dhis2-devs team mailing list archive

[Bob Jolliffe <bobjolliffe@xxxxxxxxx>]

Hi Hannan

There is no circumstance that tomcat user should be running the sshd
command.  It could be this machine has been compromised.  Unless you have
some strange setup that you are logging in as tomcat user.

Please contact me directly if you want me to check.

Meanwhile you might want to have a look in /tmp directory and tomcat8 home
directory to see if there are any strange files there:

ls -ls /tmp

You might find that there is a rogue sshd program that has been installed
there.  Note that if you are running a very old war file your risk of
compromise is very high.

Bob

On 10 July 2017 at 05:09, Hannan Khan <hannank@xxxxxxxxx> wrote:

> Dear Experts
>
> I have an wired situation. one of our DHIS2 server running older war files
> (version 16), the OS was outdated and we have to upgrade the OS. After
> installing new OS Ubuntu 16.04 LTS all necessary component Java 8 and
> Tomcat 7 was installed by after running war file (version 16) after few
> minutes the tomcat7 is not operational as the processor use is 100%. there
> is only 1 user logged in and the application server using 2 processor and
> DB server is separate.
>
> After trying several times I remove tomcat7 and install tomcat 8 with same
> war file, but situation is same. I called it wired as the db size is quite
> small, user is only few and the listing showing SSHD command by tomcat8
> user is using 100% processor.
>
> Any idea about the under line reason? need urgent help. Thank you all in
> advance.
>
> Regards
>
> Muhammad Abdul Hannan Khan
> Team Leader
> Support to the National HMIS
> MIS, Director General of Health Service
> Ministry of Health and Family Welfare
>
> T +880-2- 58816459 <+880%202-58816459>, 58816412 ext 118
> F +88 02 58813 875
> M+88 01819 239 241
> M+88 01534 312 066
> E hannank@xxxxxxxxx
> S hannan.khan.dhaka
> B hannan-tech.blogspot.com
> L https://bd.linkedin.com/in/hannankhan
>
>
>
>