Apache Tomcat Versions
Apache Tomcat is an open source software implementation of the Java Servlet and JavaServer Pages technologies. Different versions of Apache Tomcat are available for different versions of the Servlet and JSP specifications. The mapping between the specifications and the respective Apache Tomcat versions is:
—————————————————————————————————–
Servlet| Tomcat version | Actual release revision|Minimum Java Version
—————————————————————————————————–
3.0/2.2 7.0.x 7.0.35 1.6
2.5/2.1 6.0.x 6.0.36 1.5
2.4/2.0 5.5.x (archived) 5.5.36 (archived) 1.4
2.3/1.2 4.1.x (archived) 4.1.40 (archived) 1.3
2.2/1.1 3.3.x (archived) 3.3.2 (archived) 1.1
—————————————————————————————————–
More details about each release can be found in the associated release notes.
Apache Tomcat 7.x
Apache Tomcat 7.x is the current focus of development. It builds upon the improvements made in Tomcat 6.0.x and implements the Servlet 3.0, JSP 2.2 and EL 2.2 specifications. In addition to that, it includes the following
improvements:
. Web application memory leak detection and prevention.
. Improved security for the Manager and Host Manager applications.
. Generic CSRF protection.
. Support for including external content directly in a web application.
. Refactoring (connectors, lifecycle) and lots of internal code clean-up.
Red Hat Enterprise Linux 6 FCoE Support.
FCoE Support in the Kickstart File
When using a kickstart file to install Red Hat Enterprise Linux 6.4, with the new fcoe kickstart option you can specify which Fibre Channel over Ethernet (FCoE) devices should be activated automatically in addition to those discovered by Enhanced Disk Drive (EDD) services.
Red Hat Enterprise Linux 6 Installation Guide has more Kickstart Options.
Cross-site Request Forgery (XSRF) Attacks
Cross-site request forgeries (XSRF) occur when a malicious user exploits the trust between a website and a user’s browser. By exploiting that trust, malicious users can execute unauthorized commands on a website.
XSRF attacks rely on 2 items:
Access to authentication credentials
Surreptitious execution of a command via a URL
For more information about XSRF attacks, as well as a few examples, you can visit this Wikipedia page.
http://en.wikipedia.org/wiki/XSRF
CSF - ConfigServer Services
To test CSF run the following command.
# /etc/csf/csftest.pl
Testing ip_tables/iptable_filter…OK
Testing ipt_LOG…OK
Testing ipt_multiport/xt_multiport…OK
Testing ipt_REJECT…OK
Testing ipt_state/xt_state…OK
Testing ipt_limit/xt_limit…OK
Testing ipt_recent…OK
Testing xt_connlimit…OK
Testing ipt_owner/xt_owner…OK
Testing iptable_nat/ipt_REDIRECT…OK
Testing iptable_nat/ipt_DNAT…OK
RESULT: csf should function on this server
GRUB 2 boot prompt
If improperly configured, GRUB 2 may fail to load and subsequently drop to a boot prompt. To address this issue, proceed as follows:
1. List the drives which GRUB 2 sees:
2. The output for a dos partition table /dev/sda with three partitons will look something like this:
(hd0) (hd0,msdos3) (hd0,msdos2) (hd0,msdos1)
3. While the output for a gpt partition table /dev/sda with four partitions will look something like this:
(hd0) (hd0,gpt4) (hd0,gpt3) (hd0,gpt2) (hd0,gpt1)
4. With this information you can now probe each partition of the drive and locate your vmlinuz and initramfs files:
Will list the files on /dev/sda1. If this partition contains /boot, the output will show the full name of vmlinuz and initramfs.
5. Armed with the location and full name of vmlinuz and initramfs you can now boot your system.