Hi, To get access logs (in the Common Log File format, same as Apache and nearly all HTTP servers), comment in the AccessLogValve. It's commented out by default in server.xml. Read up on its configuration if you want some special logging pattern, as it's quite flexible.
For SSL, just start a separate mailing list threads with your problems if you have any. Yoav Shapira Millennium Research Informatics >-----Original Message----- >From: RJ [mailto:[EMAIL PROTECTED] >Sent: Wednesday, May 26, 2004 12:12 PM >To: Tomcat Users List >Subject: RE: Tomcat as 'root' insecure? (again) > >Yoav et al: > >Thanks a million! When editing up the tomcat5.sh >script, I also needed to fix the DAEMON_HOME >and the reference to it in the 'start' method >to go to the right path (it unpacked to something >other than the expected /src/native/unix/jsvc ). > >And chown all the files to my tomcat user. > >Now if I can just figure out how to get usage logs >that are roughly comparable to what Apache put out, >I'll be set! (and the issue of SSL, which seems to >have gotten a lot of discussion lately). > >Using tomcat on 80 instead of fooling with that >always-painful task of linking to Apache will hopefully >make support over the long term a lot easier proposition >than trying to keep up with that always-moving target >that the connectors pose... > >Thanks again. > >rj > >At 10:35 AM 5/26/2004, Shapira, Yoav wrote: > >>Hi, >>You're better off grabbing the Tomcat5.sh script from >>$CATALINA_HOME/bin/jsvc-src/native (you need to unpack jsvc.tar.gz but I >>think you're already done that). Modify the couple of lines at the top >>to reflect your proper JAVA_HOME and CATALINA_HOME, and you should be >>all set. >> >>Yoav Shapira >>Millennium Research Informatics >> >> >> >-----Original Message----- >> >From: RJ [mailto:[EMAIL PROTECTED] >> >Sent: Wednesday, May 26, 2004 10:31 AM >> >To: Tomcat Users List >> >Subject: Re: Tomcat as 'root' insecure? (again) >> > >> >OK, I've been running tomcat behind apache for ages, and >> >now I want to go with Yoav's oft-stated advice to just >> >use tomcat (5.0.24) alone. And I want it on port 80. >> > >> >So, I try to use the jsvc approach, telling it to go to >> >the nonprivileged tomcat user by (from the tomcat site): >> > >> >./bin/jsvc -Djava.endorsed.dirs=./common/endorsed -cp >>./bin/bootstrap.jar \ >> > -outfile ./logs/catalina.out -errfile ./logs/catalina.err \ >> > org.apache.catalina.startup.Bootstrap -user tomcat >> > >> >However, that chokes as follows, as it apparently can't use port >> >80 as I'm wanting it to. >> > >> >I'm sure this must be trivial, but all help would be >> >appreciated! >> > >> >rj >> > >> >May 26, 2004 10:19:07 AM org.apache.coyote.http11.Http11Protocol start >> >SEVERE: Error starting endpoint >> >java.net.BindException: Permission denied:80 >> > at >> >org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint >>.jav >> >a:258) >> > at >> >org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoin >>t.ja >> >va:275) >> > at >> >org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:177) >> > at >> >org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:15 >>00) >> > at >> >org.apache.catalina.core.StandardService.start(StandardService.java:485 >>) >> > at >> >org.apache.catalina.core.StandardServer.start(StandardServer.java:2298) >> > at >>org.apache.catalina.startup.Catalina.start(Catalina.java:556) >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> > at >> >sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja >>va:3 >> >9) >> > at >> >sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso >>rImp >> >l.java:25) >> > at java.lang.reflect.Method.invoke(Method.java:324) >> > at >>org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:284) >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> > at >> >sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja >>va:3 >> >9) >> > at >> >sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso >>rImp >> >l.java:25) >> > at java.lang.reflect.Method.invoke(Method.java:324) >> > at >> >org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java: >>218) >> >May 26, 2004 10:19:07 AM org.apache.catalina.startup.Catalina start >> >SEVERE: Catalina.start: >> >LifecycleException: Protocol handler start failed: >>java.net.BindException: >> >Permission denied:80 >> > at >> >org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:15 >>02) >> > at >> >org.apache.catalina.core.StandardService.start(StandardService.java:485 >>) >> > at >> >org.apache.catalina.core.StandardServer.start(StandardServer.java:2298) >> > at >>org.apache.catalina.startup.Catalina.start(Catalina.java:556) >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> > at >> >sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja >>va:3 >> >9) >> > at >> >sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso >>rImp >> >l.java:25) >> > at java.lang.reflect.Method.invoke(Method.java:324) >> > at >>org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:284) >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> > at >> >sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja >>va:3 >> >9) >> > at >> >sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso >>rImp >> >l.java:25) >> > at java.lang.reflect.Method.invoke(Method.java:324) >> > at >> >org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java: >>218) >> >May 26, 2004 10:19:07 AM org.apache.catalina.startup.Catalina start >> >INFO: Server startup in 5160 ms >> > >> > >> > >> > >> > >> >At 04:01 PM 5/25/2004, David Smith wrote: >> > >> >>I use jsvc which launches as root just long enough to capture the >> >>privileged ports necessary and then drops the root privilege to run as >> >>tomcat5. Very clean, runs on startup, and I don't have to worry about >> >>some unforeseen problem giving an attacker instant root privilege. >> >> >> >> >> >>--------------------------------------------------------------------- >> >>To unsubscribe, e-mail: [EMAIL PROTECTED] >> >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >>This e-mail, including any attachments, is a confidential business >>communication, and may contain information that is confidential, >>proprietary and/or privileged. This e-mail is intended only for the >>individual(s) to whom it is addressed, and may not be saved, copied, >>printed, disclosed or used by anyone else. If you are not the(an) >>intended recipient, please immediately delete this e-mail from your >>computer system and notify the sender. Thank you. >> >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
