The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

tomcat 7 and seculinks

Discussion in 'CloudLinux' started by chrismfz, Aug 11, 2013.

  1. chrismfz

    chrismfz Well-Known Member

    Joined:
    Jul 4, 2007
    Messages:
    109
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Greece
    cPanel Access Level:
    DataCenter Provider
    Tomcat keeps shouting about this:

    [114743.154708] access denied ffff88077c63bcb8 uid 497 target uid 0!
    [114743.154720] access denied ffff88077c635eb8 uid 497 target uid 0!
    [114743.154759] access denied ffff88077c63bcb8 uid 497 target uid 0!
    [114743.155187] access denied ffff88077c63bcb8 uid 497 target uid 0!
    [114743.155197] access denied ffff88077c635eb8 uid 497 target uid 0!
    [114743.155604] access denied ffff88077c63bcb8 uid 497 target uid 0!
    [114945.473533] access denied ffff88077c63bcb8 uid 497 target uid 0!
    [114945.473545] access denied ffff88077c635eb8 uid 497 target uid 0!
    [114945.473587] access denied ffff88077c63bcb8 uid 497 target uid 0!
    [114945.473992] access denied ffff88077c63bcb8 uid 497 target uid 0!
    [114945.474002] access denied ffff88077c635eb8 uid 497 target uid 0!
    [114945.474084] access denied ffff88077c63bcb8 uid 497 target uid 0!

    I don't know what exactly needs from root, but it cannot write to catalina.err because of that.
    Changed /var/log/easy-tomcat7/ contents to tomcat:nobody but still it should be something else too.
     
  2. iseletsk

    iseletsk Well-Known Member

    Joined:
    Mar 3, 2010
    Messages:
    163
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Princeton, New Jersey, United States
    User with id 497 trying to follow symlink that leads to a file owned by root (symlink attack).
     
  3. chrismfz

    chrismfz Well-Known Member

    Joined:
    Jul 4, 2007
    Messages:
    109
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Greece
    cPanel Access Level:
    DataCenter Provider
    id 497 is user "tomcat".

    Server is empty with 0 users in it.

    It started when I installed tomcat with easyapache.
     
  4. iseletsk

    iseletsk Well-Known Member

    Joined:
    Mar 3, 2010
    Messages:
    163
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Princeton, New Jersey, United States
    If it is tomcat, than figure out which group tomcat runs in, and follow this guide to whitelist it:
    CloudLinux Documentation
     

Share This Page