Archive for February, 2013

SBDavid

Apache Tomcat Versions

Apache Tomcat Versions

Apache Tomcat is an open source software implementation of the Java Servlet and JavaServer Pages technologies. Different versions of Apache Tomcat are available for different versions of the Servlet and JSP specifications. The mapping between the specifications and the respective Apache Tomcat versions is:

—————————————————————————————————–
Servlet| Tomcat version | Actual release revision|Minimum Java Version
—————————————————————————————————–
3.0/2.2 7.0.x 7.0.35 1.6
2.5/2.1 6.0.x 6.0.36 1.5
2.4/2.0 5.5.x (archived) 5.5.36 (archived) 1.4
2.3/1.2 4.1.x (archived) 4.1.40 (archived) 1.3
2.2/1.1 3.3.x (archived) 3.3.2 (archived) 1.1
—————————————————————————————————–

More details about each release can be found in the associated release notes.

Apache Tomcat 7.x

Apache Tomcat 7.x is the current focus of development. It builds upon the improvements made in Tomcat 6.0.x and implements the Servlet 3.0, JSP 2.2 and EL 2.2 specifications. In addition to that, it includes the following

improvements:

. Web application memory leak detection and prevention.
. Improved security for the Manager and Host Manager applications.
. Generic CSRF protection.
. Support for including external content directly in a web application.
. Refactoring (connectors, lifecycle) and lots of internal code clean-up.

Red Hat Enterprise Linux 6 FCoE Support.

FCoE Support in the Kickstart File

When using a kickstart file to install Red Hat Enterprise Linux 6.4, with the new fcoe kickstart option you can specify which Fibre Channel over Ethernet (FCoE) devices should be activated automatically in addition to those discovered by Enhanced Disk Drive (EDD) services.

Red Hat Enterprise Linux 6 Installation Guide has more Kickstart Options.

Cross-site Request Forgery (XSRF) Attacks

Cross-site request forgeries (XSRF) occur when a malicious user exploits the trust between a website and a user’s browser. By exploiting that trust, malicious users can execute unauthorized commands on a website.

XSRF attacks rely on 2 items:

Access to authentication credentials
Surreptitious execution of a command via a URL

For more information about XSRF attacks, as well as a few examples, you can visit this Wikipedia page.
http://en.wikipedia.org/wiki/XSRF

SBDavid

How to check CSF compatibility

CSF - ConfigServer Services

To test CSF run the following command.

# /etc/csf/csftest.pl
Testing ip_tables/iptable_filter…OK
Testing ipt_LOG…OK
Testing ipt_multiport/xt_multiport…OK
Testing ipt_REJECT…OK
Testing ipt_state/xt_state…OK
Testing ipt_limit/xt_limit…OK
Testing ipt_recent…OK
Testing xt_connlimit…OK
Testing ipt_owner/xt_owner…OK
Testing iptable_nat/ipt_REDIRECT…OK
Testing iptable_nat/ipt_DNAT…OK
RESULT: csf should function on this server

« Prev