[olug] Looking for Fedora 4 Admin help
cdelgad2 at bigred.unl.edu
Sat Apr 1 21:15:21 UTC 2006
To change tomcat to use port 80 you'll need to edit the server.xml file.
There you'll find a connector that is using port 8080. Change that to
About starting tomcat as a non-root user, just use `su`. It'll do the
trick. Make a group "tomcat" and make a user in that group called
"tomcat". Then run the tomcat statup script.
su tomcat /opt/tomcat5/bin/startup.sh
No kernel-touching necesary, ;). Although seting up IP tables might be
a good idea. Close everything but port 80 and maybe ssh. This can be
done with iptables. Just run the following :
# Flush all chains
# Allow unlimited traffic on the loopback interface
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
# Set default policies
/sbin/iptables --policy INPUT DROP
/sbin/iptables --policy OUTPUT DROP
/sbin/iptables --policy FORWARD DROP
# Previously initiated and accepted exchanges bypass rule checking
# Allow unlimited outbound traffic
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# Allow incoming TCP port 22 (ssh) traffic
/sbin/iptables -A INPUT -p tcp --dport ssh -m state --state NEW -j ACCEPT
# Allow incoming WWW request
/sbin/iptables -A INPUT -p tcp --dport www -m state --state NEW -j ACCEPT
# Drop all other traffic
/sbin/iptables -A INPUT -j DROP
Watch out that email might wrap some lines that should be on the same line.
Now they are saved. If you start iptables at boot they should come back
Lee Chalupa wrote:
> I'm a java developer. I'm working with a dev. team. We have a webhosting virtual server running Fedora Core 4.
> I'm looking for someone to help me when it comes to linux administration and mentoring. I'm doing
> the basics but when it comes to configuring the kernel or something similar I feel
> I'm too far out of my comfort zone. I would rather concentrate on my core skills.
> For example, I'm trying to run tomcat on port 80 as a non-root user. I don't want to run
> Apache server. One option is to use IPTables. So far so good. It looks like I have to
> change the configuration of the kernel. Now I'm out of my league.
> Let me know.
> OLUG mailing list
> OLUG at olug.org
More information about the OLUG