Linux-UNIX: Hadoop integration using Hortonworks and Apache Ranger

Apache Ranger, included with the Hortonworks Data Platform 2.3-2.6, offers fine-grained access control and auditing over Hadoop components such as Solr, Storm, Hive, HBASE, and HDFS by using policies.

The audit data is written to both HDFS and Solr. Guardium can integrate with Ranger in two ways:
  • For auditing, Guardium acts as another logger source for Ranger Auditing. Audited activity is sent to the Guardium collector where it is parsed and logged. After the data is in Guardium, it is highly protected in the hardened appliance. You can use all normal Guardium functions, such as real-time alerting and integration with SIEM, reporting and workflow, and analytics.
  • For blocking, Guardium extends Ranger access control policies, by using what is known in Ranger as dynamic policies.

With Ranger integration, the data is decrypted before it is sent to the Guardium system for auditing. In addition to SSL support, Ranger integration that uses dynamic policies enables blocking support for more components than is supported by standard S-TAP.

Supported functions with Ranger integration

You can use Ranger integration with the following functions:
  • Audit SSL-encrypted activity
  • Audit Kerberos authenticated traffic - By using Ranger integration, you do not need to propagate keytabs for Guardium.
  • Audit Hive, HBASE, HDFS - HBASE deployment is simpler with Ranger, you do not need to deploy S-TAPs on data nodes.
  • Audit SOLR
  • Audit Kafka
  • Audit Storm
  • Audit exceptions - Ranger catches only “access denied” exceptions.
  • Blocking of Hive, HDFS, and HBASE with dynamic policies.

Limitations

Ranger integration supports the following policy rule actions:
  • Alert daily
  • Alert only
  • Alert per match
  • Alert per time granularity
  • Log full details
  • Log full details with replaced values
  • Log masked details
  • Log only
  • No parse
  • Quick parse
  • Quick parse no fields
  • Record values separately
  • Skip logging