• Jboss注释掉AJP协议及功能


    安全检查说系统有java程序AJP漏洞,这个漏洞不是tomcat的吗,这个系统使用的jboss,但是避免安全的骚扰,直接把jboss的AJP也注释了,如下配置文件黄色标注部分

    修改配置文件后重启应用。

    <?xml version='1.0' encoding='UTF-8'?>
    
    <server xmlns="urn:jboss:domain:1.4">
    
        <extensions>
            <extension module="org.jboss.as.clustering.infinispan"/>
            <extension module="org.jboss.as.connector"/>
            <extension module="org.jboss.as.deployment-scanner"/>
            <extension module="org.jboss.as.ee"/>
            <extension module="org.jboss.as.ejb3"/>
            <extension module="org.jboss.as.jaxrs"/>
            <extension module="org.jboss.as.jdr"/>
            <extension module="org.jboss.as.jmx"/>
            <extension module="org.jboss.as.jpa"/>
            <extension module="org.jboss.as.jsf"/>
            <extension module="org.jboss.as.logging"/>
            <extension module="org.jboss.as.mail"/>
            <extension module="org.jboss.as.naming"/>
            <extension module="org.jboss.as.pojo"/>
            <extension module="org.jboss.as.remoting"/>
            <extension module="org.jboss.as.sar"/>
            <extension module="org.jboss.as.security"/>
            <extension module="org.jboss.as.threads"/>
            <extension module="org.jboss.as.transactions"/>
            <extension module="org.jboss.as.web"/>
            <extension module="org.jboss.as.webservices"/>
            <extension module="org.jboss.as.weld"/>
        </extensions>
    
        <system-properties>
            <property name="org.apache.tomcat.util.http.Parameters.MAX_COUNT" value="5000"/>
            <property name="org.apache.catalina.connector.URI_ENCODING" value="UTF-8"/>
        </system-properties>
    
    
        <management>
            <security-realms>
                <security-realm name="ManagementRealm">
                    <authentication>
                        <local default-user="$local"/>
                        <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
                    </authentication>
                </security-realm>
                <security-realm name="ApplicationRealm">
                    <authentication>
                        <local default-user="$local" allowed-users="*"/>
                        <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
                    </authentication>
                    <authorization>
                        <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
                    </authorization>
                </security-realm>
            </security-realms>
            <management-interfaces>
                <native-interface security-realm="ManagementRealm">
                    <socket-binding native="management-native"/>
                </native-interface>
                <http-interface security-realm="ManagementRealm">
                    <socket-binding http="management-http"/>
                </http-interface>
            </management-interfaces>
        </management>
    
        <profile>
            <subsystem xmlns="urn:jboss:domain:logging:1.2">
                <console-handler name="CONSOLE">
                    <level name="INFO"/>
                    <formatter>
                        <pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/>
                    </formatter>
                </console-handler>
                <periodic-rotating-file-handler name="FILE" autoflush="true">
                    <formatter>
                        <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/>
                    </formatter>
                    <file relative-to="jboss.server.log.dir" path="server.log"/>
                    <suffix value=".yyyy-MM-dd"/>
                    <append value="true"/>
                </periodic-rotating-file-handler>
                <logger category="com.arjuna">
                    <level name="WARN"/>
                </logger>
                <logger category="org.apache.tomcat.util.modeler">
                    <level name="WARN"/>
                </logger>
                <logger category="org.jboss.as.config">
                    <level name="DEBUG"/>
                </logger>
                <logger category="sun.rmi">
                    <level name="WARN"/>
                </logger>
                <logger category="jacorb">
                    <level name="WARN"/>
                </logger>
                <logger category="jacorb.config">
                    <level name="ERROR"/>
                </logger>
                <root-logger>
                    <level name="INFO"/>
                    <handlers>
                        <handler name="CONSOLE"/>
                        <handler name="FILE"/>
                    </handlers>
                </root-logger>
            </subsystem>
            <subsystem xmlns="urn:jboss:domain:datasources:1.1">
                <datasources>
                    <datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
                        <connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1</connection-url>
                        <driver>h2</driver>
                        <security>
                            <user-name>sa</user-name>
                            <password>sa</password>
                        </security>
                    </datasource>
                    <drivers>
                        <driver name="h2" module="com.h2database.h2">
                            <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
                        </driver>
                    </drivers>
                </datasources>
            </subsystem>
            <subsystem xmlns="urn:jboss:domain:deployment-scanner:1.1">
                <deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000"/>
            </subsystem>
            <subsystem xmlns="urn:jboss:domain:ee:1.1">
                <spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
                <jboss-descriptor-property-replacement>true</jboss-descriptor-property-replacement>
            </subsystem>
            <subsystem xmlns="urn:jboss:domain:ejb3:1.4">
                <session-bean>
                    <stateless>
                        <bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
                    </stateless>
                    <stateful default-access-timeout="5000" cache-ref="simple"/>
                    <singleton default-access-timeout="5000"/>
                </session-bean>
                <pools>
                    <bean-instance-pools>
                        <strict-max-pool name="slsb-strict-max-pool" max-pool-size="20" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
                        <strict-max-pool name="mdb-strict-max-pool" max-pool-size="20" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
                    </bean-instance-pools>
                </pools>
                <caches>
                    <cache name="simple" aliases="NoPassivationCache"/>
                    <cache name="passivating" passivation-store-ref="file" aliases="SimpleStatefulCache"/>
                </caches>
                <passivation-stores>
                    <file-passivation-store name="file"/>
                </passivation-stores>
                <async thread-pool-name="default"/>
                <timer-service thread-pool-name="default">
                    <data-store path="timer-service-data" relative-to="jboss.server.data.dir"/>
                </timer-service>
                <remote connector-ref="remoting-connector" thread-pool-name="default"/>
                <thread-pools>
                    <thread-pool name="default">
                        <max-threads count="10"/>
                        <keepalive-time time="100" unit="milliseconds"/>
                    </thread-pool>
                </thread-pools>
                <default-security-domain value="other"/>
                <default-missing-method-permissions-deny-access value="true"/>
            </subsystem>
            <subsystem xmlns="urn:jboss:domain:infinispan:1.4">
                <cache-container name="web" aliases="standard-session-cache" default-cache="local-web" module="org.jboss.as.clustering.web.infinispan">
                    <local-cache name="local-web" batching="true">
                        <file-store passivation="false" purge="false"/>
                    </local-cache>
                </cache-container>
                <cache-container name="hibernate" default-cache="local-query" module="org.jboss.as.jpa.hibernate:4">
                    <local-cache name="entity">
                        <transaction mode="NON_XA"/>
                        <eviction strategy="LRU" max-entries="10000"/>
                        <expiration max-idle="100000"/>
                    </local-cache>
                    <local-cache name="local-query">
                        <transaction mode="NONE"/>
                        <eviction strategy="LRU" max-entries="10000"/>
                        <expiration max-idle="100000"/>
                    </local-cache>
                    <local-cache name="timestamps">
                        <transaction mode="NONE"/>
                        <eviction strategy="NONE"/>
                    </local-cache>
                </cache-container>
            </subsystem>
            <subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
            <subsystem xmlns="urn:jboss:domain:jca:1.1">
                <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
                <bean-validation enabled="true"/>
                <default-workmanager>
                    <short-running-threads>
                        <core-threads count="50"/>
                        <queue-length count="50"/>
                        <max-threads count="50"/>
                        <keepalive-time time="10" unit="seconds"/>
                    </short-running-threads>
                    <long-running-threads>
                        <core-threads count="50"/>
                        <queue-length count="50"/>
                        <max-threads count="50"/>
                        <keepalive-time time="10" unit="seconds"/>
                    </long-running-threads>
                </default-workmanager>
                <cached-connection-manager/>
            </subsystem>
            <subsystem xmlns="urn:jboss:domain:jdr:1.0"/>
            <subsystem xmlns="urn:jboss:domain:jmx:1.2">
                <expose-resolved-model/>
                <expose-expression-model/>
                <remoting-connector/>
            </subsystem>
            <subsystem xmlns="urn:jboss:domain:jpa:1.1">
                <jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
            </subsystem>
            <subsystem xmlns="urn:jboss:domain:jsf:1.0"/>
            <subsystem xmlns="urn:jboss:domain:mail:1.1">
                <mail-session jndi-name="java:jboss/mail/Default">
                    <smtp-server outbound-socket-binding-ref="mail-smtp"/>
                </mail-session>
            </subsystem>
            <subsystem xmlns="urn:jboss:domain:naming:1.3">
                <remote-naming/>
            </subsystem>
            <subsystem xmlns="urn:jboss:domain:pojo:1.0"/>
            <subsystem xmlns="urn:jboss:domain:remoting:1.1">
                <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/>
            </subsystem>
            <subsystem xmlns="urn:jboss:domain:resource-adapters:1.1"/>
            <subsystem xmlns="urn:jboss:domain:sar:1.0"/>
            <subsystem xmlns="urn:jboss:domain:security:1.2">
                <security-domains>
                    <security-domain name="other" cache-type="default">
                        <authentication>
                            <login-module code="Remoting" flag="optional">
                                <module-option name="password-stacking" value="useFirstPass"/>
                            </login-module>
                            <login-module code="RealmDirect" flag="required">
                                <module-option name="password-stacking" value="useFirstPass"/>
                            </login-module>
                        </authentication>
                    </security-domain>
                    <security-domain name="jboss-web-policy" cache-type="default">
                        <authorization>
                            <policy-module code="Delegating" flag="required"/>
                        </authorization>
                    </security-domain>
                    <security-domain name="jboss-ejb-policy" cache-type="default">
                        <authorization>
                            <policy-module code="Delegating" flag="required"/>
                        </authorization>
                    </security-domain>
                </security-domains>
            </subsystem>
            <subsystem xmlns="urn:jboss:domain:threads:1.1"/>
            <subsystem xmlns="urn:jboss:domain:transactions:1.3">
                <core-environment>
                    <process-id>
                        <uuid/>
                    </process-id>
                </core-environment>
                <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
                <coordinator-environment default-timeout="300"/>
            </subsystem>
            <subsystem xmlns="urn:jboss:domain:web:1.4" default-virtual-server="default-host" instance-id="node1" native="false">
                <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
                <!-- <connector name="ajp" protocol="AJP/1.3" scheme="http" socket-binding="ajp"/> -->
                <virtual-server name="default-host" enable-welcome-root="false">
                    <alias name="localhost"/>
                    <alias name="example.com"/>
                </virtual-server>
            </subsystem>
            <subsystem xmlns="urn:jboss:domain:webservices:1.2">
                <modify-wsdl-address>true</modify-wsdl-address>
                <wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
                <endpoint-config name="Standard-Endpoint-Config"/>
                <endpoint-config name="Recording-Endpoint-Config">
                    <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
                        <handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/>
                    </pre-handler-chain>
                </endpoint-config>
                <client-config name="Standard-Client-Config"/>
            </subsystem>
            <subsystem xmlns="urn:jboss:domain:weld:1.0"/>
        </profile>
    
        <interfaces>
            <interface name="management">
                <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
            </interface>
            <interface name="public">
                <inet-address value="${jboss.bind.address:0.0.0.0}"/>
            </interface>
            <interface name="unsecure">
                <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>
            </interface>
        </interfaces>
    
        <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
            <socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>
            <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
            <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/>
            <!-- <socket-binding name="ajp" port="8009"/> -->
            <socket-binding name="http" port="8080"/>
            <socket-binding name="https" port="8443"/>
            <socket-binding name="remoting" port="4447"/>
            <socket-binding name="txn-recovery-environment" port="4712"/>
            <socket-binding name="txn-status-manager" port="4713"/>
            <outbound-socket-binding name="mail-smtp">
                <remote-destination host="localhost" port="25"/>
            </outbound-socket-binding>
        </socket-binding-group>
    
    </server>
  • 相关阅读:
    python day01
    Mac上安装pexpect
    raid
    SSL证书制作
    linux grep命令详解
    第一轮迭代小组成员分数分配
    M1事后分析报告(Postmortem Report)
    软件发布说明
    测试报告
    week 9 scenario testing
  • 原文地址:https://www.cnblogs.com/paul8339/p/12407605.html
Copyright © 2020-2023  润新知