ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bo...@apache.org
Subject [1/2] incubator-ranger git commit: RANGER-173: Utility scripts to create HDFS audit folders and policies
Date Tue, 06 Oct 2015 06:08:16 GMT
Repository: incubator-ranger
Updated Branches:
  refs/heads/master ea0872f69 -> 9cb055fc1


RANGER-173: Utility scripts to create HDFS audit folders and policies


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/ed27cecb
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/ed27cecb
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/ed27cecb

Branch: refs/heads/master
Commit: ed27cecb62fe4ec7f9855326b5a8d3632ca0a3c9
Parents: ea0872f
Author: Don Bosco Durai <bosco@apache.org>
Authored: Mon Oct 5 16:11:04 2015 -0700
Committer: Don Bosco Durai <bosco@apache.org>
Committed: Mon Oct 5 23:07:58 2015 -0700

----------------------------------------------------------------------
 .../create_hdfs_folders_for_audit_non_secure.sh | 66 +++++++++++++++++++
 .../create_hdfs_folders_for_audit_secure.sh     | 67 ++++++++++++++++++++
 2 files changed, 133 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ed27cecb/security-admin/contrib/audit_hdfs_folders/create_hdfs_folders_for_audit_non_secure.sh
----------------------------------------------------------------------
diff --git a/security-admin/contrib/audit_hdfs_folders/create_hdfs_folders_for_audit_non_secure.sh
b/security-admin/contrib/audit_hdfs_folders/create_hdfs_folders_for_audit_non_secure.sh
new file mode 100755
index 0000000..eec3a08
--- /dev/null
+++ b/security-admin/contrib/audit_hdfs_folders/create_hdfs_folders_for_audit_non_secure.sh
@@ -0,0 +1,66 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#Usage: Run this script as user hdfs. 
+#Creating folders required for Apache Ranger auditing to HDFS. 
+#Note 1: Use this script only for non-secure/kerberos environment
+#
+
+set -x
+hdfs dfs -mkdir -p /ranger/audit
+hdfs dfs -chown hdfs:hdfs /ranger/audit
+hdfs dfs -chmod 755 /ranger
+hdfs dfs -chmod 755 /ranger/audit
+
+hdfs dfs -mkdir -p /ranger/audit/hbaseMaster
+hdfs dfs -chown hbase:hbase /ranger/audit/hbaseMaster
+hdfs dfs -chmod -R 0700 /ranger/audit/hbaseMaster
+
+hdfs dfs -mkdir -p /ranger/audit/hbaseRegional
+hdfs dfs -chown hbase:hbase /ranger/audit/hbaseRegional
+hdfs dfs -chmod -R 0700 /ranger/audit/hbaseRegional
+
+hdfs dfs -mkdir -p /ranger/audit/hdfs
+hdfs dfs -chown hdfs:hdfs /ranger/audit/hdfs
+hdfs dfs -chmod -R 0700 /ranger/audit/hdfs
+
+hdfs dfs -mkdir -p /ranger/audit/hiveServer2
+hdfs dfs -chown hive:hive /ranger/audit/hiveServer2
+hdfs dfs -chmod -R 0700 /ranger/audit/hiveServer2
+
+hdfs dfs -mkdir -p /ranger/audit/kafka
+hdfs dfs -chown kafka:kafka /ranger/audit/kafka
+hdfs dfs -chmod -R 0700 /ranger/audit/kafka
+
+hdfs dfs -mkdir -p /ranger/audit/kms
+hdfs dfs -chown kms:kms /ranger/audit/kms
+hdfs dfs -chmod -R 0700 /ranger/audit/kms
+
+hdfs dfs -mkdir -p /ranger/audit/knox
+hdfs dfs -chown knox:knox /ranger/audit/knox
+hdfs dfs -chmod -R 0700 /ranger/audit/knox
+
+hdfs dfs -mkdir -p /ranger/audit/solr
+hdfs dfs -chown solr:solr /ranger/audit/solr
+hdfs dfs -chmod -R 0700 /ranger/audit/solr
+
+hdfs dfs -mkdir -p /ranger/audit/storm
+hdfs dfs -chown storm:storm /ranger/audit/storm
+hdfs dfs -chmod -R 0700 /ranger/audit/storm
+
+hdfs dfs -mkdir -p /ranger/audit/yarn
+hdfs dfs -chown yarn:yarn /ranger/audit/yarn
+hdfs dfs -chmod -R 0700 /ranger/audit/yarn

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ed27cecb/security-admin/contrib/audit_hdfs_folders/create_hdfs_folders_for_audit_secure.sh
----------------------------------------------------------------------
diff --git a/security-admin/contrib/audit_hdfs_folders/create_hdfs_folders_for_audit_secure.sh
b/security-admin/contrib/audit_hdfs_folders/create_hdfs_folders_for_audit_secure.sh
new file mode 100755
index 0000000..b15beee
--- /dev/null
+++ b/security-admin/contrib/audit_hdfs_folders/create_hdfs_folders_for_audit_secure.sh
@@ -0,0 +1,67 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#Usage: Run this script as user hdfs. 
+#Creating folders required for Apache Ranger auditing to HDFS. 
+#Note 1: Use this script only for non-secure/kerberos environment
+#
+
+set -x
+hdfs dfs -mkdir -p /ranger/audit
+hdfs dfs -chown hdfs:hdfs /ranger/audit
+hdfs dfs -chmod 755 /ranger
+hdfs dfs -chmod 755 /ranger/audit
+
+
+hdfs dfs -mkdir -p /ranger/audit/hbaseMaster
+hdfs dfs -chown hbase:hbase /ranger/audit/hbaseMaster
+hdfs dfs -chmod -R 0700 /ranger/audit/hbaseMaster
+
+hdfs dfs -mkdir -p /ranger/audit/hbaseRegional
+hdfs dfs -chown hbase:hbase /ranger/audit/hbaseRegional
+hdfs dfs -chmod -R 0700 /ranger/audit/hbaseRegional
+
+hdfs dfs -mkdir -p /ranger/audit/hdfs
+hdfs dfs -chown hdfs:hdfs /ranger/audit/hdfs
+hdfs dfs -chmod -R 0700 /ranger/audit/hdfs
+
+hdfs dfs -mkdir -p /ranger/audit/hiveServer2
+hdfs dfs -chown hive:hive /ranger/audit/hiveServer2
+hdfs dfs -chmod -R 0700 /ranger/audit/hiveServer2
+
+hdfs dfs -mkdir -p /ranger/audit/kafka
+hdfs dfs -chown kafka:kafka /ranger/audit/kafka
+hdfs dfs -chmod -R 0700 /ranger/audit/kafka
+
+hdfs dfs -mkdir -p /ranger/audit/kms
+hdfs dfs -chown HTTP:HTTP /ranger/audit/kms
+hdfs dfs -chmod -R 0700 /ranger/audit/kms
+
+hdfs dfs -mkdir -p /ranger/audit/knox
+hdfs dfs -chown knox:knox /ranger/audit/knox
+hdfs dfs -chmod -R 0700 /ranger/audit/knox
+
+hdfs dfs -mkdir -p /ranger/audit/solr
+hdfs dfs -chown solr:solr /ranger/audit/solr
+hdfs dfs -chmod -R 0700 /ranger/audit/solr
+
+hdfs dfs -mkdir -p /ranger/audit/storm
+hdfs dfs -chown storm:storm /ranger/audit/storm
+hdfs dfs -chmod -R 0700 /ranger/audit/storm
+
+hdfs dfs -mkdir -p /ranger/audit/yarn
+hdfs dfs -chown yarn:yarn /ranger/audit/yarn
+hdfs dfs -chmod -R 0700 /ranger/audit/yarn


Mime
View raw message