In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-06 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)05/31 Report--
Editor to share with you what to do when there is an information leak in Apache HBase. I believe most people don't know much about it, so share this article for your reference. I hope you will gain a lot after reading this article. Let's learn about it together.
Apache HBase has problems with remote denial of service, discovery of information disclosure vulnerabilities, and information integrity.
The affected versions are:
HBase 0.98.0-0.98.12
HBase 1.0.0-1.0.1
HBase 1.1.0
HBase 0.96 (affected)
A logic error causes the most secure configuration of HBase to be deployed to ZooKeeper to deal with ACLs whose coordination state is not secure. Anyone can log in to ZooKeeper through remote access, and related HBase clients will be reduced or even completely unavailable. Any authorized user connected to the HBase cluster can modify the parameters and see the HBase data information that they do not have permission to see.
We recommend that HBase users upgrade and update their corresponding patch versions (e.g. 0.98.12.1, 1.0.1.1, 1.1.0.1) to ensure that correct ACLs information can be written. Any of these patches can be upgraded with zero downtime upgrade [1]. Because this logical bug can mask some configuration errors, we encourage users to verify the deployment before starting the upgrade process [2].
Once the user upgrades to the appropriate version, the user must execute a series of ZooKeeper instructions on the ZooKeeper client. For more information about using ZooKeeper client security settings, please refer to the ZooKeeper file [3].
SetAcl / hbase world:anyone:r,sasl:hbase:cdrwa
SetAcl / hbase/backup-masters sasl:hbase:cdrwa
SetAcl / hbase/draining sasl:hbase:cdrwa
SetAcl / hbase/flush-table-proc sasl:hbase:cdrwa
SetAcl / hbase/hbaseid world:anyone:r,sasl:hbase:cdrwa
SetAcl / hbase/master world:anyone:r,sasl:hbase:cdrwa
SetAcl / hbase/meta-region-server world:anyone:r,sasl:hbase:cdrwa
SetAcl / hbase/namespace sasl:hbase:cdrwa
SetAcl / hbase/online-snapshot sasl:hbase:cdrwa
SetAcl / hbase/region-in-transition sasl:hbase:cdrwa
SetAcl / hbase/recovering-regions sasl:hbase:cdrwa
SetAcl / hbase/replication sasl:hbase:cdrwa
SetAcl / hbase/rs sasl:hbase:cdrwa
SetAcl / hbase/running sasl:hbase:cdrwa
SetAcl / hbase/splitWAL sasl:hbase:cdrwa
SetAcl / hbase/table sasl:hbase:cdrwa
SetAcl / hbase/table-lock sasl:hbase:cdrwa
SetAcl / hbase/tokenauth sasl:hbase:cdrwa
The above is all the content of this article "what to do if there is an information leak in Apache HBase". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
