CVEs fixed in Ranger 0.5

Ranger Community: Please see below details. CVE-2015-0265: Apache Ranger code injection vulnerability --- Severity: Important Vendor: The Apache Software Foundation Versions Affected: 0.4.0 version of Apache Ranger Users

Re: Question regarding postgresql pre-requisite

Lune - postgres 9.3.5 should work fine. From: Lune Silver mailto:lunescar.ran...@gmail.com>> Reply-To: "user@ranger.incubator.apache.org" mailto:user@ranger.incubator.apache.org>> Date: Monday, November 23, 2015 at 1:00 PM To: "user@ranger.incubator.apach

Re: ranger-admin setup failed

What version of ranger you are setting up? Can you add the below lines in install.properties and try again? sqlanywhere_core_file=db/sqlanywhere/xa_core_db_sqlanywhere.sql sqlanywhere_audit_file=db/sqlanywhere/xa_audit_db_sqlanywhere.sql From: Hafiz Mujadid mailto:hafizmujadi...@gmail.com>> Repl

Re: ranger-admin setup failed

;user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" mailto:user@ranger.incubator.apache.org>> Subject: Re: ranger-admin setup failed i am using apache ranger main branch code On Sat, Nov 28, 2015 at 6:33 PM, Velmurugan Periasamy mailto:vperias...@hortonworks.c

Re: ranger-admin setup failed

path)): File "/usr/lib/python2.7/genericpath.py", line 29, in isfile st = os.stat(path) TypeError: coercing to Unicode: need string or buffer, NoneType found 2015-11-28 18:46:39,743 [E] Update property failed for: On Sat, Nov 28, 2015 at 6:36 PM, Velmurugan Periasamy mailto:vpe

Re: ranger-admin setup failed

8, 2015 at 9:17 AM To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" mailto:user@ranger.incubator.apache.org>> Subject: Re: ranger-admin setup failed thanks, I am waiting for the solution On Sat, Nov 28, 2015 at 7:16 PM, Velmurugan Periasamy mailto:vperia

Re: ranger-admin setup failed

, 2015 at 11:37 AM To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" mailto:user@ranger.incubator.apache.org>> Subject: Re: ranger-admin setup failed do i need to pull latest code? On Sat, Nov 28, 2015 at 9:35 PM, Velmurugan Periasamy mailto:vperias...@hort

CVE update (CVE-2015-5167 & CVE-2016-0733) - Fixed in Ranger 0.5.1

Hello: Here¹s a CVE update for Ranger 0.5.1 release. Please see below details. Thank you, Velmurugan Periasamy -- CVE-2015-5167: Restrict REST API data access for non-admin users

Re: [Discuss] Phasing support for DB audit

Hi Balaji: I agree storing audit data in DB is not scalable for long term data. What would be the path forward for users who are already using DB to store audit data and managing the DB themselves? Adding user@ranger list. Thank you, Vel On 3/8/16, 3:19 PM, "Balaji Ganesan" wrote: >All, any

CVE update (CVE-2016-0735) - Fixed in Ranger 0.5.2

Hello: Here¹s a CVE update for Ranger 0.5.2 release. Please see below details. Thank you, Velmurugan Periasamy -- CVE-2016-0735: Ranger policy excludes flags processing

Re: [Discuss] Phasing support for DB audit

https://issues.apache.org/jira/browse/RANGER-271 addressed the migration utility. https://issues.apache.org/jira/browse/RANGER-900 is created for removing DB audit support. On 3/23/16, 1:52 AM, "Don Bosco Durai" wrote: >+1 > > >I suggest that we provide utility to migrate audits from DB to S

Re: Need Help to choose Apache Ranger

Thanks Bosco for the explanation. Adding Ranger Dev group. From: Don Bosco Durai mailto:bo...@apache.org>> Reply-To: "user@ranger.incubator.apache.org" mailto:user@ranger.incubator.apache.org>> Date: Wednesday, April 13, 2016 at 2:30 PM To: Rehan Ahmed C

Re: Informationn about properties of Ranger

Lune – unix auth service running as part of usersync is applicable only if unix authentication method is chosen in ranger admin. For LDAP/AD authentication methods, ranger admin will authenticate the user directly against LDAP/AD. From: Lune Silver mailto:lunescar.ran...@gmail.com>> Reply-To: "

Re: Ranger does not take into account the logging properties from ambari

This is a bug that is fixed in Ranger 0.6.0 - https://issues.apache.org/jira/browse/RANGER-859 As a workaround, you can create symlinks under /var/log/ranger to point to From: Lune Silver mailto:lunescar.ran...@gmail.com>> Reply-To: "user@ranger.incubator.apache.org

Re: Problem setting up the SSL for Ranger usersync

Since the error is on usersync side, problem could be in accessing either usersync key store or trust store.Please verify the below. 1] usersync is using the right key store. Key password and Store password have to be the same. 2] usersync is using the right trust store. If not using the default

CVE update (CVE-2016-2174) - Fixed in Ranger 0.5.3

Hello: Here’s a CVE update for Ranger 0.5.3 release. Please see below details. Release details can be found at https://cwiki.apache.org/confluence/display/RANGER/0.5.3+Release+-+Apache+Ranger Thank you, Velmurugan Periasamy

Re: HDFS Plugin - Unable to get listing of files for directory [/] from Hadoop environment

Dale: Could you set hadoop.rpc.protection to authentication and try? Thank you, Vel From: Dale Bradman mailto:da...@profusion.com>> Reply-To: "user@ranger.incubator.apache.org" mailto:user@ranger.incubator.apache.org>> Date: Wednesday, June 15, 2016 at

Re: HDFS Plugin - Unable to get listing of files for directory [/] from Hadoop environment

entication The above works. It seems it is the HA configuration that is a problem. Will it work with NameNode HA? Is there any risk for it not being configured to HA? Thanks. From: Velmurugan Periasamy [mailto:vperias...@hortonworks.com] Sent: 15 June 2016 14:31 To: user@ranger.incubator.apache.or

Re: Ranger-0.6 HDFS authentication failed in secure mode

Error you posted seems to be related to test connection failing, not download policy issue. @Sailaja - can you please chime in for the decrypt password issue? Can you please share 1] your HDFS repository configuration 2] any errors in ranger log during the download policy from HDFS plugin Thank

CVE update (CVE-2016-5395) - Fixed in Apache Ranger 0.6.1

Hello: Here¹s a CVE update for Ranger 0.6.1 release. Please see below details. Release details can be found at https://cwiki.apache.org/confluence/display/RANGER/0.6.1+Release+-+Apache+Ra nger Thank you, Velmurugan Periasamy

Re: Exception while creating encryption zone

Loïc: Can you make sure hdfs user has permissions for key operations (especially GENERATE_EEK and GET_METADATA) and try again? Thank you, Vel From: Loïc Chanel mailto:loic.cha...@telecomnancy.net>> Reply-To: "user@ranger.incubator.apache.org" mailto:u

Re: Need help in integrating apache-ranger-incubating-0.6.1

, September 15, 2016 at 8:49 PM To: Velmurugan Periasamy Subject: Need help in integrating apache-ranger-incubating-0.6.1 Hi Vel, We are trying to evaluate Apache Ranger for our Hadoop security policies. It is failing while building from source code as mentioned below. Do you have any known issues or

Re: Exception while creating encryption zone

er@ranger.incubator.apache.org>> Subject: Re: Exception while creating encryption zone As he's the superdamin user, he should be able to do so, right ? If not, how can I test this ? Loïc CHANEL System Big Data engineer MS&T - WASABI - Worldline (Villeurbanne, France) 2016

Re: Exception while creating encryption zone

CHANEL System Big Data engineer MS&T - WASABI - Worldline (Villeurbanne, France) 2016-09-16 16:41 GMT+02:00 Velmurugan Periasamy mailto:vperias...@hortonworks.com>>: HDFS user is superuser only for HDFS, for key operations it needs to have permissions. Login to Ranger using keyadmin/

Re: Authentication Failure talking to Ranger KMS

Is httpfs user configured to proxy as other users? You can see if there are any clues in KMS log or audit log. From: Benjamin Ross mailto:br...@lattice-engines.com>> Reply-To: "user@ranger.incubator.apache.org" mailto:user@ranger.incubator.apache.org>>

CVE update (CVE-2016-6815) - Fixed in Ranger 0.6.2

nk you, Velmurugan Periasamy --- CVE-2016-6815: Apache Ranger user privilege vulnerability --- Severity: