Threat Finder

Threat ID
2790
Threat Date
08/01/2013
Threat Name
User name to be used by the web server
CVE Reference
CVE-NO-MATCH
CCE Reference
CCE-NO-MATCH
Risk
Informational
Database Type
Hadoop
Category
Misconfigurations
Versions
All versions of Hadoop
Summary
The identity of the web server is a configuration parameter. The web server behaves as if it has the identity (user and groups) of a user chosen by the administrator. This should be authorized and audited by the system administrator.
Overview
NameNode and DataNode each run an internal web server in order to display basic information about the current status of the cluster. The web interface can also be used to browse the file system.

The user account under which the web server is run is a configuration parameter. That is, the name node has no notion of the identity of the real user, but the web server behaves as if it has the identity (user and groups) of a user chosen by the administrator. Unless the chosen identity matches the superuser, parts of the name space may be inaccessible to the web server. If the specified account is superuser, any client will have access to anything published by the server, including the contents of the file system.

The parameter is named "dfs.web.ugi", located in hdfs-site.xml file. The default value for this parameter is "webuser,webgroup" meaning the web server will run under an account named "webuser" member of the group "webgroup". More than a group can be specified after the first group, separated by commas.
References
http://hadoop.apache.org/docs/stable/hdfs_user_guide.html#Web+Interface
VMSKey
STIGID

Additional information including fix script information is available in the licensed versions of Application Security's DbProtect and AppDetectivePro solutions.

Powered by