Re: tc 7 out-of-box won't run localhost issue on 8005 a vulnerability?
On 12/07/2011 16:15, David Brown wrote: Hello, I have found a situation that kills tc on startup within about 3 seconds on a 64-bit cloud running Ubuntu server. localhost resolves correctly via dig but if we ping localhost it resolves to localhost.com. this in my estimation is causing tc to bail. the tc 7 installed is 64 with a sun-oracle 64 bit jdk all fresh out-of-the-box with no config or changes. This is a vulnerability in my estimation unless somebody can prove different. Tomcat failing to start because of incorrectly configured networking at the OS level is not a vulnerability. Fix the network configuration and the problem will go away. catalina.out only shows the 8005 port exception unable to bind to 8005 on localhost. i have already run all the possible tests for previous version of tc running or some other process or daemon attached to 8005. There are no other instances on the system and tc could not have previously been running since this was a new out-of-the-box install with no changes. The, on startup the tc 7 instance dies immediately (about 3 sec.) with only the same 8005 exception in the logs. Is it possible to define some other ip than 127.0.0.1 to use for 8005? Pls advise. Read the docs for the server element. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tc 7 out-of-box won't run localhost issue on 8005 a vulnerability?
David Brown wrote: Hello, I have found a situation that kills tc on startup within about 3 seconds on a 64-bit cloud running Ubuntu server. localhost resolves correctly via dig but if we ping localhost it resolves to localhost.com. Sorry, but this sounds like hogwash to me. Where do you do the dig, and where do you do the ping ? Can you paste the output of both here ? What does the local /etc/hosts file have to say about localhost ? Can you also paste that here ? this in my estimation is causing tc to bail. the tc 7 installed is 64 with a sun-oracle 64 bit jdk all fresh out-of-the-box with no config or changes. This is a vulnerability in my estimation unless somebody can prove different. That is a very bold statement, which seems made without turning one's tongue into one's mouth 7 times before.. (as my old nanny would have said) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tc 7 out-of-box won't run localhost issue on 8005 a vulnerability?
From: André Warnier David Brown wrote: Hello, I have found a situation that kills tc on startup within about 3 seconds on a 64-bit cloud running Ubuntu server. localhost resolves correctly via dig but if we ping localhost it resolves to localhost.com. Sorry, but this sounds like hogwash to me. Where do you do the dig, and where do you do the ping ? Can you paste the output of both here ? localhost.com is a real host (64.99.64.32). What does the local /etc/hosts file have to say about localhost ? Can you also paste that here ? Yep, what does /etc/hosts say about localhost. Also, what does /etc/resolv.conf look like (paste that here)? Also, what does /etc/nsswitch.conf look like - especially the hosts: line (paste that here)? this in my estimation is causing tc to bail. the tc 7 installed is 64 with a sun-oracle 64 bit jdk all fresh out-of-the-box with no config or changes. This is a vulnerability in my estimation unless somebody can prove different. All this runs happily on my Fedora 15 system (albeit in 32 bit mode). That is a very bold statement, which seems made without turning one's tongue into one's mouth 7 times before.. (as my old nanny would have said) . . . . just my two cents /mde/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tc 7 out-of-box won't run localhost issue on 8005 a vulnerability?
Have a good look at the /etc/hosts.conf file, it needs to contain something like order hosts, bind (AIX=netsvc.conf). If that is misconfigured then you will have exactly the problems you're describing. I found this exact behaviour on an AIX system that was misconfigured. Keep working on the networking configuration until ping for localhost resolves to 127.0.0.1 and nothing else. Bill -Original Message- From: Mark Eggers [mailto:its_toas...@yahoo.com] Sent: July 12, 2011 12:30 PM To: Tomcat Users List Subject: Re: tc 7 out-of-box won't run localhost issue on 8005 a vulnerability? From: André Warnier David Brown wrote: Hello, I have found a situation that kills tc on startup within about 3 seconds on a 64-bit cloud running Ubuntu server. localhost resolves correctly via dig but if we ping localhost it resolves to localhost.com. Sorry, but this sounds like hogwash to me. Where do you do the dig, and where do you do the ping ? Can you paste the output of both here ? localhost.com is a real host (64.99.64.32). What does the local /etc/hosts file have to say about localhost ? Can you also paste that here ? Yep, what does /etc/hosts say about localhost. Also, what does /etc/resolv.conf look like (paste that here)? Also, what does /etc/nsswitch.conf look like - especially the hosts: line (paste that here)? this in my estimation is causing tc to bail. the tc 7 installed is 64 with a sun-oracle 64 bit jdk all fresh out-of-the-box with no config or changes. This is a vulnerability in my estimation unless somebody can prove different. All this runs happily on my Fedora 15 system (albeit in 32 bit mode). That is a very bold statement, which seems made without turning one's tongue into one's mouth 7 times before.. (as my old nanny would have said) . . . . just my two cents /mde/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tc 7 out-of-box won't run localhost issue on 8005 a vulnerability?
Bill Miller wrote: Have a good look at the /etc/hosts.conf file, it needs to contain something like order hosts, bind (AIX=netsvc.conf). If that is misconfigured then you will have exactly the problems you're describing. I found this exact behaviour on an AIX system that was misconfigured. Keep working on the networking configuration until ping for localhost resolves to 127.0.0.1 and nothing else. note : ping should be run on the Tomcat host itself, not on your workstation. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tc 7 out-of-box won't run localhost issue on 8005 a vulnerability?
OK, here is the hogwash. I have already been round-and-round with the cloud admin guys with all of their requests for: netstat, lsof, ifconfig on-and-on. Anyway you slice it some random network config whether correct or not should not be shutting down a server upon boot. Especially, where there is no logging to speak of to shed light. And, this not an AIX but an Ubuntu 10.x Lucid server with all the major services running including NAMEd, SMTPd, HTTPd, SSHd, IMAPd, MySQLd and others with not a single hitch-in-the-git-along except for TC. JDK (sun-oracle 6.26 64) and TC 7 (64) are both fresh out-of-the-box install with no futzing about with any config. And, BTW: this is on the server instance and not some laptop somewhere :-S david@dobbeltganger:~$ dig localhost ; DiG 9.7.0-P1 localhost ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 37269 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;localhost. IN A ;; ANSWER SECTION: localhost. 604800 IN A 127.0.0.1 ;; AUTHORITY SECTION: localhost. 604800 IN NS localhost. ;; ADDITIONAL SECTION: localhost. 604800 IN ::1 ;; Query time: 0 msec ;; SERVER: 184.106.229.250#53(184.106.229.250) ;; WHEN: Tue Jul 12 20:04:09 2011 ;; MSG SIZE rcvd: 85 david@dobbeltganger:~$ ping -c 3 localhost PING localhost.com (64.99.64.32) 56(84) bytes of data. 64 bytes from 64.99.64.32: icmp_seq=1 ttl=246 time=16.9 ms 64 bytes from 64.99.64.32: icmp_seq=2 ttl=246 time=17.0 ms 64 bytes from 64.99.64.32: icmp_seq=3 ttl=246 time=16.9 ms --- localhost.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 10041ms rtt min/avg/max/mdev = 16.918/16.971/17.051/0.057 ms david@dobbeltganger:~$ cat /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. passwd: compat group: compat shadow: compat hosts: mdns4_minimal [NOTFOUND=return] dns mdns4 files networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis david@dobbeltganger:~$ cat /etc/hosts 184.106.229.250 dobbeltganger.com davidwbrown.name karlbrown.name helenbrown.name deanbrown.name 127.0.0.1 localhost localhost.localdomain david@dobbeltganger:~$ cat /etc/resolv.conf nameserver 184.106.229.250 nameserver 173.203.4.8 nameserver 173.203.4.9 #nameserver 127.0.0.1 #184.106.229.250 On Tue, 2011-07-12 at 20:14 +0200, André Warnier wrote: Bill Miller wrote: Have a good look at the /etc/hosts.conf file, it needs to contain something like order hosts, bind (AIX=netsvc.conf). If that is misconfigured then you will have exactly the problems you're describing. I found this exact behaviour on an AIX system that was misconfigured. Keep working on the networking configuration until ping for localhost resolves to 127.0.0.1 and nothing else. note : ping should be run on the Tomcat host itself, not on your workstation. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tc 7 out-of-box won't run localhost issue on 8005 a vulnerability?
On 12/07/2011 21:08, David Brown wrote: OK, here is the hogwash. I have already been round-and-round with the cloud admin guys with all of their requests for: netstat, lsof, ifconfig on-and-on. Anyway you slice it some random network config whether correct or not should not be shutting down a server upon boot. Especially, where there is no logging to speak of to shed light. How much more logging do you need? It is as clear as day in the logs that Tomcat is unable to bind (due to the broken network configuration on that box) to localhost:8005 for the shutdown port. Just about every network service I can think of refuses to start if it is unable to bind to a configured, required address + port. Fix the network or change the address/port Tomcat is configured to use for the shutdown port. Any before you ask how to do that, go read the reply I sent to your first post. And, this not an AIX but an Ubuntu 10.x Lucid server with all the major services running including NAMEd, SMTPd, HTTPd, SSHd, IMAPd, MySQLd and others with not a single hitch-in-the-git-along except for TC. JDK (sun-oracle 6.26 64) and TC 7 (64) are both fresh out-of-the-box install with no futzing about with any config. With entirely expected results for a system with a broken network configuration. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tc 7 out-of-box won't run localhost issue on 8005 a vulnerability?
On 12.07.2011 22:08, David Brown wrote: david@dobbeltganger:~$ ping -c 3 localhost PING localhost.com (64.99.64.32) 56(84) bytes of data. 64 bytes from 64.99.64.32: icmp_seq=1 ttl=246 time=16.9 ms 64 bytes from 64.99.64.32: icmp_seq=2 ttl=246 time=17.0 ms 64 bytes from 64.99.64.32: icmp_seq=3 ttl=246 time=16.9 ms OK, so that's a problem, localhost resolves to some remote host. david@dobbeltganger:~$ cat /etc/nsswitch.conf ... hosts:mdns4_minimal [NOTFOUND=return] dns mdns4 files Aha, so /etc/hosts and DNS are not really used on that system, instead it will first ask multicast DNS, which is patr of ZeroConf. No configuration work, but possibly wrong results ... Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tc 7 out-of-box won't run localhost issue on 8005 a vulnerability?
Hello Ranier,thanks for this. something installed changed the hosts value in nsswitch.conf. TC cranked rite up. should be some better way of avoiding this type very infrequent hole to step in. Anyway, thanks again. :-D On Tue, 2011-07-12 at 22:59 +0200, Rainer Jung wrote: On 12.07.2011 22:08, David Brown wrote: david@dobbeltganger:~$ ping -c 3 localhost PING localhost.com (64.99.64.32) 56(84) bytes of data. 64 bytes from 64.99.64.32: icmp_seq=1 ttl=246 time=16.9 ms 64 bytes from 64.99.64.32: icmp_seq=2 ttl=246 time=17.0 ms 64 bytes from 64.99.64.32: icmp_seq=3 ttl=246 time=16.9 ms OK, so that's a problem, localhost resolves to some remote host. david@dobbeltganger:~$ cat /etc/nsswitch.conf ... hosts: mdns4_minimal [NOTFOUND=return] dns mdns4 files Aha, so /etc/hosts and DNS are not really used on that system, instead it will first ask multicast DNS, which is patr of ZeroConf. No configuration work, but possibly wrong results ... Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
