Now let's take a look at the security guidelines for Impala, which could improve the security against malicious intruders, unauthorized access, accidents, and common mistakes. Here is the comprehensive list, which definitely can harden a cluster running Impala:
- Impala specific guidelines
- Make sure that the Hadoop ownership and permissions for Impala data files are restricted
- Make sure that the Hadoop ownership and permissions for Impala audit logs files are restricted
- Make sure that the Impala web UI is password protected
- Enable authorization by executing impalad daemons with
–server_nameand-authorization_policy_fileoptions on all nodes - When creating databases, tables, and views, using tables and other databases structures allow policy rules to specify simple and consistent rules
- System specific guidelines
- Create a policy file that specifies which Impala privileges are available to users in particular Hadoop groups
- Make sure that the Kerberos authentication is enabled and working with Impala
- Tighten the HDFS file ownership and permission mechanism
- Keeping a long list of sudoers is definitely a big red flag. Keep the list of sudoers to a bare minimum to stop unauthorized and unwanted access
- Secure the Hive metastore from unwanted and unauthorized access
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.