Impala security guidelines for a higher level of protection
Now let's take a look at the security guidelines for Impala, which could improve the security against malicious intruders, unauthorized access, accidents, and common mistakes. Here is the comprehensive list, which definitely can harden a cluster running Impala:
Impala specific guidelines
Make sure that the Hadoop ownership and permissions for Impala data files are restricted
Make sure that the Hadoop ownership and permissions for Impala audit logs files are restricted
Make sure that the Impala web UI is password protected
Enable authorization by executing impalad daemons with –server_name and -authorization_policy_file options on all nodes
When creating databases, tables, and views, using tables and other databases structures allow policy rules to specify simple and consistent rules
System specific guidelines
Create a policy file that specifies which Impala privileges are available to users in particular Hadoop groups
Make sure that the Kerberos authentication is enabled and working with Impala
Tighten the HDFS file ownership and permission mechanism
Keeping a long list of sudoers is definitely a big red flag. Keep the list of sudoers to a bare minimum to stop unauthorized and unwanted access
Secure the Hive metastore from unwanted and unauthorized access