Threat Finder

Threat ID
2791
Threat Date
08/02/2013
Threat Name
Network ports and protocols configuration
CVE Reference
CVE-NO-MATCH
CCE Reference
CCE-NO-MATCH
Risk
Informational
Database Type
Hadoop
Category
Misconfigurations
Versions
All versions of Hadoop
Summary
Non-standard network ports or protocols configuration or usage could lead to bypass of network perimeter security controls and protections.
Overview
Non-standard network ports or protocols configuration or usage could lead to bypass of network perimeter security controls and protections.

Confirm that network ports and protocols configuration is compatible with cluster-wide firewall policies.

Hadoop daemons run an HTTP server (to provide web pages), an RPC server (communication between daemons) and a TCP/IP server (for block transfers by datanodes). Network address and port could be configured for each server.

fs.defaultFS (or fs.default.name depending on the version)
Default value: file:///
The default port is 8020 if not specified.
The name of the default file system. A URI whose scheme and authority determine the FileSystem implementation. The uri's scheme determines the config property (fs.SCHEME.impl) naming the FileSystem implementation class. The uri's authority is used to determine the host, port, etc. for a filesystem.

dfs.namenode.http-address (or dfs.http.address depending on the version)
Default value: 0.0.0.0:50070
The address and the base port where the dfs namenode web ui will listen on.

dfs.datanode.ipc.address
Default value: 0.0.0.0:50020
The datanode ipc server address and port.

dfs.datanode.address
Default value: 0.0.0.0:50010
The datanode server address and port for data transfer.

dfs.datanode.http.address
Default value: 0.0.0.0:50075
The datanode http server address and port.

dfs.namenode.secondary.http-address (or dfs.secondary.http.address depending on the version)
Default value: 0.0.0.0:50090
The secondary namenode http server address and port.

dfs.namenode.backup.http-address (or dfs.backup.http.address depending on the version)
Default value: 0.0.0.0:50105
The backup node http server address and port.

mapreduce.jobtracker.address (or mapred.job.tracker depending on the version)
Default value: local (Common port values are 8021, 9001, or 8012)
The host and port that the MapReduce job tracker runs at. If "local", then jobs are run in-process as a single map and reduce task.

mapreduce.tasktracker.report.address (or mapred.task.tracker.report.address depending on the version)
Default value: 127.0.0.1:0
The interface and port that task tracker server listens on. Since it is only connected to by the tasks, it uses the local interface. EXPERT ONLY. Should only be changed if your host does not have the loopback interface.

mapreduce.jobtracker.http.address (or mapred.job.tracker.http.address depending on the version)
Default value: 0.0.0.0:50030
The job tracker http server address and port the server will listen on.

mapreduce.tasktracker.http.address (or mapred.task.tracker.http.address depending on the version)
Default value: 0.0.0.0:50060
The task tracker http server address and port.


A port number of 0 instructs the server to start on a free port: this is discouraged, since it is incompatible with setting cluster-wide firewall policies.
References
http://blog.cloudera.com/blog/2009/08/hadoop-default-ports-quick-reference/
http://hadoop.apache.org/docs/current/hadoop-mapreduce-client/hadoop-mapreduce-client-core/mapred-default.xml
http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/core-default.xml
http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/hdfs-default.xml
http://hadoop.apache.org/docs/r0.23.8/hadoop-project-dist/hadoop-common/DeprecatedProperties.html
http://hadoop.apache.org/docs/r1.0.4/mapred-default.html
http://hadoop.apache.org/docs/stable/hdfs-default.html
VMSKey
STIGID

Additional information including fix script information is available in the licensed versions of Application Security's DbProtect and AppDetectivePro solutions.

Powered by