Tomcat security protection for normal users

Tomcat security protection for normal users
Threat: Generally, When configuring the Tomcat production environment, Tomcat is usually configured to run as a specific identity (non-root), which is conducive to improving security, this prevents further elevation of permissions after the website is hacked. For more information about the environment, see: http://53cto.blog.51cto.com/9899631/1697368 To install tomcat, see: http://53cto.blog.51cto.com/9899631/1697386 1. Go to the bin directory cd/usr/local/apache-Tomcat-8.0.30/bin 2 under the tomcat installation directory to decompress commons-daemon-native.tar.gz tar zxvf commons-daemon-native.tar.gz cd commons-daemon-native/unix 3, gcc, make, and other compilation tools are required. If the JAVA_HOME environment variable is not specified, the -- with-java = parameter is required to specify the jdk directory. /configure make 4. After make, a file named jsvc is generated in the current folder, copy it to the $ CATALINA_HOME/bin directory cp jsvc/usr/local/apache-tomcat-8.0.30/bin 5, add a program user to run Tomcat useradd-M-d/-s/usr/sbin /Nologin tomcat 6, modify daemon in the $ CATALINA_HOME/bin directory. sh file (skip this step if jdk environment variables are configured) set TOMCAT_USER = tomcatJAVA_HOME =/usr/java/jdk1.8.0 _ 65 7, if *. if the sh file does not have the running permission, add the running permission chmod + x * to it *. sh 8, set the $ CATALINE_HOME folder and all its sub-files Owner to tomcat chown-R tomcat: tomcat/usr/local/apache-tomcat-8.0.30 9, and start Tomcat daemon. sh start [root @ bogon bin] #. /daemon. sh-helpUnknown command: '-help' Usage: daemon. sh (Commands...) commands: run Start Tomcat without detaching from console start Start Tomcat stop Stop Tomcat version What version of commons daemon and Tomcat are you running? 10. Check whether the ps aux | grep tomcat is started as a tomcat user.