diff --git a/dev-support/ranger-docker/config/ozone/ranger-ozone-plugin-install.properties b/dev-support/ranger-docker/config/ozone/ranger-ozone-plugin-install.properties index b0e4ee1955..4fc7b9991c 100644 --- a/dev-support/ranger-docker/config/ozone/ranger-ozone-plugin-install.properties +++ b/dev-support/ranger-docker/config/ozone/ranger-ozone-plugin-install.properties @@ -46,6 +46,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/ozone/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% XAAUDIT.ELASTICSEARCH.ENABLE=false XAAUDIT.ELASTICSEARCH.URL=NONE diff --git a/dev-support/ranger-docker/scripts/ranger-hbase-plugin-install.properties b/dev-support/ranger-docker/scripts/ranger-hbase-plugin-install.properties index 11734b3d24..b33f97ff84 100644 --- a/dev-support/ranger-docker/scripts/ranger-hbase-plugin-install.properties +++ b/dev-support/ranger-docker/scripts/ranger-hbase-plugin-install.properties @@ -48,6 +48,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hadoop/hbase/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% XAAUDIT.ELASTICSEARCH.ENABLE=false XAAUDIT.ELASTICSEARCH.URL=NONE diff --git a/dev-support/ranger-docker/scripts/ranger-hdfs-plugin-install.properties b/dev-support/ranger-docker/scripts/ranger-hdfs-plugin-install.properties index 83b171025d..4642b67e7d 100644 --- a/dev-support/ranger-docker/scripts/ranger-hdfs-plugin-install.properties +++ b/dev-support/ranger-docker/scripts/ranger-hdfs-plugin-install.properties @@ -45,6 +45,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hadoop/hdfs/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% XAAUDIT.ELASTICSEARCH.ENABLE=false XAAUDIT.ELASTICSEARCH.URL=NONE diff --git a/dev-support/ranger-docker/scripts/ranger-hive-plugin-install.properties b/dev-support/ranger-docker/scripts/ranger-hive-plugin-install.properties index 1a5dde9ae3..70c49cd31f 100644 --- a/dev-support/ranger-docker/scripts/ranger-hive-plugin-install.properties +++ b/dev-support/ranger-docker/scripts/ranger-hive-plugin-install.properties @@ -46,6 +46,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hive/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% XAAUDIT.ELASTICSEARCH.ENABLE=false XAAUDIT.ELASTICSEARCH.URL=NONE diff --git a/dev-support/ranger-docker/scripts/ranger-kafka-plugin-install.properties b/dev-support/ranger-docker/scripts/ranger-kafka-plugin-install.properties index fb9900c156..7f888151eb 100644 --- a/dev-support/ranger-docker/scripts/ranger-kafka-plugin-install.properties +++ b/dev-support/ranger-docker/scripts/ranger-kafka-plugin-install.properties @@ -48,6 +48,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/kafka/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% XAAUDIT.ELASTICSEARCH.ENABLE=false XAAUDIT.ELASTICSEARCH.URL=NONE diff --git a/dev-support/ranger-docker/scripts/ranger-kms-install-mysql.properties b/dev-support/ranger-docker/scripts/ranger-kms-install-mysql.properties index ed7ab2d82a..ae62c50e29 100755 --- a/dev-support/ranger-docker/scripts/ranger-kms-install-mysql.properties +++ b/dev-support/ranger-docker/scripts/ranger-kms-install-mysql.properties @@ -163,6 +163,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hive/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% XAAUDIT.ELASTICSEARCH.ENABLE=false XAAUDIT.ELASTICSEARCH.URL=NONE diff --git a/dev-support/ranger-docker/scripts/ranger-kms-install-oracle.properties b/dev-support/ranger-docker/scripts/ranger-kms-install-oracle.properties index 33097eb404..84286f0f99 100755 --- a/dev-support/ranger-docker/scripts/ranger-kms-install-oracle.properties +++ b/dev-support/ranger-docker/scripts/ranger-kms-install-oracle.properties @@ -163,6 +163,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hive/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% XAAUDIT.ELASTICSEARCH.ENABLE=false XAAUDIT.ELASTICSEARCH.URL=NONE diff --git a/dev-support/ranger-docker/scripts/ranger-kms-install-postgres.properties b/dev-support/ranger-docker/scripts/ranger-kms-install-postgres.properties index 35a3690078..d99f3ec8cf 100755 --- a/dev-support/ranger-docker/scripts/ranger-kms-install-postgres.properties +++ b/dev-support/ranger-docker/scripts/ranger-kms-install-postgres.properties @@ -163,6 +163,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hive/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% XAAUDIT.ELASTICSEARCH.ENABLE=false XAAUDIT.ELASTICSEARCH.URL=NONE diff --git a/dev-support/ranger-docker/scripts/ranger-kms-install-sqlserver.properties b/dev-support/ranger-docker/scripts/ranger-kms-install-sqlserver.properties index 04c96989be..2fb6a8aa52 100644 --- a/dev-support/ranger-docker/scripts/ranger-kms-install-sqlserver.properties +++ b/dev-support/ranger-docker/scripts/ranger-kms-install-sqlserver.properties @@ -162,6 +162,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hive/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% XAAUDIT.ELASTICSEARCH.ENABLE=false XAAUDIT.ELASTICSEARCH.URL=NONE diff --git a/dev-support/ranger-docker/scripts/ranger-knox-plugin-install.properties b/dev-support/ranger-docker/scripts/ranger-knox-plugin-install.properties index 2e05ddafe2..7c6531d584 100644 --- a/dev-support/ranger-docker/scripts/ranger-knox-plugin-install.properties +++ b/dev-support/ranger-docker/scripts/ranger-knox-plugin-install.properties @@ -45,6 +45,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/knox/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% XAAUDIT.ELASTICSEARCH.ENABLE=false XAAUDIT.ELASTICSEARCH.URL=NONE diff --git a/dev-support/ranger-docker/scripts/ranger-yarn-plugin-install.properties b/dev-support/ranger-docker/scripts/ranger-yarn-plugin-install.properties index 52ebb83df0..a61a898965 100644 --- a/dev-support/ranger-docker/scripts/ranger-yarn-plugin-install.properties +++ b/dev-support/ranger-docker/scripts/ranger-yarn-plugin-install.properties @@ -45,6 +45,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hadoop/yarn/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% XAAUDIT.ELASTICSEARCH.ENABLE=false XAAUDIT.ELASTICSEARCH.URL=NONE diff --git a/hbase-agent/conf/ranger-hbase-audit-changes.cfg b/hbase-agent/conf/ranger-hbase-audit-changes.cfg index a743db457d..15d19e5800 100644 --- a/hbase-agent/conf/ranger-hbase-audit-changes.cfg +++ b/hbase-agent/conf/ranger-hbase-audit-changes.cfg @@ -47,6 +47,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/hbase-agent/scripts/install.properties b/hbase-agent/scripts/install.properties index d105049127..4ad1269b02 100644 --- a/hbase-agent/scripts/install.properties +++ b/hbase-agent/scripts/install.properties @@ -55,6 +55,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hbase/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example diff --git a/hdfs-agent/conf/ranger-hdfs-audit-changes.cfg b/hdfs-agent/conf/ranger-hdfs-audit-changes.cfg index 8e0e158d72..49244c66bd 100644 --- a/hdfs-agent/conf/ranger-hdfs-audit-changes.cfg +++ b/hdfs-agent/conf/ranger-hdfs-audit-changes.cfg @@ -44,6 +44,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/hdfs-agent/scripts/install.properties b/hdfs-agent/scripts/install.properties index 698638b72e..fedecc1d25 100644 --- a/hdfs-agent/scripts/install.properties +++ b/hdfs-agent/scripts/install.properties @@ -49,6 +49,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hadoop/hdfs/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example diff --git a/hive-agent/conf/ranger-hive-audit-changes.cfg b/hive-agent/conf/ranger-hive-audit-changes.cfg index ec98baf3aa..651372d3ee 100644 --- a/hive-agent/conf/ranger-hive-audit-changes.cfg +++ b/hive-agent/conf/ranger-hive-audit-changes.cfg @@ -45,6 +45,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/hive-agent/scripts/install.properties b/hive-agent/scripts/install.properties index e64e5e0c49..4d8976b6d8 100644 --- a/hive-agent/scripts/install.properties +++ b/hive-agent/scripts/install.properties @@ -52,6 +52,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hive/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example diff --git a/kms/scripts/install.properties b/kms/scripts/install.properties index 5693741cc3..499ebbaece 100755 --- a/kms/scripts/install.properties +++ b/kms/scripts/install.properties @@ -197,6 +197,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/ranger/kms/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example diff --git a/knox-agent/conf/ranger-knox-audit-changes.cfg b/knox-agent/conf/ranger-knox-audit-changes.cfg index ec98baf3aa..651372d3ee 100644 --- a/knox-agent/conf/ranger-knox-audit-changes.cfg +++ b/knox-agent/conf/ranger-knox-audit-changes.cfg @@ -45,6 +45,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/knox-agent/scripts/install.properties b/knox-agent/scripts/install.properties index cb1ccf80c8..d4cfa5202b 100644 --- a/knox-agent/scripts/install.properties +++ b/knox-agent/scripts/install.properties @@ -47,6 +47,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/knox/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example @@ -173,4 +183,4 @@ CUSTOM_USER=knox # Custom component group # CUSTOM_COMPONENT_GROUP= # keep blank if component group is default -CUSTOM_GROUP=knox \ No newline at end of file +CUSTOM_GROUP=knox diff --git a/plugin-atlas/scripts/install.properties b/plugin-atlas/scripts/install.properties index c5b6eb882d..fdcdbd3ec2 100644 --- a/plugin-atlas/scripts/install.properties +++ b/plugin-atlas/scripts/install.properties @@ -51,6 +51,16 @@ XAAUDIT.SOLR.URL=NONE XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example diff --git a/plugin-elasticsearch/conf/ranger-elasticsearch-audit-changes.cfg b/plugin-elasticsearch/conf/ranger-elasticsearch-audit-changes.cfg index ec98baf3aa..651372d3ee 100644 --- a/plugin-elasticsearch/conf/ranger-elasticsearch-audit-changes.cfg +++ b/plugin-elasticsearch/conf/ranger-elasticsearch-audit-changes.cfg @@ -45,6 +45,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/plugin-elasticsearch/scripts/install.properties b/plugin-elasticsearch/scripts/install.properties index fb2b40b858..971b7c7970 100644 --- a/plugin-elasticsearch/scripts/install.properties +++ b/plugin-elasticsearch/scripts/install.properties @@ -49,6 +49,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/elasticsearch/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example diff --git a/plugin-kafka/conf/ranger-kafka-audit-changes.cfg b/plugin-kafka/conf/ranger-kafka-audit-changes.cfg index 94c2d24cac..1903d98ca6 100644 --- a/plugin-kafka/conf/ranger-kafka-audit-changes.cfg +++ b/plugin-kafka/conf/ranger-kafka-audit-changes.cfg @@ -38,6 +38,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/plugin-kafka/scripts/install.properties b/plugin-kafka/scripts/install.properties index 21f718b7f1..12736c5b7c 100644 --- a/plugin-kafka/scripts/install.properties +++ b/plugin-kafka/scripts/install.properties @@ -50,6 +50,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/kafka/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example @@ -175,4 +185,4 @@ CUSTOM_USER=kafka # Custom component group # CUSTOM_COMPONENT_GROUP= # keep blank if component group is default -CUSTOM_GROUP=hadoop \ No newline at end of file +CUSTOM_GROUP=hadoop diff --git a/plugin-kms/conf/ranger-kms-audit-changes.cfg b/plugin-kms/conf/ranger-kms-audit-changes.cfg index 50e52a1470..d13d202887 100644 --- a/plugin-kms/conf/ranger-kms-audit-changes.cfg +++ b/plugin-kms/conf/ranger-kms-audit-changes.cfg @@ -47,6 +47,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/plugin-kylin/conf/ranger-kylin-audit-changes.cfg b/plugin-kylin/conf/ranger-kylin-audit-changes.cfg index ec98baf3aa..651372d3ee 100644 --- a/plugin-kylin/conf/ranger-kylin-audit-changes.cfg +++ b/plugin-kylin/conf/ranger-kylin-audit-changes.cfg @@ -45,6 +45,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/plugin-kylin/scripts/install.properties b/plugin-kylin/scripts/install.properties index 9d117ec365..e807b483ee 100644 --- a/plugin-kylin/scripts/install.properties +++ b/plugin-kylin/scripts/install.properties @@ -49,6 +49,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/kylin/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example diff --git a/plugin-ozone/conf/ranger-ozone-audit-changes.cfg b/plugin-ozone/conf/ranger-ozone-audit-changes.cfg index a3e2382b2a..cc15921ccc 100644 --- a/plugin-ozone/conf/ranger-ozone-audit-changes.cfg +++ b/plugin-ozone/conf/ranger-ozone-audit-changes.cfg @@ -38,6 +38,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/plugin-ozone/scripts/install.properties b/plugin-ozone/scripts/install.properties index fcb74a93e6..9285505a0c 100644 --- a/plugin-ozone/scripts/install.properties +++ b/plugin-ozone/scripts/install.properties @@ -50,6 +50,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/ozone/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example @@ -175,4 +185,4 @@ CUSTOM_USER=ozone # Custom component group # CUSTOM_COMPONENT_GROUP= # keep blank if component group is default -CUSTOM_GROUP=hadoop \ No newline at end of file +CUSTOM_GROUP=hadoop diff --git a/plugin-presto/conf/ranger-presto-audit-changes.cfg b/plugin-presto/conf/ranger-presto-audit-changes.cfg index 94c2d24cac..1903d98ca6 100644 --- a/plugin-presto/conf/ranger-presto-audit-changes.cfg +++ b/plugin-presto/conf/ranger-presto-audit-changes.cfg @@ -38,6 +38,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/plugin-presto/scripts/install.properties b/plugin-presto/scripts/install.properties index f8e8ac1782..fa3984a1ea 100644 --- a/plugin-presto/scripts/install.properties +++ b/plugin-presto/scripts/install.properties @@ -49,6 +49,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/presto/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example diff --git a/plugin-solr/conf/ranger-solr-audit-changes.cfg b/plugin-solr/conf/ranger-solr-audit-changes.cfg index 5ab43d6c1a..c40512f9df 100644 --- a/plugin-solr/conf/ranger-solr-audit-changes.cfg +++ b/plugin-solr/conf/ranger-solr-audit-changes.cfg @@ -39,6 +39,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/plugin-solr/scripts/install.properties b/plugin-solr/scripts/install.properties index 1c292f1338..fb85fb2cbd 100644 --- a/plugin-solr/scripts/install.properties +++ b/plugin-solr/scripts/install.properties @@ -50,6 +50,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/solr/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example @@ -175,4 +185,4 @@ CUSTOM_USER=solr # Custom component group # CUSTOM_COMPONENT_GROUP= # keep blank if component group is default -CUSTOM_GROUP=solr \ No newline at end of file +CUSTOM_GROUP=solr diff --git a/plugin-sqoop/conf/ranger-sqoop-audit-changes.cfg b/plugin-sqoop/conf/ranger-sqoop-audit-changes.cfg index ec98baf3aa..651372d3ee 100644 --- a/plugin-sqoop/conf/ranger-sqoop-audit-changes.cfg +++ b/plugin-sqoop/conf/ranger-sqoop-audit-changes.cfg @@ -45,6 +45,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/plugin-sqoop/scripts/install.properties b/plugin-sqoop/scripts/install.properties index 33d8813a88..23c9545fc6 100644 --- a/plugin-sqoop/scripts/install.properties +++ b/plugin-sqoop/scripts/install.properties @@ -49,6 +49,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/sqoop/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example diff --git a/plugin-trino/conf/ranger-trino-audit-changes.cfg b/plugin-trino/conf/ranger-trino-audit-changes.cfg index 94c2d24cac..1903d98ca6 100644 --- a/plugin-trino/conf/ranger-trino-audit-changes.cfg +++ b/plugin-trino/conf/ranger-trino-audit-changes.cfg @@ -38,6 +38,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/plugin-trino/scripts/install.properties b/plugin-trino/scripts/install.properties index 469b098c51..945ff26a4e 100644 --- a/plugin-trino/scripts/install.properties +++ b/plugin-trino/scripts/install.properties @@ -51,6 +51,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/trino/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example diff --git a/plugin-yarn/conf/ranger-yarn-audit-changes.cfg b/plugin-yarn/conf/ranger-yarn-audit-changes.cfg index ec98baf3aa..651372d3ee 100644 --- a/plugin-yarn/conf/ranger-yarn-audit-changes.cfg +++ b/plugin-yarn/conf/ranger-yarn-audit-changes.cfg @@ -45,6 +45,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/plugin-yarn/scripts/install.properties b/plugin-yarn/scripts/install.properties index f7eb036144..c0be7ea403 100644 --- a/plugin-yarn/scripts/install.properties +++ b/plugin-yarn/scripts/install.properties @@ -49,6 +49,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hadoop/yarn/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example diff --git a/storm-agent/conf/ranger-storm-audit-changes.cfg b/storm-agent/conf/ranger-storm-audit-changes.cfg index ec98baf3aa..651372d3ee 100644 --- a/storm-agent/conf/ranger-storm-audit-changes.cfg +++ b/storm-agent/conf/ranger-storm-audit-changes.cfg @@ -45,6 +45,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/storm-agent/scripts/install.properties b/storm-agent/scripts/install.properties index 58be387f1e..80a1ba0929 100644 --- a/storm-agent/scripts/install.properties +++ b/storm-agent/scripts/install.properties @@ -49,6 +49,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/storm/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example