Setuid is the way to start it as root so you can bind to port 80 and then have it drop privileges
http://www.eclipse.org/jetty/documentation/current/setuid.html#configuring-setuid -- jesse mcconnell [email protected] On Fri, Aug 1, 2014 at 2:03 PM, Haupt-Konto <[email protected]> wrote: > As mentioned in another mail from Steve Sobol, folder rights and executing > user might be useful. What priviledges does this user have (/etc/group)? > > Some further clues: > - Never run a container server as root; Register Jetty on some user-valid > port, i.e. 8080 and let it listen on loopback-device only. > - Following, set up a proxy HTTP server. Have in mind, that this proxy must > be secure, caused by the fact, that it must listen on port 80 - AFAIK there > is no way to bind a port lower than 1024 with non-root priviledges. > > You might also use IP tables to forward traffic. However, this is a > non-optimal solution due to the fact, that some further Linux development > might break your set up. > > Best regards > > Am 2014-08-01 18:25, schrieb Joakim Erdfelt: >> >> What's in conf.n? (details please) >> What do you have in your webapp? (be detailed) >> How do you start Jetty? (your command line *AND* your start.ini and >> start.d/ contents) >> Do you customize anything in ${jetty.home}? (like lib or xml files) >> >> Do you run elasticsearch on your machine? >> >> -- >> Joakim Erdfelt <[email protected]> >> webtide.com [2] - intalio.com/jetty [3] >> >> Expert advice, services and support from from the Jetty & CometD >> experts >> eclipse.org/jetty [4] - cometd.org [5] >> >> >> On Fri, Aug 1, 2014 at 9:16 AM, Kent Tong <[email protected]> >> wrote: >> >>> Hi, >>> >>> I have set up jetty-8.1.15.v20140411 on CentOS 6.5 with all the >>> updates installed. However, jetty keeps getting hacked: malicious >>> files (usually there is one named conf.n) are frequently created in >>> jetty's directory (/opt/jetty). I have only enabled the minimum >>> configuration in start.ini: >>> >>> etc/jetty.xml >>> etc/jetty-annotations.xml >>> etc/jetty-ssl.xml >>> etc/jetty-deploy.xml >>> >>> etc/jetty-contexts.xml >>> >>> there is only one webapp installed which is nothing out of ordinary. >>> >>> >>> any idea? thanks in advance! >>> >>> -- >>> >>> Kent Tong >>> IT author and consultant, child education coach >>> _______________________________________________ >>> jetty-users mailing list >>> [email protected] >>> To change your delivery options, retrieve your password, or >>> unsubscribe from this list, visit >>> https://dev.eclipse.org/mailman/listinfo/jetty-users [1] >> >> >> >> >> Links: >> ------ >> [1] https://dev.eclipse.org/mailman/listinfo/jetty-users >> [2] http://www.webtide.com/ >> [3] http://intalio.com/jetty >> [4] http://eclipse.org/jetty/ >> [5] http://cometd.org/ >> >> >> _______________________________________________ >> jetty-users mailing list >> [email protected] >> To change your delivery options, retrieve your password, or >> unsubscribe from this list, visit >> https://dev.eclipse.org/mailman/listinfo/jetty-users > > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe from > this list, visit > https://dev.eclipse.org/mailman/listinfo/jetty-users _______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
