tag:blogger.com,1999:blog-2528512855351163342024-02-19T07:21:11.921-08:00A boring day ~ 주주http://www.blogger.com/profile/03269026000143851146noreply@blogger.comBlogger75125tag:blogger.com,1999:blog-252851285535116334.post-25146530262562517602022-07-21T19:57:00.001-07:002022-07-21T19:57:19.568-07:00WAS | JBoss How to suppress or change Server header and X-Powered-By response header returned by JBoss EAP 7.4<h1>WebSphere when native_stdout file capacity continues to increase</h1>
<hr>
<p>WAS : JBoss EAP 7.4</p>
<h3>issue</h3>
<p>How to suppress or change "Server" header and "X-Powered-By" response header returned by JBoss EAP 7.4</p>
<p><img src="http://drive.google.com/uc?export=view&id=1119gCUxpcAzs1KKuOmtDX5pyqF-w0Yf5" alt=""></p>
<p>보안 취약문제로 Response header "Server", "x-powered-by" 에 노출 되는 버전 정보 문제</p>
<pre><code> HTTP/1.1 200 OK
X-Powered-By: Undertow/1
X-Powered-By: JSP/2.3
Server: JBoss-EAP/7
</code></pre>
<h3>Solution plan</h3>
<p>x-powered-by 옵션 비활성화</p>
<p><img src="http://drive.google.com/uc?export=view&id=110v-3gEudv79Tq1e6FQX1k3G9465UNJW" alt="">
cli mod</p>
<pre><code class="language-cmd">/subsystem=undertow/servlet-container=default/setting=jsp:write-attribute(name=x-powered-by,value=false)
</code></pre>
<p>admin console
<img src="http://drive.google.com/uc?export=view&id=11-YhHzXJ9prXgDUo3R67Le-YJON034ZF" alt=""></p>
<p>Header 값 변경
cli mod</p>
<pre><code class="language-cli">/subsystem=undertow/configuration=filter/response-header=server-header:write-attribute(name=header-value,value=foo)
/subsystem=undertow/configuration=filter/response-header=x-powered-by-header:write-attribute(name=header-value,value=bar)
</code></pre>
<h3>조치 결과</h3>
<p>startanalone.xml or domain.xml 반영 결과
<img src="http://drive.google.com/uc?export=view&id=110pVVvZWDox_0jwe56LwxSOTW-0ke3wy" alt=""></p>
<p>정보 노출 테스트 결과
<img src="http://drive.google.com/uc?export=view&id=11zR-koViS9BxoxfNRrGLwq6ywpl7O9on" alt=""></p>
주주http://www.blogger.com/profile/03269026000143851146noreply@blogger.com0tag:blogger.com,1999:blog-252851285535116334.post-45898812655073290792022-03-23T22:22:00.003-07:002022-04-24T22:57:08.859-07:00WAS | WebSphere when native_stdout file capacity continues to increase<h1>WebSphere when native_stdout file capacity continues to increase</h1>
<hr>
<p>OS : CentOS 7 3.10.0-957.el7.x86_64</p>
<h3>issue</h3>
<p>JVM-"Java"-Logs(SystemOut, SystemErr)의 경우 WebSphere에는 로그 순환을 허용하는 내장 메커니즘이 있다(시간 또는 크기 기반 접근법 또는 두 가지 접근법의 혼합).
JVM-"프로세스"-Logs(native_stderr, native_stdout)의 경우 WebSphere에는 이러한 내장 메커니즘이 없다.</p>
<p>특히 native_stderr 파일을 로그 로테이션을 전하고자 하는 주된 이유는 일반적으로 가비지 콜렉션의 verbosegc(Verbose Garbassy Collection) 항목이 포함되기 때문이며, 이 파일은 수행된 모든 가비지 콜렉션(GC) 사이클과 관련 통계(예: GC 실행 전/후 메모리 양)의 레코드 저장소다.
이러한 verbosegc 레코드는 시간이 지남에 따라 크게 증가하므로 native_stderr파일은 상당히 커질수 있다.</p>
<ul>
<li>상세한 가비지 콜렉션 옵션 On
<img src="http://drive.google.com/uc?export=view&id=1nu9_m1pcDSj4jhjH3Zn4IYLI-ULWSguJ" alt=""></li>
</ul>
<h3>Solution plan</h3>
<p>JVM의 -Xverbosegclog 옵션을 활용해서 GC 로그를 별도로 생성 하는 방식으로 우회해서 사용할 수 있다.</p>
<ul>
<li>상세한 가비지 콜렉션 옵션 Off</li>
<li>JVM -Xverbosegclog 설정
구문</li>
</ul>
<pre><code> -Xverbosegclog[:<filename>[,<x>,<y>]]
</code></pre>
<p>where <file> specifies a base filename,
<X> is the number of files being used and
<Y> is the number of GC cycles contained in one file (before rollover).</p>
<p>-verbose:gc<br>
-Xloggc:${SERVER_LOG_ROOT}\verbosegc.log<br>
-XX:+UseGCLogFileRotation<br>
-XX:NumberOfGCLogFiles=10<br>
-XX:GCLogFileSize=10M<br>
-XX:+PrintGCDateStamps<br>
-XX:+PrintGCDetails</p>
<p>예)</p>
<pre><code>-Xverbosegclog:/app/was/gclogs/websphere/server1/gc.%Y%m%d.%H%M%S.%pid.txt
</code></pre>
<p><img src="http://drive.google.com/uc?export=view&id=1bBGgYi9ovzJjZbVQE8ekYJU5ulGypAw_" alt=""></p>
주주http://www.blogger.com/profile/03269026000143851146noreply@blogger.com0tag:blogger.com,1999:blog-252851285535116334.post-9979273803668349172022-03-16T23:04:00.001-07:002022-03-16T23:08:43.492-07:00WAS | WebSphere console TLSv 1.2
<html>
<head>
<meta charset="UTF-8"></meta>
<title>pdf 뷰어 테스트</title>
</head>
<body>
<h2>▌ issue :</h2>
<p>특정 브라우저 접속시 콘솔 접근이 불가능할 경우</p>
<h2>▌ cause of a problem :</h2>
<p>브라우저 정책 변경으로 TLSv1.1 이하 프로토콜이 차단되어 문제가 발생</p>
<!-- src="./viewer.html?file=pdf파일경로" -->
<iframe height="530" src="https://drive.google.com/file/d/1WjyJJ9tLfMW-AxjrzHXr5zX1PKfSB0SU/preview" width="100%"></iframe>
</body>
</html>주주http://www.blogger.com/profile/03269026000143851146noreply@blogger.com0tag:blogger.com,1999:blog-252851285535116334.post-44026885450517077982021-12-19T18:00:00.006-08:002021-12-19T18:12:29.965-08:00WAS | WebSphere 전체 Log4j 보안 취약점 관련 내용 정리<h1>WebSphere 전체 Log4j 보안 취약점 관련 내용 정리</h1>
<p><em>Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)</em></p>
<hr>
<p>Affected Products and Versions</p>
<table>
<thead>
<tr>
<th>Affected Product(s)</th>
<th>Version(s)</th>
</tr>
</thead>
<tbody>
<tr>
<td>WebSphere Application Server Liberty</td>
<td>Continuous delivery</td>
</tr>
<tr>
<td>WebSphere Application Server</td>
<td>9.0</td>
</tr>
<tr>
<td>WebSphere Application Server</td>
<td>8.5</td>
</tr>
<tr>
<td>WebSphere Application Server</td>
<td>8.0</td>
</tr>
<tr>
<td>WebSphere Application Server</td>
<td>7.0</td>
</tr>
</tbody>
</table>
<h2>관련 취약점 내용</h2>
<p>아래의 이슈 사항을 확인 해보면 되지만 간략하게 정리 했습니다.
전체 플랫폼의 이슈되는 APP는 UDDI.ear 이면 기본적으로 구성을 위해 별도의 설치가 필요합니다.(미 사용중이라 영향도 없음)</p>
<p>결국 9.x kc.war 문제가 되며 해당 APP 경우 관리콘솔 도움말에 사용중 인 것으로 보이며, 문제가 되는 클래스 제거하거나
라이브러리를 제거 하는 식으로 임시 조치를 취하고 있습니다.</p>
<h4>1. WebSphere Application Server traditional release 9.0 only:</h4>
<p>Remove <WAS_HOME>/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j*.jar from any system running the WebSphere admin console and restart the application server.<br>
Note: If any future service (prior to 8.5.5.21 or or 9.0.5.11) is applied to the install the log4j files will be restored without warning.<br>
If the kc.war application has been installed then uninstall it. For instructions on how to determine if kc.war is installed see question Q9 in our Log4Shell (CVE-2021-44228) FAQ.<br>
Remove <WAS_HOME>/installableApps/kc.war</p>
<h4>2. All WebSphere Application Server traditional releases:</h4>
<p>Users of the UDDI Registry Application: Remove log4j*.jar from within the <WAS_HOME>/installableApps/uddi.ear<br>
archive and update (redeploy) any installed (deployed) copies of the UDDI Registry application.<br>
Users who do not use the UDDI Registry Application should remove <WAS_HOME>/installableApps/uddi.ear</p>
<p>IBM 보고된 내용 링크<br>
https://www.ibm.com/support/pages/node/6526750</p>
<h4>3. Log4j 1.x 추가 사항</h4>
<p><em>웹스피어의 경우 이경우가 UDDI.ear 따로 해당 기능을 사용하지 않으면 추가적인 조치가 필요 없음)</em></p>
<p>Is Log4j 1.x vulnerable</p>
<p>There is still a lot of information coming out surrounding Log4Shell. At the time this blog was published, Apache said that Log4j 1.2 is vulnerable in a similar way when Log4j is configured to use JMSAppender, which is not part of the default configuration, but is not specifically vulnerable to CVE-2021-44228. This vulnerability in Log4j 1.2 has been assigned CVE-2021-4104.</p>
<p>Is there a patch available for Log4j 1.2?</p>
<p>No, Log4j branch 1.x has reached end of life (EOL) status, and therefore does not receive security updates. Users are instructed to upgrade to Log4j 2.12.2 (for Java 7) or 2.16.0 or greater.</p>
<p>How do I address CVE-2021-4104?</p>
<p>There are a few mitigation options that can be used to prevent exploitation of CVE-2021-4104.</p>
<ul>
<li>Do not use the JMSAppender in the Log4j configuration</li>
<li>Remove the JMSAppender class file (org/apache/log4j/net/JMSAppender.class)</li>
<li>Limit OS user access to prevent an attacker from being able to modify the Log4j configuration</li>
</ul>
주주http://www.blogger.com/profile/03269026000143851146noreply@blogger.com0tag:blogger.com,1999:blog-252851285535116334.post-29284515079009650712021-03-09T22:02:00.005-08:002021-03-09T22:05:10.325-08:00WEB | Converting p12 to kdb files using gskcmd <h1>Converting p12 to kdb files using gskcmd</h1>
<hr>
<h2><strong>Test Environment</strong></h2>
-Test Version : IBM HTTPServer v9.x
<h2>Key file conversion</h2>
<h3>1. pem to p12</h3>
<p># openssl pkcs12 -export -inkey Wildcard.test.co.kr_pem.key -in Wildcard.cardif.co.kr_pem.pem -out Wildcard.test.co.kr.p12</p>
<h3>2. p12 to kdb</h3>
<ol>
<li>
<p>You can invoke the gskcapicmd from the install_root/bin directory</p>
</li>
<li>
<p>Converting key file
</li>
</ol>
<p># ./gskcapicmd -cert -export -target key.kdb -db /sw/img/Wildcard.cardif.co.kr.p12 -fips -target_type cms -type pkcs12</p>
<p># ./gskcapicmd -cert -import -target ../ssl/key.kdb -target_pw <i>{password}</i> -db /sw/img/Wildcard.cardif.co.kr.p12 -pw <i>{password}</i></p>
<p># ./gskcapicmd -cert -setdefault -db ../ssl/key.kdb -pw <i>{password}</i> -label "*.test.co.kr"</p>
주주http://www.blogger.com/profile/03269026000143851146noreply@blogger.com0tag:blogger.com,1999:blog-252851285535116334.post-18144209913966713432020-10-11T22:20:00.005-07:002020-10-11T22:20:53.974-07:00WAS | WebSphere 보안 취약점 관련 access Log 설정<h1>WebSphere 보안 취약점 관련 access Log 설정</h1>
<hr>
<p><strong>Test Environment</strong></p>
<ul>
<li>Test Version : WebSphere v8.5</li>
</ul>
<hr>
<h2>NCSA access Log and HTTP error log set up</h2>
<h3>HTTP Access</h3>
<ol>
<li>전체 로그 설정</li>
</ol>
<ul>
<li>Click Servers > Server Types > WebSphere application servers > server_name > NCSA access and HTTP error logging.</li>
<li>Select Enable logging service at server start-up.</li>
<li>Ensure that Enable access logging is selected.
<img src="https://drive.google.com/uc?export=download&id=1cU4F-D52MAh21rqeKHNvzLTWFc9AcXNZ" alt=""></li>
</ul>
<ol start="2">
<li>컨테이너별 로그 설정 part 1</li>
</ol>
<ul>
<li>Application servers > server1 > Web container transport chains > HttpQueueInboundDefault > HTTP inbound channel (HTTP_2)</li>
<li>Select Enable logging.
<img src="https://drive.google.com/uc?export=download&id=18HeoqKKoS04te6UoIWQNcLdJAGJYwilj" alt="">
<img src="https://drive.google.com/uc?export=download&id=1ObZeHNE9aILmJr4HrhQlY2P7azoHrhXG" alt=""></li>
</ul>
<ol start="3">
<li>컨테이버별 로그 설정 part 2</li>
</ol>
<ul>
<li>Application servers > server1 > Web container transport chains > WCInboundDefault > HTTP inbound channel (HTTP_2)<br>
<img src="https://drive.google.com/uc?export=download&id=1KC_Qlqodtllf6_OQoCmh2BIkeEYIHe88" alt=""></li>
</ul>
<h4>로그 포맷 변경시</h4>
<p>참조 링크</p>
<blockquote>
<p>https://www.ibm.com/support/knowledgecenter/ko/SSEQTP_8.5.5/com.ibm.websphere.base.doc/ae/ttrb_access_logging.html</p>
</blockquote>
<p>설정 위치</p>
<ul>
<li>
<p>Go to the custom properties page for the wanted transport chain. Click Servers > Server Types > WebSphere application servers > server_name > Web Container Settings > Web container transport chains > chain_name > HTTP_channel_name > Custom properties.</p>
</li>
<li>
<p>Costum properties</p>
<ul>
<li>key</li>
</ul>
<blockquote>
<p>accessLogFormat</p>
</blockquote>
<ul>
<li>value</li>
</ul>
<blockquote>
<p>%h %u %t "%r" %s %b %D "%{Referer}i" "%{User-agent}I" %{JESSIONID}C<br>
%h %i %u %t "%r" %s %b %D</p>
</blockquote>
</li>
</ul>
<p><img src="https://drive.google.com/uc?export=download&id=14sbHrsGbzkphcPa1d2_HlupvzjFJW2VR" alt="">
<img src="https://drive.google.com/uc?export=download&id=1eMXfI0bzRf5p07F_2pXOg4ECqNq0azrJ" alt=""></p>
주주http://www.blogger.com/profile/03269026000143851146noreply@blogger.com0tag:blogger.com,1999:blog-252851285535116334.post-76965634194063812382020-08-12T01:30:00.007-07:002020-08-12T01:30:43.821-07:00SSL | WebSphere TLS Clearing issues<h1>WebSphere TLS Clearing issues</h1>
<h2>Is TLS v1.2 supported in WebSphere Full Profile 7.0, 8.0, 8.5? What's minimum fix pack?</h2>
<p>Answer: TLsv1.2 Suppport on V7.0.0.23 on wards TLsv1.2 Support on 8.0.0.3 onwards and 8.5.0.0.</p>
<ul>
<li>
<p>TLS v1.2 supported in WebSphere with following JDK version.
7.0.0.23 comes JDK version as follows and TLSv1.2 supported
SDK 6<br>
(32-bit) pap3260sr10fp1-20120321_01(SR10 FP1)<br>
(64-bit) pap6460sr10fp1-20120321_01(SR10 FP1)</p>
</li>
<li>
<p>8.0.0.3 comes with JDK version follows and TLSv1.2 supported<br>
SDK 6.0.1 (J9 2.6)<br>
(32-bit) pap3260_26sr1fp1-20120309_01(SR1 FP1)<br>
(64-bit) pap6460_26sr1fp1-20120309_01(SR1 FP1)</p>
</li>
<li>
<p>8.5 comes with JDK version follows and TLSv1.2 supported<br>
SDK 6.0.1 (J9 2.6)<br>
(32-bit) pap3260_26sr2ifix-20120419_02(SR2+IV19661)<br>
(64-bit) pap6460_26sr2ifix-20120419_02(SR2+IV19661)</p>
</li>
</ul>
<p>This change allows TLS 1.1 and 1.2 to be configured at the
webserver plugin in 8.0 and later on distributed platforms.</p>
<ul>
<li>TLS 1.1 and 1.2 is not supported on zOS at this time.</li>
<li>Despite this APAR being listed in 7.0 fixpacks, 7.0 does
not support TLs1.1 and TLS1.2 due to the use of GSKit V7.</li>
</ul>
<h2>WAS</h2>
<p>Click Security > SSL configurations
CellDefaultSSLsetting , NodedefaultSSLsetting and any other SSLConfig</p>
<pre><code class="language-text">1. Select each SSL Configuration described above, then click Quality of protection (QoP) settings under Additional Properties.
2. On the **Quality of protection (QoP)** settings panel, select TLSv1.2 from the pull-down list in the box named Protocol. change the protocol to TLSV1.2
3. update ssl.client.props
This must be done for each **ssl.client.props** file under the following directories:
For Node example WAS_install\profiles\AppSrv01\properties
For DMGR example WAS_install\profiles\Dmgr01\properties
**com.ibm.ssl.protocol=TLSv1.2**
4. stopNode.sh && stopManager.sh
5. startManager.sh
6. syncNode.sh dmgrhostname dmgrsoapport -username userid -password password
7. startNode.sh
8. Click Protocol : openssl s_client -connect webspherehostname:9443 -tls1_2
</code></pre>
<h2>WEB</h2>
<p>update httpd.conf</p>
<pre><code>VirtualHost
SSLProtocolEnable TLSv12
SSLProtocolDisable SSLv2 SSLv3 TLSv10 TLSv11
</code></pre>
<h2>Plg</h2>
<p>Why do I receive a GSK_ERROR_SOCKET_CLOSED (gsk rc = 420) error, when WebSphere Application Server and IBM HTTP Server are configured to use TLSv1.2?
Answer: you need to <strong>have StrictSecurity="true"</strong> in the plugin-cfg.xml for TLSv1.2 to work. More details see the following link</p>
주주http://www.blogger.com/profile/03269026000143851146noreply@blogger.com0tag:blogger.com,1999:blog-252851285535116334.post-22795565033384972862020-08-02T22:15:00.001-07:002020-08-02T22:16:08.626-07:00WAS | Liberty Core installUtility command<h1>To use the Liberty installUtility command.</h1>
<hr>
<p>version : IBM Liberty Core 20.0.0.6
OS : CentOS 7.2</p>
<hr>
<h2>feature Search</h2>
<pre><code class="language-sh"># installUtility find {feature_name} --type=feature
</code></pre>
<p><img src="" alt=""></p>
<h3>feature Download</h3>
<pre><code class="language-sh"># installUtility Download {feature_name} --location={download_path} --acceptLicense
</code></pre>
<h3>repositories</h3>
<p>저장소 저장을 위해 repositories.properties 작성</p>
<blockquote>
<p>properties file path ${wlp.install.dir}/etc/repositories.properties file.</p>
</blockquote>
<pre><code class="language-properties"># feature download path or featue zip path
local-rep.url=/SW/img/LibertyUtility
</code></pre>
<p><img src="https://drive.google.com/uc?export=view&id=1ihyJLgBp1ryPxmj4AqomZc7GSFbupWua" alt=""></p>
<h3>viewSettings</h3>
<p><img src="https://drive.google.com/uc?export=view&id=1g20LlZkFqFILOHg7rBpc_jG7EXeoo0Ot" alt=""></p>
<h3>testConnection</h3>
<p>저장소 연결 테스트</p>
<pre><code class="language-sh"># installUtility testConnection default
</code></pre>
<p><img src="https://drive.google.com/uc?export=view&id=1xNSqX2fUvKHWhNTJGnubtZyGSuVSZUsQ" alt=""></p>
<h3>fixpackCenter feature Download</h3>
<p><a href="https://www.ibm.com/support/knowledgecenter/en/SSEQTP_liberty/com.ibm.websphere.wlp.doc/ae/twlp_config_installutility.html">wlp Info Center</a><br>
<a href="https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Liberty&release=All&platform=All&function=fixId&fixids=wlp-featureRepo-*&includeSupersedes=0">feature fix</a></p>
주주http://www.blogger.com/profile/03269026000143851146noreply@blogger.com0tag:blogger.com,1999:blog-252851285535116334.post-6377852031788384392020-07-19T04:06:00.000-07:002020-07-19T04:06:16.121-07:00WAS | WebSphere v9.0.5.1 Basic install guide<h1>WebSphere v9.0.5.1 Basic install guide</h1>
<blockquote></blockquote>
<hr>
<p>OS : CentOS 7 3.10.0-957.el7.x86_64</p>
<h2>IM imcl install</h2>
<blockquote>
<p>tip. Check the package name simply
{img_file}/Offerings</p>
</blockquote>
<h4>IM install</h4>
<pre><code>./imcl install com.ibm.cic.agent -repositories "/sw/img/im/repository.config" -installationDirectory "/sw/IBM/InstallationManager/eclipse" -sharedResourcesDirectory "/sw/IBM/IMShared" -acceptLicense -sP
</code></pre>
<blockquote>
<p>In this guide, use the existing Installation Manager.</p>
</blockquote>
<pre><code># cd /sw/IBM/InstallationManager/eclipse/tools
</code></pre>
<h4>WebSphere install</h4>
<pre><code>./imcl install com.ibm.websphere.BASE.v90_9.0.5001.20190828_0616 -repositories "/sw/img/base" -installationDirectory "/sw/was/AppServer9" -sharedResourcesDirectory "/sw/IBM/IMShared" -acceptLicense -properties cic.selector.nl=ko -sP
</code></pre>
<blockquote>
<p>tip. Starting with websphere version 9.0, Java installation should also proceed.</p>
</blockquote>
<pre><code>#install
./imcl install com.ibm.websphere.BASE.v90_9.0.5001.20190828_0616 com.ibm.java.jdk.v8_8.0.5041.20190924_1031 -repositories "/sw/img/base","/sw/img/sdk" -installationDirectory "/sw/was/AppServer9" -sharedResourcesDirectory "/sw/IBM/IMShared" -acceptLicense -properties cic.selector.nl=ko -sP
#fix install
./imcl install com.ibm.websphere.BASE.v90_9.0.5003.20200226_0941 -acceptLicense -installationDirectory "/sw/was/AppServer9" -repositories "/sw/img/fixwas" -sP
</code></pre>
<h4>IBM HTTPServer install</h4>
<pre><code>./imcl install "com.ibm.websphere.IHS.v90_9.0.5001.20190828_0616" "com.ibm.java.jdk.v8_8.0.5041.20190924_1031" -repositories "/sw/img/ihs","/sw/img/sdk" -installationDirectory "/sw/web/IHS9" -sharedResourcesDirectory "/sw/IBM/IMShared" -acceptLicense -sP -properties user.ihs.httpPort="80"
#fix
./imcl install com.ibm.websphere.IHS.v90_9.0.5003.20200226_0941 -acceptLicense -installationDirectory "/sw/web/IHS9" -repositories "/sw/img/fixweb" -sP
</code></pre>
<h4>Plugins install</h4>
<pre><code>./imcl install com.ibm.websphere.PLG.v90_9.0.5001.20190828_0616 com.ibm.java.jdk.v8_8.0.5041.20190924_1031 -repositories "/sw/img/plg","/sw/img/sdk" -installationDirectory "/sw/web/Plugins9" -sharedResourcesDirectory "/sw/IBM/IMShared" -acceptLicense -sP
#fix
./imcl install com.ibm.websphere.PLG.v90_9.0.5003.20200226_0941 -acceptLicense -installationDirectory "/sw/web/Plugins9" -repositories "/sw/img/fixweb" -sP
</code></pre>
<h4>version Info</h4>
<ol>
<li>imcl listInstalledPackages</li>
<li>{install_home}/bin/versionInfo.sh</li>
</ol>
주주http://www.blogger.com/profile/03269026000143851146noreply@blogger.com0tag:blogger.com,1999:blog-252851285535116334.post-80353535486088838812020-07-19T03:24:00.000-07:002020-07-19T03:24:13.925-07:00Windows 10 | edge change the default search engine<h1>Windows 10 | edge change the default search engine</h1>
<blockquote>
<p>Test Environment<br>
Test OS : Windows 10</p>
</blockquote>
<hr>
<h2>1. 설정</h2>
<p><img src="https://drive.google.com/uc?export=view&id=1lxnWDTYdlCWApAutO_bRptb1eQ8goTFL" alt="part1"></p>
<blockquote>
<p>tip. Copy and paste "edge://settings/search" (without the quotes) into your address bar.</p>
</blockquote>
<h2>2. 개인 정보 및 서비스</h2>
<p><img src="https://drive.google.com/uc?export=view&id=1dxGFCTSle19AQ4G621esOpjQ717RbSxu" alt="part2"></p>
<h2>3. 주소 표시줄 > 원하는 검색 엔진 변경</h2>
<p><img src="https://drive.google.com/uc?export=view&id=13AZJwKmvokzs0gcpCPwXrZqjZiHlG-t9" alt="part3"></p>
주주http://www.blogger.com/profile/03269026000143851146noreply@blogger.com0tag:blogger.com,1999:blog-252851285535116334.post-82378194074008015012020-06-10T02:41:00.002-07:002020-08-02T22:16:37.475-07:00CMD | 특정 확장자 권한 일괄 변경<h1>특정 확장자 권한 일괄 변경</h1>
<blockquote>
<p>사용 환경에서 필요한 내용만 정리.</p>
</blockquote>
<h3>시스템 환경</h3>
<blockquote>
<p>OS : CentOS 7 3.10.0-957.el7.x86_64</p>
</blockquote>
<h3>사용 방법</h3>
<p>보안 취약점 디렉토리 및 파일 권한 변경 조치에 따른 예시</p>
<ul>
<li>Permission Change (주로 사용 하는 방법) :</li>
</ul>
<pre><code class="language-cmd">chown -R wasadm:wasadm ./*
chmod -R 750 ./*
find . -name *.xml -exec chmod 640 {} \;
find . -name *.log -exec chmod 640 {} \;
find . -name *.properties -exec chmod 640 {} \;
</code></pre>
주주http://www.blogger.com/profile/03269026000143851146noreply@blogger.com0tag:blogger.com,1999:blog-252851285535116334.post-63227610446602188432020-06-10T02:38:00.001-07:002020-10-12T19:07:58.616-07:00WAS | How to disable server name header<h2>WebSphere - How to disable server name header</h2>
<h3>Test Version</h3>
<ul>
<li>Test OS : CentOS 7.2</li>
<li>Test WAS : WebSphere v8.5</li>
</ul>
<h3>X-Powered-By disable setting</h3>
<ul>
<li>
<p>보안 취약점 사항</p>
</li>
<li>
<p>IBM HTTPServer (apache)<br>
This can be mitigated by adding (httpd.conf):</p>
</li>
</ul>
<pre><code class="language-conf">AddServerHeader Off
ServerTokens Prod
ServerSignature Off
</code></pre>
<ul>
<li>
<p>WebSphere<br>
v8.5.0.2 이하 버전에서는 두가지 옵션으로 server version 노출을 방지.</p>
</li>
<li>
<p>ServerHeaderValue :<br>
Use the ServerHeaderValue property to replace the default value of the Server header that is added to all outgoing HTTP responses by server if a Server header does not already exist. The default value for the Server header is WebSphere Application Server v/x.x, where x.x is the version of WebSphere Application Server that is running on your system.
<img src="https://drive.google.com/uc?export=view&id=1nSTnrcOBHkSYzO3oA_RErr_TWfBi7_3h" alt=""></p>
</li>
<li>
<p>RemoveServerHeader :<br>
Use the RemoveServerHeader property to force the removal of any server header from HTTP responses that the application server sends, thereby hiding the identity of the server program.
<img src="https://drive.google.com/uc?export=view&id=1z3o55uPfj9Bdu2TfSNywB9pL70igchif" alt=""></p>
</li>
</ul>
<blockquote>
<p>setting link : https://www.ibm.com/support/knowledgecenter/SSEQTP_8.5.5/com.ibm.websphere.base.doc/ae/rrun_chain_httpcustom.html</p>
</blockquote>
<blockquote>
<p>Starting with Version 8.5.0.2, a Server header is no longer automatically added to all outgoing HTTP responses if a Server header does not already exist. If you add this property with a value, that value is included in the Server header that appears in the response. If you specify the value DefaultServerValue, WebSphere Application Server v/x.x is used as the Server header value.</p>
</blockquote>
주주http://www.blogger.com/profile/03269026000143851146noreply@blogger.com0tag:blogger.com,1999:blog-252851285535116334.post-70326942436702971602020-06-10T02:15:00.004-07:002020-06-14T20:46:14.649-07:00WebSphere - How to disable X-Powered-By header<h2>WebSphere - How to disable X-Powered-By header</h2>
<h3>Test Version</h3>
<ul>
<li>Test OS : CentOS 7.2</li>
<li>Test WAS : WebSphere v.8.5</li>
</ul>
<h3>X-Powered-By disable setting</h3>
<ul>
<li>보안 취약점 사항</li>
</ul>
<blockquote>
<p>You can set the property 'com.ibm.ws.webcontainer.disablexPoweredBy' to true as described in the section</p>
</blockquote>
<p><img src="https://drive.google.com/uc?export=view&id=1qzxnOHt7vR4p2yKyLXE9pnMZdMM52Ejo" alt=""></p>
<p><img src="https://drive.google.com/uc?export=view&id=1eU51WAjm_hYQMiANT6joODFPAnENHkWW" alt=""></p>
<blockquote>
<p>setting link : https://www.ibm.com/support/knowledgecenter/ko/SSAW57_8.5.5/com.ibm.websphere.nd.multiplatform.doc/ae/rweb_custom_props.html#com.ibm.ws.webcontainer.DisableXPoweredByHeader</p>
</blockquote>
<p><img src="https://drive.google.com/uc?export=view&id=1ktM8iOnbGD06cT-0kFNzmMjNH5PMSLb8" alt=""></p>
<p>설정 이후 서버 재 기동 필요.</p>
주주http://www.blogger.com/profile/03269026000143851146noreply@blogger.com0tag:blogger.com,1999:blog-252851285535116334.post-52433363864613430132020-03-10T21:33:00.002-07:002020-03-10T21:33:30.536-07:00CMD - 개행 문자 일괄 제거 방법<h1>파일 업로드후 개행 문자 제거 방법</h1><hr><h2><strong>Test environment</strong></h2><p>OS : AIX</p><h3>Issue</h3><h4>windows 에서 작업후 파일 업로드하고 vi로 열면 아래와 같이 개행 문자가 보임.</h4><p>vi로 열면 아래와 같이 개행 문자가 보임</p><pre><code class="language-shell">#!/bin/sh^M
#./startServer.sh server_name^M
#./stopServer.sh server_name -username username -password password^M
</code></pre><ul><li>Perl 명령어를 통해 개행 문자 제거<br><br />
perl -pi -e 's/^M//g' {file_name}</li>
</ul><pre><code class="language-shell">test1 root [/was8/bin]#perl -pi -e 's/^M//g' stopWasAll.sh
perl -pi -e 's/\015//g' startWeb.sh
perl -pi -e 's/\015//g' stopWeb.sh
</code></pre><p>vi로 열어 보면 이제 개행 문자가 사라진 모습을 확인 할 수 있다.</p><pre><code class="language-shell">test1 root [/was8/bin]#vi stopW*.sh
#!/bin/sh
#./startServer.sh server_name
#./stopServer.sh server_name -username username -password password
#PropFilePasswordEncoder.sh
#export LANG=en_us.utf8
</code></pre>주주http://www.blogger.com/profile/03269026000143851146noreply@blogger.com0tag:blogger.com,1999:blog-252851285535116334.post-28930923777436197542020-03-10T21:23:00.000-07:002020-03-10T21:23:16.790-07:00WEB - apache 설치 가이드<h1>apache 설치 가이드</h1><p>실 사용 환경에서 필요한 내용만 정리</p><hr><h2><strong>Test environment</strong></h2><p>OS : CentOS 7 3.10.0-957.el7.x86_64</p><h3>사전 작업</h3><p>Install APR (Apache Protable Runtime)</p><p>컴파일방식으로 설치 하기 때문에 사전에 APR을 다운로드<br><br />
최신 Apache HTTP Server 사용하기 위해서는 버전에 맞는 APR 설치가 필요.</p><ul><li>패키지 사전 설치 확인<br><br />
yum -y install gcc make gcc-c++ pcre-devel</li>
</ul><h4>apr</h4><p>Download link : https://apr.apache.org/download.cgi</p><pre><code class="language-cmd">[root@was11 apr]$ ./configure --prefix=/SW/web/tools/apr
[root@was11 apr]$ make && make install
</code></pre><h4>apr-util</h4><pre><code class="language-cmd">#압축 해제
[root@was11 apr-util]$ ./configure --prefix=/SW/web/tools/apr-util --with-apr=/SW/web/tools/apr
[root@was11 apr-util]$ make && make install
</code></pre><h4>PCRE</h4><p>https://www.pcre.org/</p><pre><code class="language-cmd">[root@was11 pcre]# ./configure --prefix=/SW/web/tools/pcre
[root@was11 pcre]# make && make install
</code></pre><h4>openssl</h4><p>Download link : https://www.openssl.org/source/</p><pre><code class="language-cmd">
[root@was11 openssl]# ./config --openssldir=/SW/web/tools/openssl
</code></pre><h4>make</h4><pre><code>make uninstall
</code></pre><h3>주요 내용</h3><pre><code class="language-cmd">[root@was11 httpd24]$ tar -zxvf httpd-2.4.41.tar.gz
[root@was11 openssl]# make && make install
</code></pre><h4>configure command</h4><pre><code class="language-cmd">[root@was11 httpd24]# ./configure -prefix=/SW/web/httpd24 -enable-so -enable-rewrite --enable-proxy -enable-ssl -enable-mods-shared=all -enable-modules=shared -enable-mpms-shared=all --with-mpm=worker --with-apr=/SW/web/tools/apr --with-apr-util=/SW/web/tools/apr-util --with-pcre=/SW/web/tools/pcre --with-ssl=/SW/web/tools/openssl --enable-ssl -enable-unique-id
[root@was11 httpd24]# make && make install
</code></pre><h4>start</h4><pre><code class="language-cmd">/SW/web/httpd24/bin/apachectl start
</code></pre><p><img src="https://drive.google.com/uc?export=view&id=1cGjEgy7GP0Or-koT5FkHZSe9kQv5FGqH" alt="indexpage"></p>주주http://www.blogger.com/profile/03269026000143851146noreply@blogger.com0tag:blogger.com,1999:blog-252851285535116334.post-22425279299671940722020-02-08T19:47:00.002-08:002020-02-08T19:47:35.391-08:00CMD - 자주 사용하는 find 명령어<h1>find 명령어 간단 사용법</h1><blockquote><p>실 사용 환경에서 필요한 내용만 정리.</p></blockquote><hr><h2><strong>Test environment</strong></h2><p>OS : CentOS 7 3.10.0-957.el7.x86_64</p><h3>주요 내용</h3><p>기본 명령어</p><blockquote><p>find ~ -name readme.txt<br />
find [-H] [-L] [-P] [path...] [expression]</p></blockquote><ul><li>이름으로 파일 찾기</li>
</ul><pre><code class="language-cmd">[root@localhost /]# find /sw -name "Mem.sh"
/sw/Mem.sh
</code></pre><ul><li>이름으로 현재 디렉토리의 파일 찾기 (.)</li>
</ul><pre><code class="language-cmd">[root@localhost /]# find . -name "Mem.sh"
find: ‘./run/user/1000/gvfs’: Permission denied
./sw/Mem.sh
</code></pre><ul><li>대소문자 구분 없이 파일 찾기 (iname)</li>
</ul><pre><code class="language-cmd">[root@localhost sw]# find /sw -iname "Mem.sh"
/sw/Mem.sh
/sw/MEM.sh
</code></pre><ul><li>n일 이내의 변경된 파일 찾기</li>
</ul><pre><code class="language-cmd">[root@localhost /]# find /sw -name "*.sh" -mtime -1
/sw/Mem.sh
/sw/Mem1.sh
/sw/MEM.sh
</code></pre><ul><li>검색된 파일의 문자열 찾기</li>
</ul><pre><code class="language-cmd">[root@localhost /]# find /sw -name "*.sh" -mtime -1 | xargs grep "Mem"
/sw/Mem.sh:MEMINFO=`cat /proc/meminfo | grep 'MemTotal\|MemFree\|Buffers\|Cached'`
/sw/Mem1.sh: TOTAL=`free | grep ^Mem: | awk '{print $2}'`
/sw/Mem1.sh: USED=`free | grep ^Mem: | awk '{print $3}'`
/sw/Mem1.sh: FREE=`free | grep ^Mem: | awk '{print $4}'`
/sw/Mem1.sh: BUFFER=`free | grep ^Mem: | awk '{print $6}'`
</code></pre>주주http://www.blogger.com/profile/03269026000143851146noreply@blogger.com0tag:blogger.com,1999:blog-252851285535116334.post-24901364373833528072020-02-08T19:25:00.003-08:002020-02-08T19:25:30.294-08:00CDM - chwon 명령어 사용법<h1>파일 소유자 및 그룹 변경</h1><blockquote><p>실 사용 환경에서 필요한 내용만 정리.</p></blockquote><hr><h2><strong>Test environment</strong></h2><p>OS : CentOS 7 3.10.0-957.el7.x86_64</p><h2>주요 내용</h2><p>A file's owner can be changed using the chown command.</p><blockquote><p>chown [OPTION]... [OWNER][:[GROUP]] FILE...</p></blockquote><ul><li>chown 을 이용해서 파일 및 디렉토리 사용자, 그룹 변경</li>
</ul><pre><code class="language-cmd">[root@localhost sw]# chown -R root:root *
[root@localhost sw]# ls -alrt
total 8
dr-xr-xr-x. 18 root root 234 Feb 5 01:49 ..
drwxrwxrwx. 2 root root 6 Feb 5 01:49 img
drwx------. 2 root root 6 Feb 5 01:49 was
drwx------. 2 root root 6 Feb 5 01:49 web
drwxr-xr-x. 2 root root 6 Feb 5 01:49 app
drwxr-xr-x. 2 root root 6 Feb 5 01:49 java
drwxr-xr-x. 2 root root 6 Feb 5 01:49 bin
drwxr-xr-x. 2 root root 6 Feb 7 21:26 logs
-rwxr-xr-x. 1 root root 428 Feb 8 01:16 Mem.sh
-rwxr-xr-x. 1 root root 446 Feb 8 06:01 Mem1.sh
drwxr-xr-x. 9 root root 114 Feb 8 06:01 .
[root@localhost sw]# chown wasadm:wasadm img
[root@localhost sw]# chown wasadm:wasadm was
[root@localhost sw]# chown wasadm:wasadm Mem.sh
[root@localhost sw]# ls -alrt
total 8
dr-xr-xr-x. 18 root root 234 Feb 5 01:49 ..
drwxrwxrwx. 2 wasadm wasadm 6 Feb 5 01:49 img
drwx------. 2 wasadm wasadm 6 Feb 5 01:49 was
drwx------. 2 root root 6 Feb 5 01:49 web
drwxr-xr-x. 2 root root 6 Feb 5 01:49 app
drwxr-xr-x. 2 root root 6 Feb 5 01:49 java
drwxr-xr-x. 2 root root 6 Feb 5 01:49 bin
drwxr-xr-x. 2 root root 6 Feb 7 21:26 logs
-rwxr-xr-x. 1 wasadm wasadm 428 Feb 8 01:16 Mem.sh
-rwxr-xr-x. 1 root root 446 Feb 8 06:01 Mem1.sh
drwxr-xr-x. 9 root root 114 Feb 8 06:01 .
</code></pre>주주http://www.blogger.com/profile/03269026000143851146noreply@blogger.com0tag:blogger.com,1999:blog-252851285535116334.post-61117684757544025802020-02-08T06:03:00.000-08:002020-02-08T19:25:56.459-08:00CMD - free 명령어를 이용한 메모리 사용률 확인 방법<h1>메모리 사용률 확인</h1><blockquote><p>사용 환경에서 필요한 내용만 정리.</p></blockquote><h3>시스템 환경</h3><p>OS : CentOS 7 3.10.0-957.el7.x86_64</p><h3>실행 명령어</h3><p>centos 6.x 버전 밑 버전에서 메모리 읽는 방식이 7에서 부터는 변경이 되었다.<br />
(-/+ buffers/cache 부분이 사라졌다.)</p><blockquote><p>메모리 사용량 (%) = 메모리used/(메모리used+메모리free)*100</p></blockquote><ul><li>사용 예시</li>
</ul><pre><code class="language-cmd">[root@localhost sw]# free -m
total used free shared buff/cache available
Mem: 7803 892 4686 263 2224 6277
Swap: 8064 0 8064
</code></pre><p>메모리 사용률 계산<br />
$$Memusage=\frac{used}{total}*100<br />
$$</p><blockquote><p>sar -r 1 명령어를 통해서도 사용률 확인 가능 (%memused) 확인</p></blockquote><ul><li>초 단위로 버퍼 캐쉬 영역 분리 해서 메모리 확인</li>
</ul><pre><code class="language-cmd">[root@localhost sw]# free -mw -s 1
total used free shared buffers cache available
Mem: 7803 900 4627 308 2 2273 6224
Swap: 8064 0 8064
total used free shared buffers cache available
Mem: 7803 900 4627 308 2 2273 6224
Swap: 8064 0 8064
</code></pre><h4>Parameters</h4><table><thead>
<tr> <th>Parameters</th> <th></th> </tr>
</thead> <tbody>
<tr> <td>total</td> <td>총 메모리 크기</td> </tr>
<tr> <td>used</td> <td>사용중인 메모리 (free-buff/cache)</td> </tr>
<tr> <td>free</td> <td>여유 메모리 (used-buff/cache)</td> </tr>
<tr> <td>shared</td> <td>tmpfs, ramfs등에 사용되는 공유 메모리</td> </tr>
<tr> <td>buffer/cache</td> <td>커널 버퍼 / 페이지 캐시 slab 메모리</td> </tr>
<tr> <td>available</td> <td>swapping 없이 new ps에 할당 가능한 메모리 예상 크기</td> </tr>
</tbody> </table>주주http://www.blogger.com/profile/03269026000143851146noreply@blogger.com0tag:blogger.com,1999:blog-252851285535116334.post-37540847683327231482020-02-07T23:58:00.000-08:002020-02-08T19:26:23.503-08:00CMD - which, readlink 명령어를 활용법<h1>리눅스에 설치 된 JAVA 경로 확인 방법</h1><blockquote><p>사용 환경에서 필요한 내용만 정리.</p></blockquote><h3>시스템 환경</h3><p>OS : CentOS 7 3.10.0-957.el7.x86_64 </p><h3>실행 명령어</h3><p>사용 명령어 which, readlink</p><ul><li>which : 명령어의 경로를 확인하는 명령어</li>
<li>readlink : 심볼릭 링크의 원본 위치를 찾는 명령어 (-f : 최종 파일의 절대경로)</li>
</ul><blockquote><p>ll 명령어를 통해 찾아도 되지만, 심볼릭 링크가 여러번 사용되어 있는 경우 readlink 명령어로 찾는게 편함.</p></blockquote><pre><code class="language-cmd">#which
[wasadm@localhost sw]$ which java
/usr/bin/java
#readlink
[wasadm@localhost sw]$ readlink -f /usr/bin/java
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.181-7.b13.el7.x86_64/jre/bin/java
#ll
[wasadm@localhost sw]$ ll /usr/bin/java
lrwxrwxrwx. 1 root root 22 Feb 5 01:36 /usr/bin/java -> /etc/alternatives/java
[wasadm@localhost sw]$ ll /etc/alternatives/java
lrwxrwxrwx. 1 root root 71 Feb 5 01:36 /etc/alternatives/java -> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.181-7.b13.el7.x86_64/jre/bin/java
</code></pre>주주http://www.blogger.com/profile/03269026000143851146noreply@blogger.com0tag:blogger.com,1999:blog-252851285535116334.post-58872086139360963052020-02-07T22:37:00.002-08:002020-02-08T19:26:43.637-08:00CMD - chmod 명령어로 파일 및 경로 권한 부여 방법<h1>파일 및 경로 권한 부여 방법</h1><blockquote><p>사용 환경에서 필요한 내용만 정리.</p></blockquote><h3>시스템 환경</h3><p>OS : CentOS 7 3.10.0-957.el7.x86_64</p><h3>사용 방법</h3><p>Change the mode of each FILE to MODE.<br />
<br />
주의 할 점으로 <strong>chmod</strong> 의 경우 <strong>현재 상태</strong>의 권한을 변경.</p><ul><li>Permission Change<br />
<ul><li>주로 사용 하는 예시</li>
</ul></li>
</ul><pre><code class="language-cmd">[wasadm@localhost sw]$ chmod -R 700 ./was
[wasadm@localhost sw]$ chmod -R 700 ./web
[wasadm@localhost sw]$ chmod -R 755 ./bin
[wasadm@localhost sw]$ chmod -R 777 ./img
</code></pre><blockquote><p>하위 디렉토리 속성 까지 변경<br />
<br />
<strong>-R</strong>, --recursive change files and directories recursively</p></blockquote><p><img src="https://drive.google.com/uc?export=view&id=1Vp0QT1HSdsQ1qqXPfobhiLuXXJsN_m6G" alt="Permission"></p><p><img src="https://drive.google.com/uc?export=view&id=1Yv1etkt3ixdalWUPOJQkCoYiIHMIOCJK" alt="Permission"></p><h4>Options</h4><p><img src="https://drive.google.com/uc?export=view&id=1Ncln9LuDL4nnCqcQxG6sit7sni2NYxyJ" alt="Permission"></p><p>There are two ways to modify permissions, with numbers or with letters.</p><ol><li>문자열 모드</li>
</ol><table><thead>
<tr> <th>Parameters</th> <th></th> </tr>
</thead> <tbody>
<tr> <td>u</td> <td>User (the owner of the file) 소유자</td> </tr>
<tr> <td>g</td> <td>group (any member of the file's defined group) 그룹</td> </tr>
<tr> <td>o</td> <td>Other (anyone else) 기타 사용자</td> </tr>
<tr> <td>a</td> <td>All (equivalent to ugo) ugo 전체 사용자</td> </tr>
<tr> <td>+</td> <td>add permission</td> </tr>
<tr> <td>-</td> <td>remove permission</td> </tr>
<tr> <td>=</td> <td>set permission</td> </tr>
</tbody> </table><ol start="2"><li>숫자 모드 (많이 사용하는 모드)</li>
</ol><table><thead>
<tr> <th>Parameters</th> <th>symbol</th> <th>Permission</th> </tr>
</thead> <tbody>
<tr> <td>1</td> <td>---</td> <td>No Permission</td> </tr>
<tr> <td>2</td> <td>--x</td> <td>Execute</td> </tr>
<tr> <td>3</td> <td>-w-</td> <td>Write</td> </tr>
<tr> <td>4</td> <td>-wx</td> <td>Write and Execute</td> </tr>
<tr> <td>5</td> <td>r--</td> <td>Read</td> </tr>
<tr> <td>6</td> <td>rw-</td> <td>Read and Exceute</td> </tr>
<tr> <td>7</td> <td>rwx</td> <td>all</td> </tr>
</tbody> </table>주주http://www.blogger.com/profile/03269026000143851146noreply@blogger.com0tag:blogger.com,1999:blog-252851285535116334.post-74395227570827336062020-02-04T20:03:00.001-08:002020-02-04T20:03:06.603-08:00How to encrypt datasource password in JBoss EAP 7.x Case 2<h3>How to encrypt datasource password in JBoss EAP 7.x Case 2</h3><hr><p><strong>Test Environment</strong></p><ul><li>Test Version : JBoss EAP 7.2</li>
</ul><hr><h4>Set Up a Password Vault</h4><h4>Case 2</h4><p>Encrypt the data source password.<br />
use below command to encrypt database password,</p><p><em>Case1</em></p><pre><code class="language-shell">#!/bin/sh
echo "####################################"
echo database password changes Encoded
echo -e " password : \c "
read PASSWORD
echo "####################################"
/SW/was/java1.8/bin/java -cp $JBOSS_HOME/modules/system/layers/base/org/picketbox/main/picketbox-5.0.3.Final-redhat-3.jar:$JBOSS_HOME/modules/system/layers/base/org/jboss/logging/main/jboss-logging-3.3.2.Final-redhat-00001.jar:$CLASSPATH org.picketbox.datasource.security.SecureIdentityLoginModule $PASSWORD
</code></pre><ul><li>Run View<br />
<br />
<img src="https://drive.google.com/uc?export=view&id=1CSfDOnTDgxU0mPWsdf5ZzpuL-GD1MfdA" alt="password1"></li>
</ul><p><em>Case2</em></p><pre><code class="language-shell">#!/bin/sh
# config setting
export JAVA_HOME="/SW/was/java1.8"
export PATH="/SW/was/java1.8/bin":$PATH
JBOSS_HOME="/SW/was/JBoss7.2"
OVERLAY_DIRECTORY="$JBOSS_HOME/modules/system/layers/base/.overlays"
# password
echo ""
read -p " password : " PASSWORD
echo ""
if [ -d "$OVERLAY_DIRECTORY" ]; then
PATCH_SUBDIRECTORY=$(ls -dt $OVERLAY_DIRECTORY/* | grep "CP" | head -n 1)
echo patch subdirectory is: "$PATCH_SUBDIRECTORY"
SEARCH_DIRECTORY="$PATCH_SUBDIRECTORY/org/picketbox/main"
else
SEARCH_DIRECTORY="$JBOSS_HOME/modules/system/layers/base/org/picketbox/main"
fi
export CLASSPATH=$(find $(cd "$SEARCH_DIRECTORY"; pwd) -name "*.jar" -print | tr '\n' ':')$CLASSPATH
echo "####################################################"
java org.picketbox.datasource.security.SecureIdentityLoginModule "$PASSWORD"
echo "####################################################"
echo ""
</code></pre><ul><li>Run View<br />
<br />
<img src="https://drive.google.com/uc?export=view&id=1CZmM6HYZwn9PKVO0-mh4Fdes_b9WUf85" alt="password2"></li>
</ul><h4>Security Doamin</h4><ul><li>Add Security Doamin<br />
<br />
<img src="https://drive.google.com/uc?export=view&id=1anlAxWyVJ7-xVW33X4I9ViCjQTV2nBzz" alt="Secutity1"></li>
<li>Add Authernticatgion Module<br />
<br />
<img src="https://drive.google.com/uc?export=view&id=1RqN-8FxG-zuMxp3NdEwyUJdlKLm_IL7S" alt="Secutity2"></li>
<li>Module Option(key=value)<br />
<br />
<img src="https://drive.google.com/uc?export=view&id=1nQhIkEF-j6B66B6h0aipNyKIfY_tyQb3" alt="Secutity3"><br />
<br />
<img src="https://drive.google.com/uc?export=view&id=16idSjuw2rx3TSsPlMpbNf69W3mfAJ2rb" alt="Secutity4"></li>
<li>Add Datasource > Security > Security Domain<br />
<br />
<img src="https://drive.google.com/uc?export=view&id=1-gvTE9Cy2bJkYAOy_5CkyBTLFJYxv4iR" alt="Secutity5"></li>
<li>Test Connecation<br />
<br />
<img src="https://drive.google.com/uc?export=view&id=1BfUFG_-j_v5Rmp60bC3MQQb-X_jJuhwR" alt="Secutity6"></li>
</ul><ul><li>Standalone.xml or domain.xml 에서 직접 수정시 아래 내용 참고.</li>
</ul><pre><code class="language-xml"> <datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
<driver>h2</driver>
<security>
<security-domain>encryptedSecurityDB</security-domain>
</security>
</datasource>
.
.
.
<security-domain name="encryptedSecurityDB" cache-type="default">
<authentication>
<login-module name="encryptedSecurityDB" code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
<module-option name="username" value="sa"/>
<module-option name="password" value="9fdd42c2a7390d3"/>
<module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM"/>
</login-module>
</authentication>
</security-domain>
</code></pre><br />
주주http://www.blogger.com/profile/03269026000143851146noreply@blogger.com0tag:blogger.com,1999:blog-252851285535116334.post-78437576170633872312020-01-20T21:09:00.000-08:002020-01-22T22:45:41.726-08:00JBoss - EAP7.x domain mode <h2>JBoss - EAP7.x domain mode</h2><h2><img src="https://drive.google.com/uc?export=view&id=1qoxLvNXHbLqKQd1PWFg2xfyMPMs-sRuJ" alt="redhat" width="20%"></h2><p><strong>Test Environment</strong></p><ul><li>OS : Windows NT</li>
<li>Version : JBoss EAP 7.2</li>
</ul><hr><h3>add-user</h3><ul><li>사용자 계정 추가</li>
</ul><pre><code class="language-bat">F:\app\Redhat\JBoss7.2\bin>add-user.bat
What type of user do you wish to add?
a) Management User (mgmt-users.properties)
b) Application User (application-users.properties)
(a): a
Enter the details of the new user to add.
Using realm 'ManagementRealm' as discovered from the existing property files.
Username : admin
User 'admin' already exists and is enabled, would you like to...
a) Update the existing user password and roles
b) Disable the existing user
c) Type a new username
(a): a
Password recommendations are listed below. To modify these restrictions edit the add-user.properties configuration file.
- The password should be different from the username
- The password should not be one of the following restricted values {root, admin, administrator}
- The password should contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), 1 non-alphanumeric symbol(s)
Password :
Re-enter Password :
What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]:
Updated user 'admin' to file 'F:\app\Redhat\JBoss7.2\standalone\configuration\mgmt-users.properties'
Updated user 'admin' to file 'F:\app\Redhat\JBoss7.2\domain\configuration\mgmt-users.properties'
Updated user 'admin' with groups to file 'F:\app\Redhat\JBoss7.2\standalone\configuration\mgmt-groups.properties'
Updated user 'admin' with groups to file 'F:\app\Redhat\JBoss7.2\domain\configuration\mgmt-groups.properties'
Is this new user going to be used for one AS process to connect to another AS process?
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls.
yes/no? yes
To represent the user add the following to the server-identities definition <secret value="YWRtaW4xMiMk" />
</code></pre><p>domain mode 사용시 <code><secret value="YWRtaW4xMiMk" /></code> 값을 저장</p><h3>Summary</h3><p>Every host running in a managed domain must have a unique host name. To ease administration and allow for the use of the same host configuration files on multiple hosts, the server uses the following precedence for determining the host name.</p><ol><li>If set, the host element name attribute in the host.xml configuration file.</li>
<li>The value of the jboss.host.name system property.</li>
<li>The value that follows the final period (".") character in the jboss.qualified.host.name system property, or the entire value if there is no final period (".") character.</li>
<li>The value that follows the period (".") character in the HOSTNAME environment variable for POSIX-based operating systems, the COMPUTERNAME environment variable for Microsoft Windows, or the entire value if there is no final period (".") character.</li>
</ol><h4>This topic describes how set the name of the host in the configuration file, using either a system property or a hard-coded name.</h4><ol><li>Edit the host-master.xml or host-slave.xml located in configuration</li>
</ol><p>master</p><pre><code class="language-xml"># host name
<host xmlns="urn:jboss:domain:8.0" name="test-master">
</code></pre><p>slave</p><pre><code class="language-xml"># host name
<host xmlns="urn:jboss:domain:8.0" name="slave-node01">
#slave의 jboss.management.http.port port 변경 (one box)
<management-interfaces>
<http-interface security-realm="ManagementRealm">
<http-upgrade enabled="true"/>
<socket interface="management" port="${jboss.management.http.port:19990}"/>
</http-interface>
</management-interfaces>
</code></pre><ol start="2"><li>Check the host-master.xml Domain controller</li>
</ol><pre><code class="language-xml"> <domain-controller>
<local/>
</domain-controller>
</code></pre><ol start="3"><li>Edit the host-slave.xml</li>
</ol><pre><code class="language-xml"> <server-identities>
<secret value="YWRtaW4xMiMk" />
</server-identities>
</code></pre><h3>Start domain Windows</h3><p>master<br />
For example:</p><pre><code class="language-bat">F:\app\Redhat\JBoss7.2\bin\domain.bat -Djboss.domain.base.dir="F:\app\Redhat\JBoss7.2\master" -b=192.168.0.6 -bmanagement=192.168.0.6 --host-config=host-master.xml
</code></pre><p>slave<br />
For example:</p><pre><code class="language-bat"># none01
F:\app\Redhat\JBoss7.2\bin\domain.bat -Djboss.domain.base.dir="F:\app\Redhat\JBoss7.2\node01" -b=192.168.0.6 -bmanagement=192.168.0.6 --host-config=host-slave.xml --master-port=9990 --master-address=192.168.0.6 -Djboss.socket.binding.port-offset=1000
# none02
F:\app\Redhat\JBoss7.2\bin\domain.bat -Djboss.domain.base.dir="F:\app\Redhat\JBoss7.2\node02" -b=192.168.0.6 -bmanagement=192.168.0.6 --host-config=host-slave.xml --master-port=9990 --master-address=192.168.0.6 -Djboss.socket.binding.port-offset=2000
</code></pre><p>JBoss EAP 7.2 documentation <a href="https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html/getting_started_guide/reference_material#reference_of_switches_and_arguments_to_pass_at_server_runtime">Runtime Arguments</a></p><h3>구성 화면</h3><p><img src="https://drive.google.com/uc?export=view&id=1UcfURHnqKqeD1tzn9Tp_iV0TAMXNUCpD" alt="domain cosole"></p><h3>sample - A practical script for shutting start or stop a server</h3><p>options:</p><pre><code>/host=HOST_NAME/server-config=SERVER_NAME:stop
/host=HOST_NAME/server-config=SERVER_NAME:start
</code></pre><p>For example:</p><pre><code># stop
F:\app\Redhat\JBoss7.2\bin>jboss-cli.bat --connect controller=192.168.0.6:9990 /host=slave-node01/server-config=test01:stop
{
"outcome" => "success",
"result" => "STOPPING"
}
# start
F:\app\Redhat\JBoss7.2\bin>jboss-cli.bat --connect controller=192.168.0.6:9990 /host=slave-node01/server-config=test01:start
{
"outcome" => "success",
"result" => "STARTING"
}
</code></pre><br />
주주http://www.blogger.com/profile/03269026000143851146noreply@blogger.com0tag:blogger.com,1999:blog-252851285535116334.post-11213666322646713052020-01-16T19:25:00.006-08:002020-06-11T18:35:32.704-07:00Issue - JBoss 7.x 데이터 소스 연결 테스트 시 localhost 찾는 에러 해결 방안<h3>The following exception is raised when obtaining a connection from a non-XA Microsoft SQL Server datasource:</h3><h3><img src="https://drive.google.com/uc?export=view&id=1qoxLvNXHbLqKQd1PWFg2xfyMPMs-sRuJ" alt="redhat" width="20%"></h3><hr><p><strong>Test Environment</strong></p><ul><li>Test Version : JBoss EAP 7.2</li>
</ul><hr><h4>Issue</h4><blockquote><p>... Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The TCP/IP connection to the host localhost, port 1433 has failed. Error: "Connection refused. Verify the connection properties. Make sure that an instance of SQL Server is running on the host and accepting TCP/IP connections at the port. Make sure that TCP connections to the port are not blocked by a firewall."</p></blockquote><ul><li>When using a datasource-class, the connection-url property is ignored and no JDBC url is supplied, hence the exception.</li>
<li>non-XA pool 에서 datasource-class를 사용할 경우 connection-url property가 무시되어 해당 Exception 이 발생한다고합니다.</li>
</ul><h4>Resolution</h4><ul><li>standalone.xml 에 <datasource-class> 설정 라인 삭제 후 jboss 재기동</li>
</ul><pre><code>
<datasource jndi-name="java:/mssql" pool-name="mssqljdbc" statistics-enabled="true">
<connection-url>jdbc:sqlserver://127.0.0.1:1433;DatabaseName=ucpost</connection-url>
<driver-class>com.microsoft.sqlserver.jdbc.SQLServerDriver</driver-class>
<datasource-class>com.microsoft.sqlserver.jdbc.SQLServerDataSource</datasource-class> ==> 해당 부분 삭제
</code></pre><h4>cause</h4><blockquote><ul><li>The issue may be due to specification of a datasource-class when defining a non-XA pool.</li>
<li>The use of an implementation of javax.sql.DataSource requires significantly different configuration from the standard java.sql.Driver mechanism which is the default for JDBC 4 compliant drivers when creating non-XA connections.</li>
<li>When using a datasource-class, the connection-url property is ignored and no JDBC url is supplied, hence the exception.</li>
</ul></blockquote>주주http://www.blogger.com/profile/03269026000143851146noreply@blogger.com0tag:blogger.com,1999:blog-252851285535116334.post-73286365764234773282020-01-14T19:34:00.000-08:002020-04-07T06:54:01.564-07:00Issue - Webservice module crash error during JBoss migration<h2>Webservice module crash error during JBoss migration</h2><h3><img src="https://drive.google.com/uc?export=view&id=1qoxLvNXHbLqKQd1PWFg2xfyMPMs-sRuJ" alt="redhat" width="20%"></h3><hr><p><strong>Test Environment</strong></p><ul><li>Test OS : CentOS 7.2</li>
<li>Test Version : JBoss EAP 6.4</li>
<li>Test Version : JBoss EAP 7.2</li>
</ul><hr><h3>How to JBoss EAP 7.x WebService crash</h3><ul><li>제이보스 EOS에 따른 업그레이드 작업중 웹서비스 이용시 발생하는 충돌에 따른 대처 방안 입니다.</li>
</ul><h4>Issue</h4><ul><li>근본 이슈는 EAP7 버전의 cxf 버전과 애플리케이션 자체로 구현한 Spring-cxf 사이의 호환 이슈</li>
</ul><pre><code class="language-log">{"WFLYCTL0080: Failed services" => {"jboss.deployment.unit.\"sso.war\".PARSE" => "WFLYSRV0153: Failed to process phase PARSE of deployment \"sso.war\"
Caused by: org.jboss.as.server.deployment.DeploymentUnitProcessingException: WFLYWS0059: Apache CXF library (cxf-api-2.7.8.jar) detected in ws endpoint deployment; either provide a proper deployment replacing embedded libraries with container module dependencies or disable the webservices subsystem for the current deployment adding a proper jboss-deployment-structure.xml descriptor to it. The former approach is recommended, as the latter approach causes most of the webservices Java EE and any JBossWS specific functionality to be disabled."}}
</code></pre><h4>Resolution</h4><blockquote><p>EAP 7.x webserverice 비활성화를 통해 내부 Spring module 과 org.apache.cxf modules의 로딩을 위해서 애플리케이션 modules 내부적으로 dependency을 설정</p></blockquote><pre><code class="language-xml"><?xml version="1.0" encoding="UTF-8"?> <jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1.2">
<deployment>
<exclude-subsystems>
<subsystem name="webservices" />
<subsystem name="jaxrs" />
</exclude-subsystems>
<dependencies>
<module name="javax.xml.ws.api"/>
<module name="javax.jws.api"/>
</dependencies>
</deployment>
</jboss-deployment-structure>
</code></pre>주주http://www.blogger.com/profile/03269026000143851146noreply@blogger.com0tag:blogger.com,1999:blog-252851285535116334.post-76388057925066537642020-01-14T19:30:00.002-08:002020-04-07T06:53:10.614-07:00Issue - How to register with JBoss EAP 7.2 Windows Service <h3>How to register with JBoss EAP 7.2 Windows Service</h3><h3><img src="https://drive.google.com/uc?export=view&id=1qoxLvNXHbLqKQd1PWFg2xfyMPMs-sRuJ" alt="redhat" width="20%"></h3><hr><p><strong>Test Environment</strong></p><ul><li>Test OS : Windows NT</li>
<li>Test Version : JBoss EAP 7.2</li>
</ul><hr><h4>참고</h4><p>https://access.redhat.com/solutions/3015541</p><h4>사전 준비</h4><h4>사전 준비물 다운로드</h4><ul><li>Download JBoss EAP 7 release (either jar installer or zip installer) from Red Hat customer portal Software Downloads page.</li>
<li>Download any JBoss EAP 7.x.y cumulative patch that you want to install on top of EAP 7.x from this Patches page.</li>
<li>Download Apache Jsvc from this Apache Jsvc download page.</li>
</ul><h4>시스템 환경 변수 등록</h4><ul><li>Check article Supported Configurations and make sure supported / tested infrastructure (Windows OS, and Java versions, etc.) are used.<br />
As instructed in Installation Guide, JAVA_HOME and NOPAUSE=1 system environment variables need to be present.</li>
</ul><h4>서비스 등록 명령</h4><blockquote><p>service.bat install /name "JBoss7-Server01" /controller "localhost:9990" /config "standalone-ha.xml" /jbossuser "admin" /jbosspass "admin1@34" /logpath "E:\app\Redhat\waslog\testsvr01"</p></blockquote><p>** password 특수문자 인식이 안되는 경우 발생 **</p><p>같은 NT 장비에 추가적인 서버을 등록을 위해서는 아래와 같은 작업 수행<br />
서비스 등록전에 port-offset 값 standalone.xml 파일에서 수정 (bat에 넣어줄 경우 service.bat에서 인식이 제대로 안됨 )</p><pre><code class="language-conf"> <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:100}">
</code></pre><pre><code class="language-bat">rem jbcs-jsvc 파일 경로 수정 필요
set PRUNSRV=
if exist "%JBOSS_HOME%\..\test01-jbcs-jsvc-1.1\sbin\prunsrv.exe" (
set PRUNSRV="%JBOSS_HOME%\..\test01-jbcs-jsvc-1.1\sbin\prunsrv.exe"
) else if exist "%JBOSS_HOME%\bin\prunsrv.exe" (
set PRUNSRV="%JBOSS_HOME%\bin\prunsrv.exe"
) else (
echo Please install native utilities into expected location %JBOSS_HOME%\..\test01-jbcs-jsvc-1.1
goto cmdEnd
)
</code></pre><h4>서비스 추가 등록</h4><blockquote><p>service.bat install /name "JBoss7-Server02" /controller "localhost:10090" /config "standalone-ha.xml" /jbossuser "admin" /jbosspass "admin1@34" /logpath "E:\app\Redhat\waslog\testsvr02"</p></blockquote><h4>서비스 등록 해제</h4><blockquote><p>service.bat uninstall /name "JBoss7-Server11"</p></blockquote><br />
주주http://www.blogger.com/profile/03269026000143851146noreply@blogger.com0