You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by ey...@apache.org on 2011/10/28 19:09:02 UTC

svn commit: r1190454 - in /hadoop/common/branches/branch-0.20-security: CHANGES.txt bin/hadoop src/packages/templates/conf/hadoop-env.sh src/packages/templates/conf/log4j.properties

Author: eyang
Date: Fri Oct 28 17:09:02 2011
New Revision: 1190454

URL: http://svn.apache.org/viewvc?rev=1190454&view=rev
Log:
HADOOP-7740. Fixed security audit logger configuration. (Arpit Gupta via Eric Yang)

Modified:
    hadoop/common/branches/branch-0.20-security/CHANGES.txt
    hadoop/common/branches/branch-0.20-security/bin/hadoop
    hadoop/common/branches/branch-0.20-security/src/packages/templates/conf/hadoop-env.sh
    hadoop/common/branches/branch-0.20-security/src/packages/templates/conf/log4j.properties

Modified: hadoop/common/branches/branch-0.20-security/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security/CHANGES.txt?rev=1190454&r1=1190453&r2=1190454&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security/CHANGES.txt (original)
+++ hadoop/common/branches/branch-0.20-security/CHANGES.txt Fri Oct 28 17:09:02 2011
@@ -69,6 +69,8 @@ Release 0.20.205.1 - unreleased
 
   BUG FIXES
 
+    HADOOP-7740. Fixed security audit logger configuration. (Arpit Gupta via Eric Yang)
+
     HADOOP-7765. Clean packaging working directory for Debian packaging.
     (Eric Yang)
 

Modified: hadoop/common/branches/branch-0.20-security/bin/hadoop
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security/bin/hadoop?rev=1190454&r1=1190453&r2=1190454&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security/bin/hadoop (original)
+++ hadoop/common/branches/branch-0.20-security/bin/hadoop Fri Oct 28 17:09:02 2011
@@ -363,7 +363,8 @@ HADOOP_OPTS="$HADOOP_OPTS -Dhadoop.home.
 HADOOP_OPTS="$HADOOP_OPTS -Dhadoop.id.str=$HADOOP_IDENT_STRING"
 HADOOP_OPTS="$HADOOP_OPTS -Dhadoop.root.logger=${HADOOP_ROOT_LOGGER:-INFO,console}"
 
-if [ $COMMAND = "namenode" ]; then
+#turn security logger on the namenode and jobtracker only
+if [ $COMMAND = "namenode" ] || [ $COMMAND = "jobtracker" ]; then
   HADOOP_OPTS="$HADOOP_OPTS -Dhadoop.security.logger=${HADOOP_SECURITY_LOGGER:-INFO,DRFAS}"
 else
   HADOOP_OPTS="$HADOOP_OPTS -Dhadoop.security.logger=${HADOOP_SECURITY_LOGGER:-INFO,NullAppender}"

Modified: hadoop/common/branches/branch-0.20-security/src/packages/templates/conf/hadoop-env.sh
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security/src/packages/templates/conf/hadoop-env.sh?rev=1190454&r1=1190453&r2=1190454&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security/src/packages/templates/conf/hadoop-env.sh (original)
+++ hadoop/common/branches/branch-0.20-security/src/packages/templates/conf/hadoop-env.sh Fri Oct 28 17:09:02 2011
@@ -17,12 +17,12 @@ export HADOOP_CONF_DIR=${HADOOP_CONF_DIR
 export HADOOP_OPTS="-Djava.net.preferIPv4Stack=true $HADOOP_CLIENT_OPTS"
 
 # Command specific options appended to HADOOP_OPTS when specified
-export HADOOP_NAMENODE_OPTS="-Dsecurity.audit.logger=INFO,DRFAS -Dhdfs.audit.logger=INFO,DRFAAUDIT $HADOOP_NAMENODE_OPTS"
-HADOOP_JOBTRACKER_OPTS="-Dsecurity.audit.logger=INFO,DRFAS -Dmapred.audit.logger=INFO,MRAUDIT -Dhadoop.mapreduce.jobsummary.logger=INFO,JSA $HADOOP_JOBTRACKER_OPTS"
-HADOOP_TASKTRACKER_OPTS="-Dsecurity.audit.logger=ERROR,console -Dmapred.audit.logger=ERROR,console $HADOOP_TASKTRACKER_OPTS"
-HADOOP_DATANODE_OPTS="-Dsecurity.audit.logger=ERROR,DRFAS $HADOOP_DATANODE_OPTS"
+export HADOOP_NAMENODE_OPTS="-Dhadoop.security.logger=INFO,DRFAS -Dhdfs.audit.logger=INFO,DRFAAUDIT $HADOOP_NAMENODE_OPTS"
+HADOOP_JOBTRACKER_OPTS="-Dhadoop.security.logger=INFO,DRFAS -Dmapred.audit.logger=INFO,MRAUDIT -Dhadoop.mapreduce.jobsummary.logger=INFO,JSA $HADOOP_JOBTRACKER_OPTS"
+HADOOP_TASKTRACKER_OPTS="-Dhadoop.security.logger=ERROR,console -Dmapred.audit.logger=ERROR,console $HADOOP_TASKTRACKER_OPTS"
+HADOOP_DATANODE_OPTS="-Dhadoop.security.logger=ERROR,DRFAS $HADOOP_DATANODE_OPTS"
 
-export HADOOP_SECONDARYNAMENODE_OPTS="-Dsecurity.audit.logger=INFO,DRFAS -Dhdfs.audit.logger=INFO,DRFAAUDIT $HADOOP_SECONDARYNAMENODE_OPTS"
+export HADOOP_SECONDARYNAMENODE_OPTS="-Dhadoop.security.logger=INFO,DRFAS -Dhdfs.audit.logger=INFO,DRFAAUDIT $HADOOP_SECONDARYNAMENODE_OPTS"
 
 # The following applies to multiple commands (fs, dfs, fsck, distcp etc)
 export HADOOP_CLIENT_OPTS="-Xmx128m $HADOOP_CLIENT_OPTS"

Modified: hadoop/common/branches/branch-0.20-security/src/packages/templates/conf/log4j.properties
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security/src/packages/templates/conf/log4j.properties?rev=1190454&r1=1190453&r2=1190454&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security/src/packages/templates/conf/log4j.properties (original)
+++ hadoop/common/branches/branch-0.20-security/src/packages/templates/conf/log4j.properties Fri Oct 28 17:09:02 2011
@@ -81,7 +81,8 @@ log4j.appender.TLA.layout.ConversionPatt
 #
 #Security audit appender
 #
-security.audit.logger=INFO,console
+hadoop.security.logger=INFO,console
+log4j.category.SecurityLogger=${hadoop.security.logger}
 hadoop.security.log.file=SecurityAuth.audit
 log4j.appender.DRFAS=org.apache.log4j.DailyRollingFileAppender 
 log4j.appender.DRFAS.File=${hadoop.log.dir}/${hadoop.security.log.file}
@@ -89,10 +90,6 @@ log4j.appender.DRFAS.layout=org.apache.l
 log4j.appender.DRFAS.layout.ConversionPattern=%d{ISO8601} %p %c: %m%n
 log4j.appender.DRFAS.DatePattern=.yyyy-MM-dd
 
-#new logger
-log4j.logger.SecurityLogger=OFF,console
-log4j.logger.SecurityLogger.additivity=false
-
 #
 # hdfs audit logging
 #