ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bo...@apache.org
Subject svn commit: r1628612 [3/6] - in /incubator/argus/site/trunk: ./ arguslogo/ css/ images/ images/logos/ images/profiles/ img/ js/
Date Wed, 01 Oct 2014 06:40:33 GMT
Added: incubator/argus/site/trunk/ch_XA-install.html
URL: http://svn.apache.org/viewvc/incubator/argus/site/trunk/ch_XA-install.html?rev=1628612&view=auto
==============================================================================
--- incubator/argus/site/trunk/ch_XA-install.html (added)
+++ incubator/argus/site/trunk/ch_XA-install.html Wed Oct  1 06:40:31 2014
@@ -0,0 +1,1043 @@
+<!DOCTYPE html>
+<!--
+ | Generated by Apache Maven Doxia 
+ | Rendered using Apache Maven Fluido Skin 1.3.1
+-->
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta name="Date-Revision-yyyymmdd" content="20140930" />
+    <meta http-equiv="Content-Language" content="en" />
+    <title>Apache Argus - </title>
+    <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.1.min.css" />
+    <link rel="stylesheet" href="./css/site.css" />
+    <link rel="stylesheet" href="./css/print.css" media="print" />
+
+      
+    <script type="text/javascript" src="./js/apache-maven-fluido-1.3.1.min.js"></script>
+
+    
+                  </head>
+        <body class="topBarDisabled">
+          
+                
+                    
+    
+        <div class="container-fluid">
+          <div id="banner">
+        <div class="pull-left">
+                                                          <a href="./" id="bannerLeft">
+                                                                                                <img src="arguslogo/slide1.png"  alt="Argus logo" width="400px" height="200px"/>
+                </a>
+                      </div>
+        <div class="pull-right">              <div id="bannerRight">
+                                                                                                <img src="" />
+                </div>
+      </div>
+        <div class="clear"><hr/></div>
+      </div>
+
+      <div id="breadcrumbs">
+        <ul class="breadcrumb">
+                
+                    
+                  <li id="publishDate">Last Published: 2014-09-30
+                      <span class="divider">|</span>
+                   </li>
+                  <li id="projectVersion">Version: 0.4
+                      </li>
+                      
+                
+                    
+      
+                            </ul>
+      </div>
+
+            
+      <div class="row-fluid">
+        <div id="leftColumn" class="span3">
+          <div class="well sidebar-nav">
+                
+                    
+                <ul class="nav nav-list">
+                    <li class="nav-header">Overview</li>
+                              
+      <li>
+  
+                          <a href="index.html" title="Introduction">
+          <i class="none"></i>
+        Introduction</a>
+            </li>
+                
+      <li>
+  
+                          <a href="faq.html" title="FAQ">
+          <i class="none"></i>
+        FAQ</a>
+            </li>
+                              <li class="nav-header">Resources</li>
+                              
+      <li>
+  
+                          <a href="wiki.html" title="Wiki">
+          <i class="none"></i>
+        Wiki</a>
+            </li>
+                
+      <li>
+  
+                          <a href="http://www.apache.org/licenses/" class="externalLink" title="License">
+          <i class="none"></i>
+        License</a>
+            </li>
+                              <li class="nav-header">Project Information</li>
+                              
+      <li>
+  
+                          <a href="project-summary.html" title="Project Summary">
+          <i class="none"></i>
+        Project Summary</a>
+            </li>
+                
+      <li>
+  
+                          <a href="mail-lists.html" title="Mailing Lists">
+          <i class="none"></i>
+        Mailing Lists</a>
+            </li>
+                
+      <li>
+  
+                          <a href="team-list.html" title="Team">
+          <i class="none"></i>
+        Team</a>
+            </li>
+            </ul>
+                
+                    
+                
+          <hr />
+
+           <div id="poweredBy">
+                            <div class="clear"></div>
+                   
+        
+        
+        
+    <iframe src="http://www.facebook.com/plugins/like.php?href=http://argus.incubator.apache.org/&send=false&layout=box_count&show-faces=false&action=like&colorscheme=light"
+        scrolling="no" frameborder="0"
+        style="border:none; width:48px; height:63px; margin-top: 10px;" ></iframe>
+               <div class="clear"></div>
+               
+        
+        
+        <div id="twitter">
+    
+    <a href="https://twitter.com/apacheargus" class="twitter-follow-button" data-show-count="true" data-align="left" data-size="medium" data-show-screen-name="true" data-lang="en">Follow apacheargus</a>
+    <script type="text/javascript">!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
+
+        </div>
+                   <div class="clear"></div>
+                            <div class="clear"></div>
+                                                                                                                   <a href="http://maven.apache.org/" title="Maven" class="builtBy">
+        <img class="builtBy"  alt="Maven" src="http://maven.apache.org/images/logos/maven-feather.png"    />
+      </a>
+                      </div>
+          </div>
+        </div>
+        
+                
+        <div id="bodyColumn"  class="span9" >
+                                  
+            
+    Install the Argus
+            Administration Server
+    <p>Install the Argus
+            Administration on a Linux Server with at
+        least 2 GB memory available for the Argus
+            Administration web application. You can
+        install the Argus
+            Administration on a shared web application
+        host. When in a test environment, you can also install the
+        server on a node within the Hadoop cluster, such as the
+        NameNode. </p>
+    
+        Configure SSL after deploying the server and agents
+            using the instructions in <link xlink:href="http://dev.hortonworks.com.s3.amazonaws.com/HDPDocuments/HDP2/HDP-2-trunk/bk_HDPSecure_Admin/content/ch_ssl_setup-server.html">Configure SSL for Web UI and Server/Agent
+                Communications</link>. 
+    
+    
+<div class="section">
+<h2><a name="null"></a></h2>
+        
+        
+        Before installing, ensure that you have met the
+            following prerequisites::
+        
+            
+                Hardware meets the minimum requirements, see
+                        <link linkend="ch_XA-install-sysreq">System
+                        Requirements</link>
+            
+            
+                Oracle Java JDK 7 is installed, see <link linkend="ch_XA-install-softreq">Software
+                        Requirements</link>
+            
+            
+                MySQL Server and the root
+                    account credentials (that is the &#x2018;root&#x2019;@&#x2019;%&#x2019; user
+                    id and password), see <link linkend="ch_XA-install-dbreq">Database
+                        Requirements</link>
+            
+            
+                Root access to the hosts where you will be
+                    installing Argus
+                        Administration and/or the
+                    agents
+            
+            
+                Download the JBDC driver for MySQL
+            
+        
+        
+<div class="section">
+<h2><a name="null"></a></h2>
+            
+            Install the Argus
+                    Administration server on a Linux
+                Server that has the following:
+            
+                
+                    Linux Host with at least 2 GB memory
+                        available for Argus
+                            Administration Web
+                        application
+                
+                
+                    Operating System: CentOS/RedHat, Ubuntu, or
+                        SuSe
+                
+                
+                    2 GB of memory
+                
+                
+                    10 GB disk space for HDP
+                            Security Administration
+                        logs
+                
+                
+                    Hadoop cluster (HDP) 2.1 or higher
+                
+            
+            
+                You can use a shared host for the
+                        Argus
+                        Administration server.
+            
+        </div>
+        
+<div class="section">
+<h2><a name="null"></a></h2>
+            
+            The Argus
+                    Administration server requires:
+                    
+                        MySQL Server (hosted on the same system)
+                            or MySQL Client installed on the
+                                Argus
+                                Administration
+                            host.
+                    
+                    
+                        Oracle Java JDK version 7.x
+                    
+                    
+                        MySQL connector (JDBC driver)
+                    
+                
+            The Security Agents require:
+                    
+                        MySQL connector (JDBC driver)
+                    
+                
+        </div>
+        
+<div class="section">
+<h2><a name="null"></a></h2>
+            
+            The Argus
+                    Administration supports MySQL Server
+                to store Policy, Auditing, and User data. 
+            Installing Argus
+                    Administration requires the MySQL
+                server hostname and root account credentials. The
+                    Argus
+                    Administration installation script
+                creates the database and the db user automatically
+                using the information you specify in the properties
+                file. 
+            After the installation of Argus
+                    Administration server, the MySQL
+                database administrator must grant permission to the
+                database user to access and write remotely from the
+                NameNode, HiveServer2, and HBase Regional Servers
+                hosts.
+            <!-- <para>To install MySQL Server on
+            CentOS/Redhat:<programlisting>yum install mysql-server</programlisting></para>
+        <para>To install MySQL Client on
+            CentOS/Redhat:<programlisting>yum install mysql-client</programlisting></para> -->
+        </div>
+    </div>
+    
+<div class="section">
+<h2><a name="null"></a></h2>
+        
+        During the installation process, you will set up the
+            authentication method for to the Argus
+            Administration Web UI. The Web UI supports the following
+            authentication methods:
+                
+                    Local Argus
+                            Administration Web UI user
+                            database: Users and their
+                        credentials are stored in the Argus
+                        Administration database, and managed manually
+                        in the interface. 
+                
+                
+                    External
+                            LDAP (supported services are
+                        OpenLDAP or AD): Users authenticate against an
+                        external LDAP service and their permission is
+                        determined by their group membership. Requires
+                        configuration during installation of the HDP
+                        Security Administration tools.
+                
+                
+                    External Unix
+                            Server: Users authenticate
+                        against an external Unix system using their
+                        credentials for that remote Unix system.
+                        Typically this is a server within the Hadoop
+                        cluster. This also requires configuration
+                        during both the installation of the HDP
+                        Security Administration tools and the
+                        installation of the Users and Groups
+                        Synchronizer Agent on the remote Unix
+                        System.
+                
+            
+    </div>
+    
+<div class="section">
+<h2><a name="null"></a></h2>
+        
+        
+        Install the Argus
+                Administration server on a Linux host
+            with at least 2 GB memory available for the Web
+            application and at least 10 GB of diskspace for
+                Argus Administration
+            logs. 
+        
+            You can install the Argus
+                    Administration on a shared web
+                application host. Before installing ensure that the
+                following prerequisites have been met, see <link linkend="ch_XA-install-prereq">Prerequisites</link>.
+        
+        
+<div class="section">
+<h2><a name="null"></a></h2>
+            
+            Perform the following steps on the HDP
+                    Security Administration host.
+                    
+                        Log on to the host as
+                                root. 
+                    
+                    
+                        Copy the installation file and extract
+                            as follows:
+                                
+                                   Create a temporary directory,
+                                   such as
+                                   /tmp/xasecure:mkdir /tmp/xasecure
+                                
+                                
+                                   Move the installation package
+                                   to the temporary directory. 
+                                
+                                
+                                   Move the MySQL Connector Jar
+                                   file to the temporary directory.
+                                   Download the JAR from <link xlink:href="http://www.mysql.com/products/connector/" xlink:show="new">here</link>.
+                                
+                                
+                                   Extract the
+                                   contents:tar xvf $xasecureinstallation.tar
+                                
+                                
+                                   Go to the directory where you
+                                   extracted the installation
+                                   files:cd /tmp/xasecure/xasecure-$name-$build-version
+                                
+                            
+                    
+                    
+                        Open the
+                                install.properties
+                            file for editing.
+                    
+                    
+                        Define the parameters for the MySQL
+                            database setup:
+                        
+<table border="0" class="table table-striped" frame="all">
+                            
+                            
+                                
+                                
+                                
+                                <thead>
+                                   
+                                   Parameter
+                                   Value
+                                   Description
+                                   
+                                </thead>
+                                <tbody>
+                                   
+                                   MYSQL_BIN
+                                   mysql
+                                   Specify the command to
+                                   invoke MySQL. For example,
+                                   mysql. This
+                                   command is used by the script to
+                                   invoke MySQL and connect to the
+                                   database server.
+                                   
+                                   
+                                   MYSQL_CONNECTOR_JAR
+                                   $path-to-mysql-connector
+                                   Specify the absolute path on
+                                   the local host to the JDBC driver
+                                   for MySQL including filename.
+                                   Download the JAR from <link xlink:href="http://www.mysql.com/products/connector/" xlink:show="new">here</link>.
+                                    For example,
+                                   /tmp/xasecure/mysql-connector-java.jar
+                                   
+                                   
+                                   db_root_password
+                                   $root-password
+                                   The password for the root
+                                   MySQL account. Used by the
+                                   installation script to create the
+                                   HDP SA database and database
+                                   user.
+                                   
+                                   
+                                   db_host
+                                   $mysql-host
+                                   Host name of the system
+                                   running MySQL server.
+                                   
+                                   
+                                   db_user
+                                   $xadbuser
+                                   Specify a name for the user
+                                   account that the installer creates
+                                   and is then used to write to the
+                                   database.
+                                   
+                                   
+                                   db_name
+                                   $dbname
+                                   Specify a name for the
+                                   database that Installer creates
+                                   during installation.
+                                   
+                                   
+                                   db_password
+                                   $dbpassword
+                                   Specify a password for the
+                                   $xadbuser
+                                   account created by the installer
+                                   during installation.
+                                   
+                                   
+                                   audit_db_name
+                                   $auditdb
+                                   Specify a name for the audit
+                                   database created by the installer
+                                   during installation.
+                                   
+                                   
+                                   audit_db_user
+                                   $auditdbuser
+                                   Specify a name for the audit
+                                   database account created by the
+                                   installer during
+                                   installation.
+                                   
+                                   
+                                   audit_db_password
+                                   $auditdbupw
+                                   Specify the password for the
+                                   audit database account that the
+                                   installer sets during
+                                   installation.
+                                   
+                                </tbody>
+                            
+                        </table>
+                        During installation, the script logs
+                            into the database, creates the HDP
+                            Security database named in the properties
+                            file, adds the user specified, and loads
+                            the MySQL tables. 
+                        
+                            DO NOT create the Argus
+                                database beforehand. If the database
+                                you specify already exists the HDP
+                                Security Administration tables are not
+                                added.
+                        
+                    
+                    
+                        Define the Argus Administration
+                            Server URL, which is used Security Agents
+                            and users accessing the interface for
+                            Policies and Auditing:
+<table border="0" class="table table-striped" frame="all">
+                                
+                                
+                                   
+                                   
+                                   
+                                   <thead>
+                                   
+                                   Parameter
+                                   Value
+                                   Description
+                                   
+                                   </thead>
+                                   <tbody>
+                                   
+                                   policymgr_external_url
+                                   $url
+                                   Specify the full URL to
+                                   access the HDP
+                                   Security
+                                   Administration Web
+                                   UI. For example,
+                                   http://pm-host:6080.
+                                   
+                                   
+                                   policymgr_http_enabled
+                                   $true-or-false
+                                   Specify
+                                   true to allow
+                                   access to the HDP
+                                   Security
+                                   Administration
+                                   Interface on HTTP or specify
+                                   false to only
+                                   allow HTTPS access to the
+                                   interface. 
+                                   
+                                   </tbody>
+                                
+                            </table>
+                    
+                    
+                        In the JAVA_HOME
+                            parameter specify the path to the
+                            directory that contains the Java bin, for
+                            example:#------------------------- JAVA CONFIG - BEGIN ----------------------------------
+
+#
+# Java Home path
+# 
+JAVA_HOME='/usr/lib/jvm/jre-1.7.0-openjdk.x86_64'
+
+#------------------------- JAVA CONFIG - END ----------------------------------
+
+                    
+                    
+                        Use the following parameters and values
+                            in all configurations:
+<table border="0" class="table table-striped" frame="all">
+                                
+                                
+                                   
+                                   
+                                   
+                                   <thead>
+                                   
+                                   Parameter
+                                   Value
+                                   Description
+                                   
+                                   </thead>
+                                   <tbody>
+                                   
+                                   unix_user
+                                   xasecure
+                                   Parameter and value required
+                                   in all configurations.
+                                   
+                                   
+                                   unix_group
+                                   xasecure
+                                   Parameter and value required
+                                   in all configurations.
+                                   
+                                   </tbody>
+                                
+                            </table>
+                    
+                    
+                        Use one of the following sets of
+                            parameters to define the Authentication
+                            for the Argus Administration Web UI:
+                                
+                                   Web UI administrators that
+                                   are manually defined in the HDP
+                                   Security Administration Web
+                                   UI:
+                                   
+<table border="0" class="table table-striped" frame="all">
+                                   
+                                   
+                                   
+                                   
+                                   
+                                   <thead>
+                                   
+                                   Parameter
+                                   Value
+                                   Description
+                                   
+                                   </thead>
+                                   <tbody>
+                                   
+                                   remoteLoginEnabled
+                                   false
+                                   Specify
+                                   false to manage
+                                   users in the Argus
+                                   Administration Web UI.
+                                   
+                                   </tbody>
+                                   
+                                   </table>
+                                
+                                
+                                   Web UI administrators
+                                   authenticated against an external
+                                   Unix Server:
+                                   
+<table border="0" class="table table-striped" frame="all">
+                                   
+                                   
+                                   
+                                   
+                                   
+                                   <thead>
+                                   
+                                   Parameter
+                                   Value
+                                   Description
+                                   
+                                   </thead>
+                                   <tbody>
+                                   
+                                   authentication_method
+                                   UNIX
+                                   Specify
+                                   UNIX to allow
+                                   users to sign in to the HDP
+                                   Security Administration Web UI
+                                   using their credentials from an
+                                   external Unix Server.
+                                   
+                                   
+                                   remoteLoginEnabled
+                                   true
+                                   Specify
+                                   true to enabled
+                                   remote login.
+                                   
+                                   
+                                   authServiceHostName
+                                   $usersync-hostname
+                                   Specify the remote Unix host name
+                                   Requires installation of the
+                                   UX-UserGroup Synchronizer.
+                                   
+                                   
+                                   
+                                   authServicePort
+                                   $port
+                                   Listening port of the Unix
+                                   host where the UX-UserGroup
+                                   Synchronizer will be installed, the
+                                   default port is
+                                   5151.
+                                   
+                                   </tbody>
+                                   
+                                   </table>
+                                   
+                                   Requires installation of the
+                                   User and Group Synchronizer Agent
+                                   on the remote Unix Server.
+                                   
+                                   The following is an example
+                                   allowing HDP Sandbox users to
+                                   access Argus Administration
+                                   Web UI:
+                                   # ------- UNIX User CONFIG ----------------
+#
+unix_user=xasecure
+unix_group=xasecure
+
+#
+# ------- UNIX User CONFIG  - END ----------------
+#
+
+#
+# UNIX authentication service for Policy Manager
+#
+# PolicyManager can authenticate using UNIX username/password
+# The UNIX server specified here as authServiceHostName needs to be installed with xasecure-unix-ugsync package.
+# Once the service is installed on authServiceHostName, the UNIX username/password from the host &lt;authServiceHostName&gt; can be used to login into policy manager
+#
+# ** The installation of xasecure-unix-ugsync package can be installed after the policymanager installation is finished.
+#
+#LDAP|ACTIVE_DIRECTORY|UNIX|NONE
+authentication_method=UNIX
+remoteLoginEnabled=true
+authServiceHostName=sandbox
+authServicePort=5151
+                                
+                                
+                                   Web UI administrators
+                                   authenticated against an external
+                                   LDAP (either OpenLDAP or Active
+                                   Directory service):
+                                   
+<table border="0" class="table table-striped" frame="all">
+                                   
+                                   
+                                   
+                                   
+                                   
+                                   <thead>
+                                   
+                                   Parameter
+                                   Value
+                                   Description
+                                   
+                                   </thead>
+                                   <tbody>
+                                   
+                                   authentication_method
+                                   LDAP
+                                   Specify
+                                   LDAP to allow
+                                   users to sign in to the HDP
+                                   Security Administration Web UI
+                                   using their credentials from an
+                                   external LDAP service.
+                                   
+                                   
+                                   remoteLoginEnabled
+                                   true
+                                   Specify
+                                   true to enabled
+                                   remote login.
+                                   
+                                   
+                                   authServiceHostName
+                                   $usersync-hostname
+                                   Specify the LDAP service
+                                   host name or IP address.
+                                   Requires installation of the
+                                   UX-UserGroup Synchronizer.
+                                   
+                                   
+                                   
+                                   authServicePort
+                                   $port
+                                   Listening port of the LDAP
+                                   service, default port is
+                                   389.
+                                   
+                                   </tbody>
+                                   
+                                   </table>
+                                   The following is an example
+                                   of the configuration parameters for
+                                   OpenLDAP installed on HDP
+                                   Sandbox:# ------- UNIX User CONFIG ----------------
+#
+unix_user=xasecure
+unix_group=xasecure
+
+#
+# ------- UNIX User CONFIG  - END ----------------
+#
+
+#
+# UNIX authentication service for Policy Manager
+#
+# PolicyManager can authenticate using UNIX username/password
+# The UNIX server specified here as authServiceHostName needs to be installed with xasecure-unix-ugsync package.
+# Once the service is installed on authServiceHostName, the UNIX username/password from the host &lt;authServiceHostName&gt; can be used to login into policy manager
+#
+# ** The installation of xasecure-unix-ugsync package can be installed after the policymanager installation is finished.
+#
+#LDAP|ACTIVE_DIRECTORY|UNIX|NONE
+authentication_method=LDAP
+remoteLoginEnabled=true
+authServiceHostName=sandbox
+authServicePort=389
+                                
+                            
+                        <!-- <para>Saving TABLE FROM PRE-LDAP<table frame="all"><title>Argus Administration Server URL</title><tgroup cols="3"><colspec colname="c1" colnum="1" colwidth="1.0*"/><colspec colname="c2" colnum="2" colwidth="1.0*"/><colspec colname="c3" colnum="3" colwidth="1.0*"/><thead><row><entry>Parameter</entry><entry>Value</entry><entry>Description</entry></row></thead><tbody><row><entry><parameter>MYSQL_BIN</parameter></entry><entry>mysql</entry><entry>The command to invoke MySQL. For example, <literal>mysql</literal>.</entry></row><row><entry><parameter>MYSQL_CONNECTOR_JAR</parameter></entry><entry><replaceable>$path-to-mysql-connector</replaceable></entry><entry>Absolute path on the local host to the JDBC driver for mysql including filename.<footnote><para>Download the JAR from <link xlink:href="http://www.mysql.com/products/connector/" xlink:show="new">here</link>.</para></footnote> For example, <filename>/tmp/xasecure/mysql-connector-java.jar</filename></entry>
 </row><row><entry><parameter>db_root_password</parameter></entry><entry><replaceable>$root-password</replaceable></entry><entry>The password for the root MySQL account. Used by the installation script to create the XASecure PM database and database user.</entry></row><row><entry><parameter>db_host</parameter></entry><entry><replaceable>$mysql-host</replaceable></entry><entry>Host name of the system running MySQL server.</entry></row><row><entry><parameter>db_user</parameter></entry><entry><replaceable>$xadbuser</replaceable></entry><entry>Specify a name for the user account that the installer creates and is then used to write to the database.</entry></row><row><entry><parameter>db_name</parameter></entry><entry><replaceable>$dbname</replaceable></entry><entry>Specify a name for the <productname>XASecure</productname> database that XASecure Installer creates during installation.</entry></row><row><entry><parameter>db_password</parameter></entry><entry><replaceable>$dbpassword</replac
 eable></entry><entry>Specify a password for the <replaceable>$xadbuser</replaceable> account created by the XASecure installer during installation.</entry></row><row><entry><parameter>audit_db_name</parameter></entry><entry><replaceable>$auditdb</replaceable></entry><entry>Specify a name for the audit database created by the XASecure installer during installation.</entry></row><row><entry><parameter>audit_db_user</parameter></entry><entry><replaceable>$auditdbuser</replaceable></entry><entry>Specify a name for the audit database account created by the installer during installation.</entry></row><row><entry><parameter>audit_db_password</parameter></entry><entry><replaceable>$auditdbupw</replaceable></entry><entry>Specify the password for the audit database account that the installer sets during installation.</entry></row><row><entry><parameter>policymgr_external_url</parameter></entry><entry><replaceable>$url</replaceable></entry><entry>Specify the full URL to access the <productname
 >Argus Administration</productname> Web UI. For example, <literal>http://pm-host:6080</literal>.</entry></row><row><entry><parameter>policymgr_http_enabled</parameter></entry><entry><replaceable>$true-or-false</replaceable></entry><entry>Specify <literal>true</literal> to allow access to the <productname>Argus Administration</productname> Interface on HTTP or specify <literal>false</literal> to only allow HTTPS access to the interface. </entry></row><row><entry><parameter>remoteLoginEnabled</parameter></entry><entry><replaceable>$true-or-false</replaceable></entry><entry>Specify <literal>true</literal> to allow users to sign in with their Unix<footnote><para>This requires installation of the User and Groups Synchronizer Agent.</para></footnote> or LDAP credentials. </entry></row><row><entry><parameter>authServiceHostName</parameter></entry><entry><replaceable>$usersync-hostname</replaceable></entry><entry>Specify the remote Unix host when <parameter>remoteLoginEnabled</parameter> is
  set to true.<footnote><para>Requires installation of the UX-UserGroup Synchronizer.</para></footnote></entry></row><row><entry><parameter>authServicePort</parameter></entry><entry><replaceable>$port</replaceable></entry><entry>Listening port of the UX-UserGroup Synchronizer.</entry></row></tbody></tgroup></table></para> -->
+                    
+                    
+                        Save the
+                                install.properties
+                            file.
+                    
+                
+            The following example shows the HDP
+                    Security Administration server
+                    install.properties for a
+                system that does not allow remote login of Web UI
+                administrators:
+            #
+# This file provides list of deployment variables for the Policy Manager Web Application 
+#
+#------------------------- MYSQL CONFIG - BEGIN ----------------------------------
+
+#
+# The executable path to be used to invoke command-line MYSQL 
+#
+MYSQL_BIN='mysql'
+
+#
+# Location of mysql client library (please check the location of the jar file)
+#
+MYSQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+
+#
+# MYSQL password for the MYSQL root user-id
+# **************************************************************************
+# ** If the password is left empty or not-defined here, 
+# ** it will be prompted to enter the password during installation process 
+# **************************************************************************
+#
+
+db_root_password=hadoop
+db_host=localhost
+
+#
+# MySQL UserId used for the XASecure schema
+# 
+db_name=xasecure
+db_user=xaadmin
+db_password=hadoop
+
+#
+# MySQL UserId for storing auditlog infromation
+# 
+# * audit_db can be same as the XASecure schema db
+# * audit_db must exists in the same ${db_host} as xaserver database ${db_name} 
+# * audit_user must be a different user than db_user (as audit user has access to only audit tables)
+#
+audit_db_name=xasecure
+audit_db_user=xalogger
+audit_db_password=hadoop
+
+#------------------------- MYSQL CONFIG - END ----------------------------------
+
+#
+# ------- PolicyManager CONFIG ----------------
+#
+
+policymgr_external_url=http://localhost:6080
+policymgr_http_enabled=true
+
+#
+# ------- PolicyManager CONFIG - END ---------------
+#
+
+
+#
+# UNIX authentication service for Policy Manager
+#
+# PolicyManager can authenticate using UNIX username/password
+# The UNIX server specified here as authServiceHostName needs to be installed with xasecure-unix-ugsync package.
+# Once the service is installed on authServiceHostName, the UNIX username/password from the host &lt;authServiceHostName&gt; can be used to login into Policy Manager
+#
+# ** The installation of xasecure-unix-ugsync package can be installed after the policymanager installation is finished.
+#
+
+remoteLoginEnabled=false
+authServiceHostName=
+authServicePort=
+
+#
+# -----------------------------------------------------------
+#
+
+# ######  DO NOT MODIFY ANY VARIABLES BELOW #########################
+#
+# --- These deployment variables are not to be modified unless you understand the full impact of the changes
+#
+###################################################
+
+app_home=$PWD/app
+war_file=${PWD}/war/xa_portal.war
+TMPFILE=$PWD/.fi_tmp
+LOGFILE=$PWD/logfile
+LOGFILES=&quot;$LOGFILE&quot;
+
+JAVA_BIN='java'
+JAVA_VERSION_REQUIRED='1.7'
+JAVA_ORACLE='Java(TM) SE Runtime Environment'
+
+db_create_user_file=${PWD}/db/create_dev_user.sql
+db_core_file=${PWD}/db/xa_core_db.sql
+db_assert_file=${PWD}/db/reset_asset.sql
+        </div>
+        
+<div class="section">
+<h2><a name="null"></a></h2>
+            
+            After configuring the
+                    install.properties file,
+                install the Argus
+                    Administration server as
+                    root:
+                    
+                        Log on to the Linux system as root and
+                            go to the directory where you extracted
+                            the Argus
+                                Administration
+                            installation
+                            files:cd /tmp/xasecure/xasecure-policymgr-$build-version
+                    
+                    
+                        Run the installation
+                            script:# ./install.sh
+                    
+                
+            Once the install.sh execution
+                is complete, the Argus
+                    Administration Web UI is accessible. 
+            Using a web browser, go to the HDP
+                    Security Administration application
+                at
+                        http://$policymgr_host:6080.
+                If this is the first installation, sign in with the
+                default account,
+                    admin\admin. 
+            
+                Change the admin user account
+                    password as soon as possible.
+            
+        </div>
+    </div>
+    
+<div class="section">
+<h2><a name="null"></a></h2>
+        
+        
+        The Argus
+                Administration Interface default port is
+                6080. 
+        To sign in and change the password:
+                
+                    Open a browser and type
+                            http://policymgr-host:6080
+                        in the address bar.
+                    The log in screen displays.
+                    
+                            
+                                
+                            
+                        
+                
+                
+                    Enter the default account credentials. In
+                        the first field enter admin
+                        and in the second field
+                            admin.
+                
+                
+                    Click Sign
+                        In.
+                    The Argus
+                            Administration Web UI Home
+                        page displays.
+                
+                
+                    In the upper right corner, click
+                            admin &gt;
+                            Profile.
+                    The Basic Info tab displays.
+                    
+                            
+                                
+                            
+                        
+                    
+                        Information on the admin profile cannot
+                            be changed.
+                    
+                
+                
+                    Go the Password
+                        tab, type the old password and the new one to
+                        change the password. 
+                    
+                            
+                                
+                            
+                        
+                
+                
+                    Click
+                        Save.
+                
+            
+        Log out and then back in using the new password.
+    </div>
+
+                  </div>
+            </div>
+          </div>
+
+    <hr/>
+
+    <footer>
+            <div class="container-fluid">
+                      <div class="row-fluid">
+                              <p >Copyright &copy;                    2014
+                        <a href="http://www.apache.org/">Apache Software Foundation</a>.
+            All rights reserved.      
+                    
+      </p>
+        </div>
+
+        
+        
+                </div>
+    </footer>
+        </body>
+</html>

Added: incubator/argus/site/trunk/ch_XA-policies.html
URL: http://svn.apache.org/viewvc/incubator/argus/site/trunk/ch_XA-policies.html?rev=1628612&view=auto
==============================================================================
--- incubator/argus/site/trunk/ch_XA-policies.html (added)
+++ incubator/argus/site/trunk/ch_XA-policies.html Wed Oct  1 06:40:31 2014
@@ -0,0 +1,386 @@
+<!DOCTYPE html>
+<!--
+ | Generated by Apache Maven Doxia 
+ | Rendered using Apache Maven Fluido Skin 1.3.1
+-->
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta name="Date-Revision-yyyymmdd" content="20140930" />
+    <meta http-equiv="Content-Language" content="en" />
+    <title>Apache Argus - </title>
+    <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.1.min.css" />
+    <link rel="stylesheet" href="./css/site.css" />
+    <link rel="stylesheet" href="./css/print.css" media="print" />
+
+      
+    <script type="text/javascript" src="./js/apache-maven-fluido-1.3.1.min.js"></script>
+
+    
+                  </head>
+        <body class="topBarDisabled">
+          
+                
+                    
+    
+        <div class="container-fluid">
+          <div id="banner">
+        <div class="pull-left">
+                                                          <a href="./" id="bannerLeft">
+                                                                                                <img src="arguslogo/slide1.png"  alt="Argus logo" width="400px" height="200px"/>
+                </a>
+                      </div>
+        <div class="pull-right">              <div id="bannerRight">
+                                                                                                <img src="" />
+                </div>
+      </div>
+        <div class="clear"><hr/></div>
+      </div>
+
+      <div id="breadcrumbs">
+        <ul class="breadcrumb">
+                
+                    
+                  <li id="publishDate">Last Published: 2014-09-30
+                      <span class="divider">|</span>
+                   </li>
+                  <li id="projectVersion">Version: 0.4
+                      </li>
+                      
+                
+                    
+      
+                            </ul>
+      </div>
+
+            
+      <div class="row-fluid">
+        <div id="leftColumn" class="span3">
+          <div class="well sidebar-nav">
+                
+                    
+                <ul class="nav nav-list">
+                    <li class="nav-header">Overview</li>
+                              
+      <li>
+  
+                          <a href="index.html" title="Introduction">
+          <i class="none"></i>
+        Introduction</a>
+            </li>
+                
+      <li>
+  
+                          <a href="faq.html" title="FAQ">
+          <i class="none"></i>
+        FAQ</a>
+            </li>
+                              <li class="nav-header">Resources</li>
+                              
+      <li>
+  
+                          <a href="wiki.html" title="Wiki">
+          <i class="none"></i>
+        Wiki</a>
+            </li>
+                
+      <li>
+  
+                          <a href="http://www.apache.org/licenses/" class="externalLink" title="License">
+          <i class="none"></i>
+        License</a>
+            </li>
+                              <li class="nav-header">Project Information</li>
+                              
+      <li>
+  
+                          <a href="project-summary.html" title="Project Summary">
+          <i class="none"></i>
+        Project Summary</a>
+            </li>
+                
+      <li>
+  
+                          <a href="mail-lists.html" title="Mailing Lists">
+          <i class="none"></i>
+        Mailing Lists</a>
+            </li>
+                
+      <li>
+  
+                          <a href="team-list.html" title="Team">
+          <i class="none"></i>
+        Team</a>
+            </li>
+            </ul>
+                
+                    
+                
+          <hr />
+
+           <div id="poweredBy">
+                            <div class="clear"></div>
+                   
+        
+        
+        
+    <iframe src="http://www.facebook.com/plugins/like.php?href=http://argus.incubator.apache.org/&send=false&layout=box_count&show-faces=false&action=like&colorscheme=light"
+        scrolling="no" frameborder="0"
+        style="border:none; width:48px; height:63px; margin-top: 10px;" ></iframe>
+               <div class="clear"></div>
+               
+        
+        
+        <div id="twitter">
+    
+    <a href="https://twitter.com/apacheargus" class="twitter-follow-button" data-show-count="true" data-align="left" data-size="medium" data-show-screen-name="true" data-lang="en">Follow apacheargus</a>
+    <script type="text/javascript">!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
+
+        </div>
+                   <div class="clear"></div>
+                            <div class="clear"></div>
+                                                                                                                   <a href="http://maven.apache.org/" title="Maven" class="builtBy">
+        <img class="builtBy"  alt="Maven" src="http://maven.apache.org/images/logos/maven-feather.png"    />
+      </a>
+                      </div>
+          </div>
+        </div>
+        
+                
+        <div id="bodyColumn"  class="span9" >
+                                  
+            
+    Configure Policies
+    The Policy Manager is accessible from the main menu bar. The home page shows a list of
+        tools supported by Argus Administration server. Clicking a particular repository name
+        opens toward the Policy list for the repository.
+    
+        
+            
+                
+            
+        
+    
+    <div class="section">
+<h2><a name="null"></a></h2>
+        
+        Policies limit access to Hive and HBase repositories to White Listing users, that is
+            once a repository is created and the agent installed, only users who have been granted
+            permission can access the resources. The Security Agent intercepts requests to the
+            resource and checks the user against the policies of the repository and determines if
+            the user matches any rules that grant them access to the resource. 
+        If no rules explicitly grant access, the following occurs:
+                
+                    HDFS: The request is passed through and
+                        the user can access the resource if permitted to do so by the HDFS local
+                        policies. 
+                
+                
+                    Hive and HBase : The request is
+                        rejected.
+                
+            
+    </div>
+    
+<div class="section">
+<h2><a name="null"></a></h2>
+        
+        Policies define who can access which resources within a Repository. Policies can only
+            be written for known Users and Groups, that is users and groups that have already been
+            defined in the Argus Administration Web UI, either by the User and Groups
+            Synchronizer or manually entered. 
+        To add a Policy:
+                
+                    Click Policy Manager &gt; Repository
+                            Name &gt; Add New Policy.
+                    The Create Policy page displays.
+                
+                
+                    Complete the Policy Details:
+<table border="0" class="table table-striped" frame="all">
+                            
+                            
+                                
+                                
+                                <thead>
+                                    
+                                        Field
+                                        Description
+                                    
+                                </thead>
+                                <tbody>
+                                    
+                                        HDFS: Resource Path or
+                                            Hive/HBase Tables and Columns
+                                        For HDFS, enter a comma separated list of paths for
+                                            the policy. For example,
+                                                /apps/tez/qa,/apps/tez/production.
+                                            For Hive and HBase, start typing the table name and
+                                            select the tables you want to add. In the path, you can
+                                            use regular expression to match multiple directory (or
+                                            table/column/column family names), for example,
+                                                /apps/tez/qa* matches all
+                                            subdirectories of /apps/tez that
+                                            being with 'qa'.
+                                    
+                                    
+                                        Description
+                                        Enter text that describes the policy, only visible
+                                            from the Policy Manager UI.
+                                    
+                                    
+                                        Recursive
+                                        Select Yes to grant permission to all subdirectories
+                                            of the specified path.
+                                    
+                                    
+                                        Audit Logging
+                                        Select Yes to log activity to the directory to the
+                                            Audit and Reporting facility of the Argus
+                                            Administration tools.
+                                    
+                                </tbody>
+                            
+                        </table>
+                
+                
+                    Complete the User and Group Details:
+<table border="0" class="table table-striped" frame="all">
+                            
+                            
+                                
+                                
+                                <thead>
+                                    
+                                        Field
+                                        Description
+                                    
+                                </thead>
+                                <tbody>
+                                    
+                                        Group Permission
+                                        Click the + sign to select a group from the Users and
+                                            Groups list. If the group is not listed, it must be
+                                            added to the server that the User and Group Synchronizer
+                                            polls for accounts. If the user or group was recently
+                                            added, it will appear after the next
+                                                sync_interval.
+                                    
+                                    
+                                        User Permission
+                                        Click the + sign to select a user from the Users and
+                                            Groups list. If the user is not listed, it must be added
+                                            to the server that the User and Group Synchronizer polls
+                                            for accounts. If the user or group was recently added,
+                                            it will appear after the next
+                                                sync_interval.
+                                    
+                                    
+                                        Policy Status
+                                        Select Enabled to enforce the Policy, or Disabled to
+                                            keep a copy of the Policy without enforcing it.
+                                    
+                                </tbody>
+                            
+                        </table>
+                
+                
+                    Click Save.
+                
+            
+    </div>
+    
+<div class="section">
+<h2><a name="null"></a></h2>
+        
+        Removing a policy from the Web UI, removes the policy from both the Argus
+            Administration server and the corresponding agent on the Repository host.
+        To remove a Policy:
+                
+                    Click Policy Manager &gt; Repository
+                            Name .
+                    The Policy list displays.
+                
+                
+                    Click the trash icon at the end of the row.
+                
+            
+        The policy change synchronizes within a few seconds with the agent and is removed from
+            both the server and the agent.
+    </div>
+    
+<div class="section">
+<h2><a name="null"></a></h2>
+        
+        Disabling a policy in the Web UI, removes the policy from the corresponding agent on
+            the Repository host. 
+        To remove a Policy:
+                
+                    Click Policy Manager &gt; Repository
+                            Name .
+                    The Policy list displays.
+                
+                
+                    Click the Edit icon near the end of the row.
+                
+                
+                    Change the Policy Status to Disabled.
+                
+                
+                    Click Save.
+                
+            
+        The policy change synchronizes within a few seconds with the agent and is removed from
+            both the server and the agent.
+    </div>
+    
+<div class="section">
+<h2><a name="null"></a></h2>
+        
+        You can disable only auditing (and leave the policy active). When auditing is
+            disabled, repository activity is no longer recorded by the Argus Administration
+            tools. Hadoop cluster logging still occurs and is available in the configuration
+            locations.
+        To disable auditing:
+                
+                    Click Policy Manager &gt; Repository
+                            Name .
+                    The Policy list displays.
+                
+                
+                    Click the Edit icon near the end of the row.
+                
+                
+                    Change the Audit Logging to off.
+                
+                
+                    Click Save.
+                
+            
+        The policy change synchronizes within a few seconds with the agent tops uploading
+            activity data to the server.
+    </div>
+
+                  </div>
+            </div>
+          </div>
+
+    <hr/>
+
+    <footer>
+            <div class="container-fluid">
+                      <div class="row-fluid">
+                              <p >Copyright &copy;                    2014
+                        <a href="http://www.apache.org/">Apache Software Foundation</a>.
+            All rights reserved.      
+                    
+      </p>
+        </div>
+
+        
+        
+                </div>
+    </footer>
+        </body>
+</html>

Added: incubator/argus/site/trunk/ch_XA-prereq.html
URL: http://svn.apache.org/viewvc/incubator/argus/site/trunk/ch_XA-prereq.html?rev=1628612&view=auto
==============================================================================
--- incubator/argus/site/trunk/ch_XA-prereq.html (added)
+++ incubator/argus/site/trunk/ch_XA-prereq.html Wed Oct  1 06:40:31 2014
@@ -0,0 +1,378 @@
+<!DOCTYPE html>
+<!--
+ | Generated by Apache Maven Doxia 
+ | Rendered using Apache Maven Fluido Skin 1.3.1
+-->
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta name="Date-Revision-yyyymmdd" content="20140930" />
+    <meta http-equiv="Content-Language" content="en" />
+    <title>Apache Argus - </title>
+    <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.1.min.css" />
+    <link rel="stylesheet" href="./css/site.css" />
+    <link rel="stylesheet" href="./css/print.css" media="print" />
+
+      
+    <script type="text/javascript" src="./js/apache-maven-fluido-1.3.1.min.js"></script>
+
+    
+                  </head>
+        <body class="topBarDisabled">
+          
+                
+                    
+    
+        <div class="container-fluid">
+          <div id="banner">
+        <div class="pull-left">
+                                                          <a href="./" id="bannerLeft">
+                                                                                                <img src="arguslogo/slide1.png"  alt="Argus logo" width="400px" height="200px"/>
+                </a>
+                      </div>
+        <div class="pull-right">              <div id="bannerRight">
+                                                                                                <img src="" />
+                </div>
+      </div>
+        <div class="clear"><hr/></div>
+      </div>
+
+      <div id="breadcrumbs">
+        <ul class="breadcrumb">
+                
+                    
+                  <li id="publishDate">Last Published: 2014-09-30
+                      <span class="divider">|</span>
+                   </li>
+                  <li id="projectVersion">Version: 0.4
+                      </li>
+                      
+                
+                    
+      
+                            </ul>
+      </div>
+
+            
+      <div class="row-fluid">
+        <div id="leftColumn" class="span3">
+          <div class="well sidebar-nav">
+                
+                    
+                <ul class="nav nav-list">
+                    <li class="nav-header">Overview</li>
+                              
+      <li>
+  
+                          <a href="index.html" title="Introduction">
+          <i class="none"></i>
+        Introduction</a>
+            </li>
+                
+      <li>
+  
+                          <a href="faq.html" title="FAQ">
+          <i class="none"></i>
+        FAQ</a>
+            </li>
+                              <li class="nav-header">Resources</li>
+                              
+      <li>
+  
+                          <a href="wiki.html" title="Wiki">
+          <i class="none"></i>
+        Wiki</a>
+            </li>
+                
+      <li>
+  
+                          <a href="http://www.apache.org/licenses/" class="externalLink" title="License">
+          <i class="none"></i>
+        License</a>
+            </li>
+                              <li class="nav-header">Project Information</li>
+                              
+      <li>
+  
+                          <a href="project-summary.html" title="Project Summary">
+          <i class="none"></i>
+        Project Summary</a>
+            </li>
+                
+      <li>
+  
+                          <a href="mail-lists.html" title="Mailing Lists">
+          <i class="none"></i>
+        Mailing Lists</a>
+            </li>
+                
+      <li>
+  
+                          <a href="team-list.html" title="Team">
+          <i class="none"></i>
+        Team</a>
+            </li>
+            </ul>
+                
+                    
+                
+          <hr />
+
+           <div id="poweredBy">
+                            <div class="clear"></div>
+                   
+        
+        
+        
+    <iframe src="http://www.facebook.com/plugins/like.php?href=http://argus.incubator.apache.org/&send=false&layout=box_count&show-faces=false&action=like&colorscheme=light"
+        scrolling="no" frameborder="0"
+        style="border:none; width:48px; height:63px; margin-top: 10px;" ></iframe>
+               <div class="clear"></div>
+               
+        
+        
+        <div id="twitter">
+    
+    <a href="https://twitter.com/apacheargus" class="twitter-follow-button" data-show-count="true" data-align="left" data-size="medium" data-show-screen-name="true" data-lang="en">Follow apacheargus</a>
+    <script type="text/javascript">!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
+
+        </div>
+                   <div class="clear"></div>
+                            <div class="clear"></div>
+                                                                                                                   <a href="http://maven.apache.org/" title="Maven" class="builtBy">
+        <img class="builtBy"  alt="Maven" src="http://maven.apache.org/images/logos/maven-feather.png"    />
+      </a>
+                      </div>
+          </div>
+        </div>
+        
+                
+        <div id="bodyColumn"  class="span9" >
+                                  
+            
+    Argus Administration Overview
+    The Argus Administration provides the following security
+        for Hadoop clusters:
+            
+                Authorization: Restricts access to explicit data as follows:
+                        
+                            Fine-grained access control for HDFS, Hive, and Hbase
+                        
+                        
+                            Role-based policies
+                        
+                        
+                            Component-level enforcement
+                        
+                    
+            
+            
+                Audit: Track and report on the following items in a central location:
+                        
+                            Detailed access auditing for HDFS, Hive and Hbase
+                        
+                        
+                            Admin action auditing
+                        
+                    
+            
+            
+                Centralized Security Policies:
+                        
+                            UI to centrally manage security policies
+                        
+                        
+                            Delegated administration
+                        
+                        
+                            Automated policy synchronization
+                        
+                    
+            
+        
+    <div class="section">
+<h2><a name="null"></a></h2>
+        
+        An Argus Administration deployment contains the
+            following components:
+        
+                
+                    
+                
+            
+        
+            
+                Argus Administration
+                        server: A central location to manage all security policies for
+                    Hadoop clusters, including access control, auditing, and reporting. It also
+                    provides delegated administration features to enable administration of policies
+                    for specific data to other users and groups.
+            
+            
+                User and Group Synchronizer: Synchronizes
+                    user and group information between a UNIX server and the HDP
+                        Security Administration server. Allows the Unix system users
+                    on the host where the agent is installed to sign in to the Web UI with the same
+                    credentials as the local host.
+            
+            
+                Security Agent for HDFS: Enforces the HDFS
+                    access control based on the policies managed on the Argus
+                        Administration server and provides audit and reporting HDFS
+                    activity. 
+            
+            
+                Security Agent for Hive: Enforces Hive
+                    (HiveServer2) access control based on the policies managed on the
+                        Argus Administration server and provides
+                    audit and reporting for Hive activity.
+            
+            
+                Security Agent for
+                        HBase: Enforces HBase access
+                    control (via Hive2 service) based on the policies
+                    managed on the Argus
+                        Administration server and
+                    provides audit and reporting for HBase activity.
+                    Install an agent on the HBase Master and all HBase
+                    Regional servers.
+            
+        
+        The following table shows the ports used by the Argus
+                Administration tools:
+        
+            
+<table border="0" class="table table-striped" frame="all">
+                
+                
+                    
+                    
+                    
+                    <thead>
+                        
+                            Component
+                            Listening Port
+                            Connection to Port
+                        
+                    </thead>
+                    <tbody>
+                        
+                            Argus Administration server
+                            6080
+                                    Ensure agent hosts can connect to the HDP SA server on
+                                        port 6080.
+                                 (HTTP)
+                            3306 (JDBC/MySQL)
+                        
+                        
+                            All Agents (HDFS, HBase and Hive)
+                            
+                            6080* (HTTP)
+                        
+                        
+                            User and Group Synchronization Agent
+                            5151
+                                     Make sure Argus Administration server can connect
+                                        to port 5151 on the server were Unix Synchronization Service
+                                        is installed. 
+                                (Optional for remote Unix)
+                            3306 (JDBC/MySQL)
+                        
+                        
+                            MySQL
+                            3306
+                                    Argus Administrator server and agent servers should
+                                        be able to connect to port 3306 on the server MySQL is
+                                        installed. The agents insert the audit logs directly into
+                                        the database 
+                                
+                            3306
+                        
+                    </tbody>
+                
+            </table>
+        
+    </div>
+    
+<div class="section">
+<h2><a name="null"></a></h2>
+        
+        
+            
+                Policy Enforcement: Security Agents run within the process of NameNode,
+                    HiveServer2 and HBase Region Servers. It adds negligible overhead to the
+                    existing policy check and enforcement. The Security Agents can handle more than
+                    50 simultaneous requests within less than 1.5 milliseconds.
+                Recommendation: Limit the number of policies by grouping resources together
+                    and also where possible using wild cards or recursive options.
+            
+            
+                Audits (log uploads to the server) : The Security Agent logs all access logs
+                    centrally to RDBMS. When MySQL is installed on a dedicated server with 4 Cores
+                    and 16 GB RAM, XASecure can handle up to 6500 logs/second with 375 concurrent
+                    requests. XASecure has inbuilt mechanism to log the event asynchronously without
+                    affecting the runtime performance of the cluster. If there is a sudden surge of
+                    event logs, XASecure will automatically buffer the logs and do deferred writing
+                    to database. If the surge of access requests lasts for longer period, then
+                    XASecure will throttle itself by discarding excess logs.
+                Recommendation: For high-end systems, it is recommend that the database is
+                    properly tuned for memory caching and disk IO. It is also recommended to
+                    appropriately partition the database and archive historical data on regular
+                    intervals.
+            
+        
+    </div>
+    
+<div class="section">
+<h2><a name="null"></a></h2>
+        
+        The Argus Administration Suite is available to
+            download from Hortonworks <link xlink:href="http://hortonworks.com/hdp/addons/">Add-ons</link> page. 
+        Download the components, as follows:
+                
+                    Argus Administration server: Required
+                        for all deployments.
+                
+                
+                    UX-UserGroup Synchronizer: Optional. Provides
+                        Web UI authentication and automatically imports users and groups for
+                        policies. 
+                
+                
+                    Security Agent for Hive: Only required if you
+                        are managing access or auditing HiveServer2.
+                
+                
+                    Security Agent for Hadoop: Only required if you
+                        are managing access or auditing HDFS.
+                
+                
+                    Security Agent for HBase: Only required if you
+                        are managing access or auditing HBase.
+                
+            
+    </div>
+
+                  </div>
+            </div>
+          </div>
+
+    <hr/>
+
+    <footer>
+            <div class="container-fluid">
+                      <div class="row-fluid">
+                              <p >Copyright &copy;                    2014
+                        <a href="http://www.apache.org/">Apache Software Foundation</a>.
+            All rights reserved.      
+                    
+      </p>
+        </div>
+
+        
+        
+                </div>
+    </footer>
+        </body>
+</html>



Mime
View raw message