tomcat 7 and seculinks

[chrismfz]

Tomcat keeps shouting about this:

[114743.154708] access denied ffff88077c63bcb8 uid 497 target uid 0!
[114743.154720] access denied ffff88077c635eb8 uid 497 target uid 0!
[114743.154759] access denied ffff88077c63bcb8 uid 497 target uid 0!
[114743.155187] access denied ffff88077c63bcb8 uid 497 target uid 0!
[114743.155197] access denied ffff88077c635eb8 uid 497 target uid 0!
[114743.155604] access denied ffff88077c63bcb8 uid 497 target uid 0!
[114945.473533] access denied ffff88077c63bcb8 uid 497 target uid 0!
[114945.473545] access denied ffff88077c635eb8 uid 497 target uid 0!
[114945.473587] access denied ffff88077c63bcb8 uid 497 target uid 0!
[114945.473992] access denied ffff88077c63bcb8 uid 497 target uid 0!
[114945.474002] access denied ffff88077c635eb8 uid 497 target uid 0!
[114945.474084] access denied ffff88077c63bcb8 uid 497 target uid 0!

I don't know what exactly needs from root, but it cannot write to catalina.err because of that.
Changed /var/log/easy-tomcat7/ contents to tomcat:nobody but still it should be something else too.

 

[iseletsk]

User with id 497 trying to follow symlink that leads to a file owned by root (symlink attack).

 

[chrismfz]

id 497 is user "tomcat".

Server is empty with 0 users in it.

It started when I installed tomcat with easyapache.

 

[iseletsk]

If it is tomcat, than figure out which group tomcat runs in, and follow this guide to whitelist it:
CloudLinux Documentation