[BlueOnyx:14251] Re: Killing Java / Tomcat

Chris Gebhardt - VIRTBIZ Internet cobaltfacts at virtbiz.com
Fri Jan 10 11:42:18 -05 2014 

Hi Michael,

On 1/10/2014 9:22 AM, Michael Stauber wrote:
> Hi Chris,
>
>> There are some servers where running Tomcat becomes more of a liability
>> than an asset.  Is there any reason why a "yum remove java" would be
>> harmful?   I don't see any dependencies that would cause harm elsewhere.
>
> You'd actually want to remove base-java* to take away the GUI bits and
> pieces of Java, too.
>
> However, a "yum remove base-java*" will also remove
> base-alpine-capstone, which you need.
>
> Lastly, the current base-swupdate that's currently in the testing
> repository has YUM run a "yum groupinstall blueonyx" after each YUM
> update. This is done to ensure that your install is complete. And it'll
> bring back Java. All of it.

I see.   So what I'm understanding is that there is currently not a 
recommended method to completely remove Tomcat from a BlueOnyx server.


>> On a related note, we were working with a customer who wanted not to see
>> any Tomcat processes working on his server.   It was cumbersome to go
>> through each site in the Virtual Site List, click to Web and see if the
>> "JSP" box was checked or not.    I wonder if there could be a function
>> to make global or mass changes in some future release.
>
> Let me roll this in my head for a bit to see what can be done. Your
> other recent idea of having the choice to disable usage of regular PHP
> and to only leave suPHP as an option for new sites already got me
> thinking in that direction.
>
> So here is what's most likely going to happen in one form or another:
>
> There will be a GUI page on which the server admin can select which
> kinds of services will be available for Vsites and which services he
> deliberately doesn't want to provide. This is needed now that we have
> "reseller" accounts and people other than the server admin can create
> Vsites.

Yeah, that sounds about right.

> On that new page you'll be able to turn off things you don't want to
> provide. Which usually would include shell accounts, anon-FTP, regular
> PHP and Java. But why stop there and not extend it to the full list of
> features? So I'll extend that to all services that can be turned off.

BINGO!  Yes, that's great thinking.

> I'll make sure that this not only prevents creating new sites with these
> features, but it'll also turn the corresponding services off for sites
> which (by accident or intent) already use them.

And that is an added bonus.  By coincidence I just happened to have a 
similar thought working on another issue where we found a customer had 
allowed shell access for somewhere around 30 sites on their server, and 
in many cases allowed shell for every user on those enabled sites.   At 
least 2 of the accounts had become compromised and you can guess the 
mess that has lead to.    One of the first things we did was to click 
through all of the 80+ sites in Site Management to ensure that shell was 
disabled for them.  Complicated? Nope.  Tedious? Yup!

> As for a script that disables Java on all Vsites, you can use this:
>
> ---------------------------------------------------
> #!/usr/bin/perl -I/usr/sausalito/perl
>
> use CCE;
> my $cce = new CCE;
> $cce->connectuds();
>
> # Find all Vsites:
> my @vhosts = ();
> my (@vhosts) = $cce->findx('Vsite');
>
> # Walk through all Vsites:
> for my $vsite (@vhosts) {
>      ($ok, my $my_vsite) = $cce->get($vsite);
>
>      print "\nDisabling Java for Site $my_vsite->{fqdn}\n";
>
>      # Turn Java off:
>      ($ok) = $cce->set($vsite, 'Java', {'enabled' => "0"});
>
> }
>
> $cce->bye('SUCCESS');
> exit(0);
> ---------------------------------------------------
>
> Once all Vsites have Java disabled and once you have set a master
> password for Tomcat under "System Settings" / "Server" / "Java", all
> Tomcat related processes will stop by itself.

Nice.   I'll save this, as I'm sure we'll put it to work.   I can see 
how this could also be easily modified to work with other services (ie: 
shell).

Thanks, Michael!

-- 
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ

More information about the Blueonyx mailing list