Hello Nick,
probably someone of the tomcat developers will comment this related to
tomcat but
-/etc/ssh/ssh_host_key.pub file was modified (one key added, another
deleted)
This is owned by root and only root have access to modify it.
Are you sure your root account is compromised?
Best
just a quick shot. Have you run your tomcat as root and what is your
kernel version?
If you don't run your tomcat as root and have a more or less uptodate
kernel without local root exploits, its highly unprobable that
you got hacked via tomcat.
Do you have anything that proves it anyway? :-)
What does your tomcat-users.xml look like? (sans the p/w of course)
-Original Message-
From: Nick Knol [mailto:nickk...@gmail.com]
Sent: Tuesday, August 18, 2009 8:45 AM
To: users@tomcat.apache.org
Subject: tomcat server hacked
First post, sorry if I'm breaking protocol. I could
Nick Knol wrote:
First post, sorry if I'm breaking protocol. I could really use help
tightening up security with the tomcat web server I'm running. A hacker got
in and trashed a bunch of files and I'm scared to death it will happen
again. I've been setting up a tomcat web server with the
From: BJ Selman [mailto:bjsel...@travelhost.com]
Subject: RE: tomcat server hacked
What does your tomcat-users.xml look like? (sans the p/w of course)
Note that using the toy tomcat-users.xml for authentication is inappropriate
for a secure environment.
- Chuck
THIS COMMUNICATION MAY
From: Leon Rosenberg [mailto:rosenberg.l...@googlemail.com]
Subject: Re: tomcat server hacked
Have you run your tomcat as root and what is your
kernel version?
According to the first post, Tomcat runs via jsvc with the userid Tomcat.
If you don't run your tomcat as root and have a more