[olug] Looking for Fedora 4 Admin help
Cesar Delgado
cdelgad2 at bigred.unl.edu
Sat Apr 1 21:15:21 UTC 2006
To change tomcat to use port 80 you'll need to edit the server.xml file.
There you'll find a connector that is using port 8080. Change that to
port 80.
About starting tomcat as a non-root user, just use `su`. It'll do the
trick. Make a group "tomcat" and make a user in that group called
"tomcat". Then run the tomcat statup script.
su tomcat /opt/tomcat5/bin/startup.sh
No kernel-touching necesary, ;). Although seting up IP tables might be
a good idea. Close everything but port 80 and maybe ssh. This can be
done with iptables. Just run the following :
# Flush all chains
/sbin/iptables --flush
# Allow unlimited traffic on the loopback interface
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
# Set default policies
/sbin/iptables --policy INPUT DROP
/sbin/iptables --policy OUTPUT DROP
/sbin/iptables --policy FORWARD DROP
# Previously initiated and accepted exchanges bypass rule checking
# Allow unlimited outbound traffic
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# Allow incoming TCP port 22 (ssh) traffic
/sbin/iptables -A INPUT -p tcp --dport ssh -m state --state NEW -j ACCEPT
# Allow incoming WWW request
/sbin/iptables -A INPUT -p tcp --dport www -m state --state NEW -j ACCEPT
# Drop all other traffic
/sbin/iptables -A INPUT -j DROP
Watch out that email might wrap some lines that should be on the same line.
Now, run:
/etc/init.d/iptables save
/etc/init.d/iptables restart
Now they are saved. If you start iptables at boot they should come back
up.
Cheers,
-Cesar
Lee Chalupa wrote:
> Hello:
>
> I'm a java developer. I'm working with a dev. team. We have a webhosting virtual server running Fedora Core 4.
> I'm looking for someone to help me when it comes to linux administration and mentoring. I'm doing
> the basics but when it comes to configuring the kernel or something similar I feel
> I'm too far out of my comfort zone. I would rather concentrate on my core skills.
>
> For example, I'm trying to run tomcat on port 80 as a non-root user. I don't want to run
> Apache server. One option is to use IPTables. So far so good. It looks like I have to
> change the configuration of the kernel. Now I'm out of my league.
>
> Let me know.
>
> Lee
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
More information about the OLUG
mailing list