tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kerry Hazelton <kerry.m.hazel...@gmail.com>
Subject Tomcat 7 antivirus exclusions, firewall exclusions?
Date Thu, 01 Jun 2017 14:47:21 GMT
All,



I am attempting to deploy a managed antivirus agent to two different
machines - one runs RHEL 7.3, kernel version 3.10.0-514; the other runs
Microsoft Windows 2012 R2 - and both are hosting web pages served up by
Apache Tomcat 7.0.78.  What I’d like to know is which processes/services,
files and/or directories need to be excluded from the antivirus scans to
avoid any potential CPU or memory utilization spikes (or worse, the AV
console falsely identifies a legit file as “malicious” and quarantines it).



I’d also like to know which specific TCP/UDP ports will need to be
whitelisted to permit inbound and outbound traffic from our web developer
workstations, since their VLAN is segregated from the rest of the network.
I already know which ports to open on the firewall to allow the antivirus
agents to talk back to the console; I just need to figure out the other
ports to open.



Before I go any further, I’d like to stress the following:



* I wasn’t the one who set up these servers; I was merely tasked with
getting the antivirus agents deployed on them.  The system administrator
who set these up doesn’t know which Linux processes, Windows services,
files or directories to exclude; as he left that up to me to figure out.

* I have already contacted the AV vendor's support team, and they have
indicated they have no documentation that specifically covers any version
of Apache Tomcat.

* The last search on Google I used was “Apache Tomcat 7.x antivirus
exclusions” and I didn’t see any results that were specific to my query.
Same with “Apache Tomcat 7.x firewall exclusions”.

* I looked through the Information Security group on Stack Exchange with
the same queries as above, and again I didn’t see anything promising nor
specific to my queries.

* I attempted to search the mailing list archives using the search terms
“antivirus exclusions” and “firewall permissions”; again, I didn’t see any
answers that were specific to my queries.

* Yes, I’m aware of the risks involved by excluding specific
processes/services, files and directories.  I have tried to convince the
management of these risks but to no avail.  They have agreed to accept
them, along with any consequences that may occur.



Any insight on this would be appreciated.  Thanks.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message