2013年9月13日 星期五

CentOS6 Tomcat6 APR Install


to Resolve the catalina.log

INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java
/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib



1.
yum install gcc
yum install apr-devel openssl-devel java-1.7.0-openjdk-devel

wget http://archive.apache.org/dist/apr/apr-1.4.8.tar.gz
wget http://apache.stu.edu.tw//tomcat/tomcat-connectors/native/1.1.27/source/tomcat-native-1.1.27-src.tar.gz

tar -zxvf apr-1.4.8.tar.gz
tar -zxvf tomcat-native-1.1.27-src.tar.gz



2. 
cd apr-1.4.8
./configure
make
make install

3. 
cd ../tomcat-native-1.1.27-src/jni/native/

./configure --with-apr="/usr/local/apr" --with-java-home="/usr/lib/jvm/java-1.7.0" --with-ssl=yes
make
make install


4. 
cd /usr/lib
ln -s /usr/local/apr/lib/libapr-1.so.0.4.8 lib-apr-1.so
ln -s /usr/local/apr/lib/libapr-1.so.0.4.8 lib-apr-1.so.0
ln -s /usr/local/apr/lib/libtcnative-1.so.0.1.27 libtcnative-1.so
ln -s /usr/local/apr/lib/libtcnative-1.so.0.1.27 libtcnative-1.so.0

service tomcat6 restart
more /var/log/tomcat6/catalina.out

5. 
check
INFO: Loaded APR based Apache Tomcat Native library 1.1.27.

2013年9月11日 星期三

CentOS 6.4 chroot sftp with SELinux


1.

addgroup sftpusers
useradd -g sftpusers -d /incoming -s /sbin/nologin  guestuser
passwd guestuser

guestuser:x:500:500::/incoming:/sbin/nologin
 如果是已有帳號
# usermod -g sftpusers -d /incoming -s /sbin/nologin john
2.
vim /etc/ssh/sshd_config

#Subsystem       sftp    /usr/libexec/openssh/sftp-server
Subsystem       sftp    internal-sftp 

Match Group sftpusers
        ChrootDirectory /home/sftpusers/%u
        ForceCommand internal-sftp
        X11Forwarding no
        AllowTcpForwarding no
3.
mkdir /home/sftpusers
mkdir /home/sftpusers/guestuser
mkdir /home/sftpusers/guestuser/incoming
chown guestuser:sftpusers /home/sftpusers/guestusers/incoming

ls -ld /home
drwxr-xr-x. 7 root root 4096 Sep 11 12:42 /home

ls -ld /home/sftpusers
drwxr-xr-x. 3 root root 4096 Sep 11 12:39 /home/sftpusers/

ls -ld /home/sftpusers/guestuser
drwxr-xr-x. 3 root root 4096 Sep 11 12:33 /home/sftpusers/guestuser/

ls -ld /home/sftpusers/guestuser/incoming
drwxr-xr-x. 3 guestuser sftpusers 4096 Sep 11 13:41 /home/sftpusers/guestuser/incoming/




4.
setsebool -P ssh_chroot_rw_homedirs on
restorecon -R /home/sftpusers
restorecon -R /home/sftpusers/guestuser

5.
sftp guestuser@localhost
sftp> pwd
Remote working directory: /incoming
sftp> cd /
sftp> pwd
Remote working directory: /
sftp> cd /etc
Couldn't canonicalise: No such file or directory


ref:

http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/
http://cassjohnston.wordpress.com/2012/08/16/selinux-and-chrooted-sftp/