[jira] [Updated] (OOZIE-1814) Oozie should mask any passwords in logs and REST interfaces

Fri, 23 Sep 2016 04:20:08 -0700 

     [ 
https://issues.apache.org/jira/browse/OOZIE-1814?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andras Piros updated OOZIE-1814:
--------------------------------
    Description: 
Following passwords are currently visible in the instrumentation log, REST 
endpoints, WebUI, and CLI (WebUI and CLI simply call the REST endpoints):

* {{javax.net.ssl.trustStorePassword}}
* {{oozie.https.keystore.pass}}
* {{HADOOP_CREDSTORE_PASSWORD}}
* {{OOZIE_HTTPS_KEYSTORE_PASSWORD}}
* {{OOZIE_HTTPS_TRUSTSTORE_PASSWORD}}

There are a few examples that illustrate password leakage.

{noformat}
# grep -i pass /var/log/oozie/oozie-instrumentation.log
    OOZIE_HTTPS_TRUSTSTORE_PASSWORD = password
    javax.net.ssl.trustStorePassword = password
    oozie.https.keystore.pass = password
    HADOOP_CREDSTORE_PASSWORD = password
    OOZIE_HTTPS_KEYSTORE_PASSWORD = password
    CATALINA_OPTS = -Xms603979776 -Xmx603979776 -XX:+HeapDumpOnOutOfMemoryError 
-XX:HeapDumpPath=/tmp/OOZIE-1_OOZIE-1-OOZIE_SERVER-2e75cc1293d9058eef7250a18f347c43_pid30867.hprof
 -XX:OnOutOfMemoryError=/usr/lib64/cmf/service/common/killparent.sh 
-Doozie.home.dir=/usr/lib/oozie 
-Doozie.config.dir=/var/run/cloudera-scm-agent/process/320-oozie-OOZIE_SERVER 
-Doozie.log.dir=/var/log/oozie 
-Doozie.log.file=oozie-cmf-OOZIE-1-OOZIE_SERVER-nightly-1.gce.cloudera.com.log.out
 -Doozie.config.file=oozie-site.xml -Doozie.log4j.file=log4j.properties 
-Doozie.log4j.reload=10 -Doozie.http.hostname=nightly-1.gce.cloudera.com 
-Doozie.http.port=11000 -Djava.net.preferIPv4Stack=true 
-Doozie.admin.port=11001 -Dderby.stream.error.file=/var/log/oozie/derby.log 
-Doozie.instance.id=nightly-1.gce.cloudera.com 
-Djava.library.path=/usr/lib/hadoop/lib/native -Doozie.https.port=11443 
-Djavax.net.ssl.trustStore=/etc/cdep-ssl-conf/CA_STANDARD/truststore.jks 
-Djavax.net.ssl.trustStorePassword=password
{noformat}

Oozie dumps the env vars and Java sys props to the instrumentation log on 
startup.

{noformat}
# curl --negotiate -u foo:bar -k 
https://nightly-1.gce.cloudera.com:11443/oozie/v2/admin/os-env | python -m 
json.tool | grep -i pass
"CATALINA_OPTS": "-Xms603979776 -Xmx603979776 -XX:+HeapDumpOnOutOfMemoryError 
-XX:HeapDumpPath=/tmp/OOZIE-1_OOZIE-1-OOZIE_SERVER-2e75cc1293d9058eef7250a18f347c43_pid30867.hprof
 -XX:OnOutOfMemoryError=/usr/lib64/cmf/service/common/killparent.sh 
-Doozie.home.dir=/usr/lib/oozie 
-Doozie.config.dir=/var/run/cloudera-scm-agent/process/320-oozie-OOZIE_SERVER 
-Doozie.log.dir=/var/log/oozie 
-Doozie.log.file=oozie-cmf-OOZIE-1-OOZIE_SERVER-nightly-1.gce.cloudera.com.log.out
 -Doozie.config.file=oozie-site.xml -Doozie.log4j.file=log4j.properties 
-Doozie.log4j.reload=10 -Doozie.http.hostname=nightly-1.gce.cloudera.com 
-Doozie.http.port=11000 -Djava.net.preferIPv4Stack=true 
-Doozie.admin.port=11001 -Dderby.stream.error.file=/var/log/oozie/derby.log 
-Doozie.instance.id=nightly-1.gce.cloudera.com 
-Djava.library.path=/usr/lib/hadoop/lib/native -Doozie.https.port=11443 
-Djavax.net.ssl.trustStore=/etc/cdep-ssl-conf/CA_STANDARD/truststore.jks 
-Djavax.net.ssl.trustStorePassword=password ",
    "HADOOP_CREDSTORE_PASSWORD": "password",
    "OOZIE_HTTPS_KEYSTORE_PASSWORD": "password",
    "OOZIE_HTTPS_TRUSTSTORE_PASSWORD": "password",
{noformat}

{noformat}
# curl --negotiate -u foo:bar -k 
https://nightly-1.gce.cloudera.com:11443/oozie/v2/admin/java-sys-properties | 
python -m json.tool | grep -i pass
    "javax.net.ssl.trustStorePassword": "password",
    "oozie.https.keystore.pass": "password",
{noformat}

The REST API has two endpoints, {{admin/os-env}} and 
{{admin/java-sys-properties}}, which are also available in the Web UI and CLI.  
These expose the env vars and Java sys props too.

We should mask these like we do for the configuration endpoint.

> Oozie should mask any passwords in logs and REST interfaces
> -----------------------------------------------------------
>
>                 Key: OOZIE-1814
>                 URL: https://issues.apache.org/jira/browse/OOZIE-1814
>             Project: Oozie
>          Issue Type: Bug
>    Affects Versions: trunk
>            Reporter: Bowen Zhang
>            Assignee: Andras Piros
>              Labels: newbie
>         Attachments: oozie-1814.patch
>
>
> Following passwords are currently visible in the instrumentation log, REST 
> endpoints, WebUI, and CLI (WebUI and CLI simply call the REST endpoints):
> * {{javax.net.ssl.trustStorePassword}}
> * {{oozie.https.keystore.pass}}
> * {{HADOOP_CREDSTORE_PASSWORD}}
> * {{OOZIE_HTTPS_KEYSTORE_PASSWORD}}
> * {{OOZIE_HTTPS_TRUSTSTORE_PASSWORD}}
> There are a few examples that illustrate password leakage.
> {noformat}
> # grep -i pass /var/log/oozie/oozie-instrumentation.log
>     OOZIE_HTTPS_TRUSTSTORE_PASSWORD = password
>     javax.net.ssl.trustStorePassword = password
>     oozie.https.keystore.pass = password
>     HADOOP_CREDSTORE_PASSWORD = password
>     OOZIE_HTTPS_KEYSTORE_PASSWORD = password
>     CATALINA_OPTS = -Xms603979776 -Xmx603979776 
> -XX:+HeapDumpOnOutOfMemoryError 
> -XX:HeapDumpPath=/tmp/OOZIE-1_OOZIE-1-OOZIE_SERVER-2e75cc1293d9058eef7250a18f347c43_pid30867.hprof
>  -XX:OnOutOfMemoryError=/usr/lib64/cmf/service/common/killparent.sh 
> -Doozie.home.dir=/usr/lib/oozie 
> -Doozie.config.dir=/var/run/cloudera-scm-agent/process/320-oozie-OOZIE_SERVER 
> -Doozie.log.dir=/var/log/oozie 
> -Doozie.log.file=oozie-cmf-OOZIE-1-OOZIE_SERVER-nightly-1.gce.cloudera.com.log.out
>  -Doozie.config.file=oozie-site.xml -Doozie.log4j.file=log4j.properties 
> -Doozie.log4j.reload=10 -Doozie.http.hostname=nightly-1.gce.cloudera.com 
> -Doozie.http.port=11000 -Djava.net.preferIPv4Stack=true 
> -Doozie.admin.port=11001 -Dderby.stream.error.file=/var/log/oozie/derby.log 
> -Doozie.instance.id=nightly-1.gce.cloudera.com 
> -Djava.library.path=/usr/lib/hadoop/lib/native -Doozie.https.port=11443 
> -Djavax.net.ssl.trustStore=/etc/cdep-ssl-conf/CA_STANDARD/truststore.jks 
> -Djavax.net.ssl.trustStorePassword=password
> {noformat}
> Oozie dumps the env vars and Java sys props to the instrumentation log on 
> startup.
> {noformat}
> # curl --negotiate -u foo:bar -k 
> https://nightly-1.gce.cloudera.com:11443/oozie/v2/admin/os-env | python -m 
> json.tool | grep -i pass
> "CATALINA_OPTS": "-Xms603979776 -Xmx603979776 -XX:+HeapDumpOnOutOfMemoryError 
> -XX:HeapDumpPath=/tmp/OOZIE-1_OOZIE-1-OOZIE_SERVER-2e75cc1293d9058eef7250a18f347c43_pid30867.hprof
>  -XX:OnOutOfMemoryError=/usr/lib64/cmf/service/common/killparent.sh 
> -Doozie.home.dir=/usr/lib/oozie 
> -Doozie.config.dir=/var/run/cloudera-scm-agent/process/320-oozie-OOZIE_SERVER 
> -Doozie.log.dir=/var/log/oozie 
> -Doozie.log.file=oozie-cmf-OOZIE-1-OOZIE_SERVER-nightly-1.gce.cloudera.com.log.out
>  -Doozie.config.file=oozie-site.xml -Doozie.log4j.file=log4j.properties 
> -Doozie.log4j.reload=10 -Doozie.http.hostname=nightly-1.gce.cloudera.com 
> -Doozie.http.port=11000 -Djava.net.preferIPv4Stack=true 
> -Doozie.admin.port=11001 -Dderby.stream.error.file=/var/log/oozie/derby.log 
> -Doozie.instance.id=nightly-1.gce.cloudera.com 
> -Djava.library.path=/usr/lib/hadoop/lib/native -Doozie.https.port=11443 
> -Djavax.net.ssl.trustStore=/etc/cdep-ssl-conf/CA_STANDARD/truststore.jks 
> -Djavax.net.ssl.trustStorePassword=password ",
>     "HADOOP_CREDSTORE_PASSWORD": "password",
>     "OOZIE_HTTPS_KEYSTORE_PASSWORD": "password",
>     "OOZIE_HTTPS_TRUSTSTORE_PASSWORD": "password",
> {noformat}
> {noformat}
> # curl --negotiate -u foo:bar -k 
> https://nightly-1.gce.cloudera.com:11443/oozie/v2/admin/java-sys-properties | 
> python -m json.tool | grep -i pass
>     "javax.net.ssl.trustStorePassword": "password",
>     "oozie.https.keystore.pass": "password",
> {noformat}
> The REST API has two endpoints, {{admin/os-env}} and 
> {{admin/java-sys-properties}}, which are also available in the Web UI and 
> CLI.  These expose the env vars and Java sys props too.
> We should mask these like we do for the configuration endpoint.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to