标签归档:JBoss

Hack Analysis (CVE-2010-0738)

https://xorl.wordpress.com/2012/02/14/hack-analysis-cve-2010-0738/

Recently a friend of mine called me to investigate a hacked development server he had for some JBoss application development. I didn’t have enough time so I just cleaned up the server since it was an automated attack and informed him of its status.

Now that I found some time I can write this blog post. Just for clarification, if this was a 0day or some sophisticated hack I would never disclose any information, but since this is a very common, already known, automated attack I’m publishing this blog post. 继续阅读

JBoss在Linux上自动启动

JBoss在Linux上自动启动
(JBoss V4.0.3sp1)
测试环境:redhat adv 4.0, turbo linux 10

#为root用户的命令提示符 $为jboss用户的命令提示符
1. 安装J2SDK到/usr/local/jdk1.5.0_06
2. 安装JBoss4.0到/usr/local/jboss-4.0.3SP1,
修改$JBOSS_HOME/bin/run.conf

JAVA_OPTS=”-server –Xms256m –Xmx512m”
修改Jboss的Tomcat Web 端口为80(Tomcat 运行在80端口要用root用户才行,否则java.net.BindException: Permission denied:80) 继续阅读

Jboss 4配置和优化

Jboss 4配置和优化

作者:SOLARIS小兵
一.Jboss后台启动:
添加后台修改命令:

vi run.sh
while true; do
   if [ "x$LAUNCH_JBOSS_IN_BACKGROUND" = "x" ]; then
      # Execute the JVM in the foreground
     nohup  "$JAVA" $JAVA_OPTS \
         -Djava.endorsed.dirs="$JBOSS_ENDORSED_DIRS" \
         -classpath "$JBOSS_CLASSPATH" \
         org.jboss.Main "$@"
      JBOSS_STATUS=$?
   else
      # Execute the JVM in the background
      "$JAVA" $JAVA_OPTS \
         -Djava.endorsed.dirs="$JBOSS_ENDORSED_DIRS" \
         -classpath "$JBOSS_CLASSPATH" \
         org.jboss.Main "$@" &
      JBOSS_PID=$!
      # Trap common signals and relay them to the jboss process
      trap "kill -HUP  $JBOSS_PID" HUP
      trap "kill -TERM $JBOSS_PID" INT
      trap "kill -QUIT $JBOSS_PID" QUIT
      trap "kill -PIPE $JBOSS_PID" PIPE
      trap "kill -TERM $JBOSS_PID" TERM
      # Wait until the background process exits
      WAIT_STATUS=0
      while [ "$WAIT_STATUS" -ne 127 ]; do
         JBOSS_STATUS=$WAIT_STATUS
         wait $JBOSS_PID 2>/dev/null
         WAIT_STATUS=$?
      done
   fi
   # If restart doesn't work, check you are running JBossAS 4.0.4+
   #    http://jira.jboss.com/jira/browse/JBAS-2483
   # or the following if you're running Red Hat 7.0
   #    http://developer.java.sun.com/developer/bugParade/bugs/4465334.html   
   if [ $JBOSS_STATUS -eq 10 ]; then
      echo "Restarting JBoss..."
   else
      exit $JBOSS_STATUS
   fi
done &

继续阅读

JBoss 5.0 安装配置负载均衡

简明JBOSS 5的安装配置说明

环境:
Linux AS4以上,以下内容JBOSS5的简称JBoss,JDK5简称JDK

下载:
下载JDK1.5以上版本
http://java.sun.com/javase/downloads/index_jdk5.jsp
http://java.sun.com/javase/6/  继续阅读

JBoss配置

JBoss 的一些配置(端口,虚拟目录,虚拟主机,中文问题,数据库连接)

一、设置控制台登录窗口

安装好jboss并启动jboss后,在浏览器窗口的地址栏里键入http://localhost:8080/jmx-consolehttp://localhost:8080/jmx-console就可以浏览jboss的部署管理的一些信息,默认情况下不键入任何用户名和密码就可以进入此页面,方便是方便,但真正使用起来还是有点安全隐患,因为不管任何人只要知道server的ip都可以进去访问。下面我们针对此问题对jboss进行配置,使得访问jmx-console也必须 要知道用户名和密码才可进去访问. 继续阅读