 추가하려고하면 오류가 발생합니다.
#
org.springframework.jmx.export.UnableToRegisterMBeanException 예외처리용
spring.jmx.enabled=false

============================================================================================================================

1. 스트링 부팅 application.properties 환경 설정 (config 정보들)
https://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html


2. jmx 란?

참고 : https://en.wikipedia.org/wiki/Java_Management_Extensions
Java Management Extensions 의 약자로 각종 프로그램/장치 등을 모니터링/관리 하기 위한 API 입니다.

출처 : https://gs.saro.me/dev?tn=467

 

 

반응형
반응형

우선 업무특성상 인터넷 망 영역에서 WAS 시스템이 있어야 한다는 조건이 발생했다....

보안땜시 그렇다고 하는데....

후우...

* 기타 파일들
  - admin 설치용
  - jdk 1.4 호환용

  - 개발자 설치용
  - 전체 document
    - 윈도우 설치용


1. 아래의 사이트에서 톰켓 SRC 버젼을 받는다.
    - 사실 jsp 를 통한 서블릿 과정을 진행할려고 하여 별도의 apache 연동은 없다 ! (웹 서버가 필요하면 별도의 아파치 연동과정을 찾아볼것!)
    - 단순한 한개의 jsp 페이지의 값을 넘겨 주기만 할것임 !
    - 다운로드 주소 : http://tomcat.apache.org/download-55.cgi#5.5.31
- Core부분의 tar.gz을 클릭

2. 클릭하면 저장을 할 수 있다.


3. 설치할 AIX 시스템에 FTP로 전송한다.
    - 계정 root
    - 경로 /usr/local/

4. root 계정으로 쉘 접속을 한다.
    - 아래의 명령을 실행한다.
 # cd /usr/local/
 # gzip -d apache-tomcat-5.5.31.tar.gz
 # tar xvf apache-tomcat-5.5.31.tar
 # ln -s /usr/local/apache-tomcat-5.5.31 /usr/local/tomcat
 # useradd -d /home/tomcat -g staff tomcat
 # passwd tomcat
 # mkdir /home/tomcat
 # chown -R tomcat:staff /usr/local/apache-tomcat-5.5.31 /usr/local/tomcat
 # chown -R tomcat:staff /home/tomcat

5. tomcat 계정으로 접속 후 .profile 파일을 변경처리 한다.

 if [ -s "$MAIL" ]                  # This is at Shell startup.  In normal
        then echo "$MAILMSG"       # operation, the Shell checks
fi                                 # periodically.


export JAVA_HOME=/usr/java5_64

set -o vi

PATH=/usr/bin:/etc:/usr/sbin:/usr/ucb:$HOME/bin:/usr/bin/X11:/sbin:${JAVA_HOME}/jre/bin:${JAVA_HOME}/bin:/usr/local/bin:/usr/local/tomcat/bin:.

stty erase ^?

export LANG=ko_KR

export PS1=[`hostname`:\$PWD]

umask 022


######### Tomcat 환경 변수 등록 #############

export CATALINA_HOME=/usr/local/tomcat


6. 다시 tomcat 계정으로 접속한다.
$> startup.sh 실행 후 (기동 명령)
$> ps -ef | grep startup.sh 조회시 프로세서가 조회되면 정상작동
$> shutdown.sh 실행 후 (종료 명령)
$> ps -ef | grep startup.sh 조회시 프로세서가 조회되지 않아야 정상 종료

위의 startup.sh 실행후 http://서버IP:8080/ 조회하면 노란 고양이를 만날수 있다.

포트 변경은 /usr/local/tomcat/conf/server.xml 파일내의 8080 포트를 검색하여 수정하면 된다(다른 포트와 충돌시 가동하지 않음)

※ 만약 기본 webapps 폴더이외의 홈 경로를 변경하고 싶다면...

/usr/local/tomcat/conf/Catalina/localhost/ROOT.xml 파일 생성

아래의 docBase 내용의 /home/myweb 디렉토리가 홈 디렉토리로 설정된다.

ROOT.xml 파일 내용
 <?xml version="1.0" encoding="UTF-8"?>
<Context path="" docBase="/home/myweb" debug="0" privileged="true" reloadable="true">
<Logger className="org.apache.catalina.logger.FileLogger" directory="logs"  prefix="localhost_log." suffix=".txt" timestamp="true"/>
</Context>



** 보안 취약 사항 수정 방법
telnet 호스트주소 8080
OPTIONS * HTTP/1.0

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Allow: GET, HEAD, POST, PUT, DELETE, OPTIONS
Content-Length: 0
Date: Thu, 23 Jun 2011 08:25:16 GMT
Connection: close

위의 PUT과 DELETE의 불필요한 메소드가 활성화 되어 위험함

제거 방법

/usr/local/tomcat/conf/web.xml 파일 제일 하단부에 붉은 색 표기와 같은 형태로 입력하면 됨

     <welcome-file-list>
        <welcome-file>index.html</welcome-file>
        <welcome-file>index.htm</welcome-file>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>


 <security-constraint>
 <web-resource-collection>
  <web-resource-name>Protected Context</web-resource-name>
  <url-pattern>/*</url-pattern>
    <http-method>HEAD</http-method>
    <http-method>TRACE</http-method>
    <http-method>OPTIONS</http-method>
 </web-resource-collection>
 <auth-constraint />
 </security-constraint>

   <security-constraint>
     <web-resource-collection>
        <web-resource-name>Protected Context</web-resource-name>
         <url-pattern>/servlet/org.apache.catalina.servlets.DefaultServlet/*</url-pattern>
      </web-resource-collection>
      <!-- auth-constraint goes here if you requre authentication -->
      <user-data-constraint>
         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
   </security-constraint>

</web-app>

 




조치 결과
telnet 호스트주소 8080
OPTIONS * HTTP/1.0

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 09:00:00 KST
Content-Type: text/html;charset=utf-8
Content-Length: 1108
Date: Thu, 23 Jun 2011 11:07:09 GMT
Connection: close

<html><head><title>Apache Tomcat/5.5.31 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 403 - Access to the requested resource has been denied</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>Access to the requested resource has been denied</u></p><p><b>description</b> <u>Access to the specified resource (Access to the requested resource has been denied) has been forbidden.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/5.5.31</h3></body></html>Connection closed by foreign host.


반응형

'OS > AIX' 카테고리의 다른 글

bff 파일 설치 (AIX)  (0) 2010.12.08
IBM AIX 용 JAVA 다운로드 주소  (0) 2010.12.07
AIX 시스템 점검 쉘  (0) 2010.06.04
Xmanager on AIX 5.3  (1) 2010.02.09
How to install/start/restart the X11 server under AIX  (0) 2010.02.05

+ Recent posts