JDK TLS handshake error

The Eclipse PD team has identified JBoss running on RHEL 5.x with Java 7u131 may crash when the Solar Eclpse SSL interface (i.e Connection Pool, Session manager and etc..) is accessed from a browser.

This is an Oracle bug, and it is expected to be fixed with java 7u141 release.

The Work-around is to not use java 7u131. Do not install java update or downgrade to an older version if java 7u131 has already been installed.

To downgrade java to older version, 7u95:

yum downgrade java-1.7.0-openjdk-1.7.0.121-2.6.8.1.el5_11

To exclude java updates when manually installing the RHEL updates:

yum update --exclude=java-1.7.0-openjdk-1.7.0.131*

If your system is setup with RHEL automatic update you may temporarily disable it and run manual updates until a fix is available.

To disable RHEL auto update:

chkconfig yum-updatesd off
service yum-updatesd stop

Reference

How do I restore files from my rsync backup on Linux?

Log in as root to your server

To restore a single file (LEDGER) to a temporary directory (/esupport/restore):

mkdir -p /esupport/restore
rsync -av --progress --inplace --stats /mnt/nas/rsync/u2/backup-20170118.2200/eclipse/LEDGER /esupport/restore/

To restore an entire directory (/u2/eclipse) to it’s original location (/u2/eclipse) for a full system recovery:

Warning: As always, please exercise caution when performing system maintenance, especially when initiating processes that can potentially overwrite data.
rsync -av --progress --inplace --stats /mnt/nas/rsync/backup-20170118.2200/u2/eclipse/ /u2/eclipse/

Best practices for securing the Eclipse database server

  • Don’t allow direct access to the Linux server from the public Internet
  • Don’t use a weak root password
  • Disable root remote Login
  • Don’t allow Eclipse users to use blank passwords – Enforce Stronger Passwords
  • Disable Unwanted Services
  • Enable Firewall
  • Keep your system up-to-date by installing updates (e.g. operating system, software, and firmware updates) and rebooting on a monthly basis.
  • Monitor Server Logs Regularly

Badlock Security Alert

What is Badlock?
Please see this article from Red Hat for an overview of the vulnerability.

How can I test my system to see if I’m vulnerable?
Run this script:

curl -s http://kb.eclipseinc.com/files/badlock-test.sh | sh

It will generate a report similar to the following if your system is vulnerable:

WARNING: The installed version of samba server (4.2.3-12.el7_2) is vulnerable to BADLOCK and should be upgraded! It is also enabled and/or running. Please update the package and restart the service.
See https://access.redhat.com/articles/2243351 and https://access.redhat.com/security/vulnerabilities/badlock for more information.

How do I patch my system?
Install Red Hat updates. If you don’t want to install all of the updates, you can optionally install only the samba updates:

yum update samba*
service smb restart