Hi all,
thanks for the help!
> File and directory permissions too permissive, maybe?
the directory (and everything inside) is owned and writable by the "jetty" user only.
> Which user is jetty running as?
it is run as jetty on port 8080.
> What's in conf.n? (details please)
it is malware. The "file" command says it is data. Scanning it with online virus detection would say that it is some kind of backdoor malware.
> What do you have in your webapp? (be detailed)
it is an in-house developed webapp. I am going to replace it with a simple webapp to see if it is really the culprit.
> How do you start Jetty? (your command line *AND* your start.ini and
> start.d/ contents)
I start it with "sudo -u jetty /opt/jetty/bin/jetty.sh".
start.ini is:
etc/jetty.xml
etc/jetty-annotations.xml
etc/jetty-ssl.xml
etc/jetty-deploy.xml
etc/jetty-contexts.xml
no change has been made to those .xml files (except the SSL key and cert) and start.d contents.
> Do you customize anything in ${jetty.home}? (like lib or xml files)
no.
> Do you run elasticsearch on your machine?
no.