RANGER-173: Utility scripts to create HDFS audit folders and policies (cherry-picked commit ed27cecb62fe4ec7f9855326b5a8d3632ca0a3c9)
Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/8e74e5ab Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/8e74e5ab Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/8e74e5ab Branch: refs/heads/ranger-0.5 Commit: 8e74e5abf780870b595ea4d7d4f248102e15311f Parents: b205c08 Author: Don Bosco Durai <[email protected]> Authored: Mon Oct 5 16:11:04 2015 -0700 Committer: Velmurugan Periasamy <[email protected]> Committed: Fri Dec 11 00:17:22 2015 -0500 ---------------------------------------------------------------------- .../create_hdfs_folders_for_audit_non_secure.sh | 66 +++++++++++++++++++ .../create_hdfs_folders_for_audit_secure.sh | 67 ++++++++++++++++++++ 2 files changed, 133 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8e74e5ab/security-admin/contrib/audit_hdfs_folders/create_hdfs_folders_for_audit_non_secure.sh ---------------------------------------------------------------------- diff --git a/security-admin/contrib/audit_hdfs_folders/create_hdfs_folders_for_audit_non_secure.sh b/security-admin/contrib/audit_hdfs_folders/create_hdfs_folders_for_audit_non_secure.sh new file mode 100755 index 0000000..eec3a08 --- /dev/null +++ b/security-admin/contrib/audit_hdfs_folders/create_hdfs_folders_for_audit_non_secure.sh @@ -0,0 +1,66 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#Usage: Run this script as user hdfs. +#Creating folders required for Apache Ranger auditing to HDFS. +#Note 1: Use this script only for non-secure/kerberos environment +# + +set -x +hdfs dfs -mkdir -p /ranger/audit +hdfs dfs -chown hdfs:hdfs /ranger/audit +hdfs dfs -chmod 755 /ranger +hdfs dfs -chmod 755 /ranger/audit + +hdfs dfs -mkdir -p /ranger/audit/hbaseMaster +hdfs dfs -chown hbase:hbase /ranger/audit/hbaseMaster +hdfs dfs -chmod -R 0700 /ranger/audit/hbaseMaster + +hdfs dfs -mkdir -p /ranger/audit/hbaseRegional +hdfs dfs -chown hbase:hbase /ranger/audit/hbaseRegional +hdfs dfs -chmod -R 0700 /ranger/audit/hbaseRegional + +hdfs dfs -mkdir -p /ranger/audit/hdfs +hdfs dfs -chown hdfs:hdfs /ranger/audit/hdfs +hdfs dfs -chmod -R 0700 /ranger/audit/hdfs + +hdfs dfs -mkdir -p /ranger/audit/hiveServer2 +hdfs dfs -chown hive:hive /ranger/audit/hiveServer2 +hdfs dfs -chmod -R 0700 /ranger/audit/hiveServer2 + +hdfs dfs -mkdir -p /ranger/audit/kafka +hdfs dfs -chown kafka:kafka /ranger/audit/kafka +hdfs dfs -chmod -R 0700 /ranger/audit/kafka + +hdfs dfs -mkdir -p /ranger/audit/kms +hdfs dfs -chown kms:kms /ranger/audit/kms +hdfs dfs -chmod -R 0700 /ranger/audit/kms + +hdfs dfs -mkdir -p /ranger/audit/knox +hdfs dfs -chown knox:knox /ranger/audit/knox +hdfs dfs -chmod -R 0700 /ranger/audit/knox + +hdfs dfs -mkdir -p /ranger/audit/solr +hdfs dfs -chown solr:solr /ranger/audit/solr +hdfs dfs -chmod -R 0700 /ranger/audit/solr + +hdfs dfs -mkdir -p /ranger/audit/storm +hdfs dfs -chown storm:storm /ranger/audit/storm +hdfs dfs -chmod -R 0700 /ranger/audit/storm + +hdfs dfs -mkdir -p /ranger/audit/yarn +hdfs dfs -chown yarn:yarn /ranger/audit/yarn +hdfs dfs -chmod -R 0700 /ranger/audit/yarn http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8e74e5ab/security-admin/contrib/audit_hdfs_folders/create_hdfs_folders_for_audit_secure.sh ---------------------------------------------------------------------- diff --git a/security-admin/contrib/audit_hdfs_folders/create_hdfs_folders_for_audit_secure.sh b/security-admin/contrib/audit_hdfs_folders/create_hdfs_folders_for_audit_secure.sh new file mode 100755 index 0000000..b15beee --- /dev/null +++ b/security-admin/contrib/audit_hdfs_folders/create_hdfs_folders_for_audit_secure.sh @@ -0,0 +1,67 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#Usage: Run this script as user hdfs. +#Creating folders required for Apache Ranger auditing to HDFS. +#Note 1: Use this script only for non-secure/kerberos environment +# + +set -x +hdfs dfs -mkdir -p /ranger/audit +hdfs dfs -chown hdfs:hdfs /ranger/audit +hdfs dfs -chmod 755 /ranger +hdfs dfs -chmod 755 /ranger/audit + + +hdfs dfs -mkdir -p /ranger/audit/hbaseMaster +hdfs dfs -chown hbase:hbase /ranger/audit/hbaseMaster +hdfs dfs -chmod -R 0700 /ranger/audit/hbaseMaster + +hdfs dfs -mkdir -p /ranger/audit/hbaseRegional +hdfs dfs -chown hbase:hbase /ranger/audit/hbaseRegional +hdfs dfs -chmod -R 0700 /ranger/audit/hbaseRegional + +hdfs dfs -mkdir -p /ranger/audit/hdfs +hdfs dfs -chown hdfs:hdfs /ranger/audit/hdfs +hdfs dfs -chmod -R 0700 /ranger/audit/hdfs + +hdfs dfs -mkdir -p /ranger/audit/hiveServer2 +hdfs dfs -chown hive:hive /ranger/audit/hiveServer2 +hdfs dfs -chmod -R 0700 /ranger/audit/hiveServer2 + +hdfs dfs -mkdir -p /ranger/audit/kafka +hdfs dfs -chown kafka:kafka /ranger/audit/kafka +hdfs dfs -chmod -R 0700 /ranger/audit/kafka + +hdfs dfs -mkdir -p /ranger/audit/kms +hdfs dfs -chown HTTP:HTTP /ranger/audit/kms +hdfs dfs -chmod -R 0700 /ranger/audit/kms + +hdfs dfs -mkdir -p /ranger/audit/knox +hdfs dfs -chown knox:knox /ranger/audit/knox +hdfs dfs -chmod -R 0700 /ranger/audit/knox + +hdfs dfs -mkdir -p /ranger/audit/solr +hdfs dfs -chown solr:solr /ranger/audit/solr +hdfs dfs -chmod -R 0700 /ranger/audit/solr + +hdfs dfs -mkdir -p /ranger/audit/storm +hdfs dfs -chown storm:storm /ranger/audit/storm +hdfs dfs -chmod -R 0700 /ranger/audit/storm + +hdfs dfs -mkdir -p /ranger/audit/yarn +hdfs dfs -chown yarn:yarn /ranger/audit/yarn +hdfs dfs -chmod -R 0700 /ranger/audit/yarn
