Threat Finder

Threat ID
2783
Threat Date
06/27/2013
Threat Name
MapReduce cluster administrators
CVE Reference
CVE-NO-MATCH
CCE Reference
CCE-NO-MATCH
Risk
Informational
Database Type
Hadoop
Category
Improper Access Controls
Versions
All versions of Hadoop
Summary
Property mapreduce.cluster.administrators contains an ACL that defines users and groups that are granted MapReduce cluster administration privileges. This list should be audited and maintained by the admin.
Overview
Property mapreduce.cluster.administrators in file mapred-site.xml define a list of accounts and groups that are cluster administrators. These users have administration privileges and should be audited by the system admin.
Default value is undefined, which means there are no special privileged accounts/groups for MapReduce cluster.
Property value is formatted as an ACL: a list of accounts and a list of groups, separated by a space. The special character "*" can be used to indicate all users.
References
http://archive.cloudera.com/cdh/3/hadoop-0.20.2-cdh3u3/mapred_tutorial.html
http://docs.hortonworks.com/HDPDocuments/HDP1/HDP-1.2.0/bk_using_Ambari_book/content/ambari-chap3-7-2.html
http://hadoop.apache.org/docs/stable/cluster_setup.html
VMSKey
STIGID

Additional information including fix script information is available in the licensed versions of Application Security's DbProtect and AppDetectivePro solutions.

Powered by