You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@zookeeper.apache.org by Flavio Junqueira <fp...@apache.org> on 2017/06/03 15:10:59 UTC
Re: How to secure zookeeper?
This is not exactly what you are after, but in 3.4.10 you can whitelist specific commands, see the documentation here:
https://zookeeper.apache.org/doc/r3.4.10/zookeeperAdmin.html <https://zookeeper.apache.org/doc/r3.4.10/zookeeperAdmin.html>
and search for:
4lw.commands.whitelist
Otherwise, I don't know how else you'd be able to protect access to 4lw other than use a firewall.
-Flavio
> On 31 May 2017, at 10:34, Novin Novin <to...@gmail.com> wrote:
>
> One more thing I like to add I'm using zookeeper version 3.4.8
> On Wed, 31 May 2017 at 09:32 Novin Novin <to...@gmail.com> wrote:
>
>> Hi Guys,
>>
>> I'm newbie to zookeeper. I have setup zookeeper ensemble for SolrCloud and
>> using acls.
>>
>> But I'm worry about here for security of 4 character commands. I am able
>> to run 4 character from outside of ensemble and also able to connect with
>> zookeeper. I really don't want to turn off these commands because these
>> are really handy for administration.
>>
>> Is there any way to protect those 4 character commands for zookeeper other
>> than firewall?
>>
>> Any help would be appreciated.
>>
>> Cheers,
>> Navin
>>
>>
Re: How to secure zookeeper?
Posted by Michael Han <ha...@cloudera.com>.
We just published a blog about 4lw and security today which provides more
context about history and possible solutions, hope this also helps.
https://blog.cloudera.com/blog/2017/06/apache-zookeeper-four-letter-words-and-security/
On Sat, Jun 3, 2017 at 9:43 AM, Novin Novin <to...@gmail.com> wrote:
> thanks Flavio
>
> On Sat, 3 Jun 2017 at 16:11 Flavio Junqueira <fp...@apache.org> wrote:
>
> > This is not exactly what you are after, but in 3.4.10 you can whitelist
> > specific commands, see the documentation here:
> >
> > https://zookeeper.apache.org/doc/r3.4.10/zookeeperAdmin.html <
> > https://zookeeper.apache.org/doc/r3.4.10/zookeeperAdmin.html>
> >
> > and search for:
> > 4lw.commands.whitelist
> > Otherwise, I don't know how else you'd be able to protect access to 4lw
> > other than use a firewall.
> >
> > -Flavio
> >
> > > On 31 May 2017, at 10:34, Novin Novin <to...@gmail.com> wrote:
> > >
> > > One more thing I like to add I'm using zookeeper version 3.4.8
> > > On Wed, 31 May 2017 at 09:32 Novin Novin <to...@gmail.com> wrote:
> > >
> > >> Hi Guys,
> > >>
> > >> I'm newbie to zookeeper. I have setup zookeeper ensemble for SolrCloud
> > and
> > >> using acls.
> > >>
> > >> But I'm worry about here for security of 4 character commands. I am
> able
> > >> to run 4 character from outside of ensemble and also able to connect
> > with
> > >> zookeeper. I really don't want to turn off these commands because
> > these
> > >> are really handy for administration.
> > >>
> > >> Is there any way to protect those 4 character commands for zookeeper
> > other
> > >> than firewall?
> > >>
> > >> Any help would be appreciated.
> > >>
> > >> Cheers,
> > >> Navin
> > >>
> > >>
> >
> >
>
--
Cheers
Michael.
Re: How to secure zookeeper?
Posted by Novin Novin <to...@gmail.com>.
thanks Flavio
On Sat, 3 Jun 2017 at 16:11 Flavio Junqueira <fp...@apache.org> wrote:
> This is not exactly what you are after, but in 3.4.10 you can whitelist
> specific commands, see the documentation here:
>
> https://zookeeper.apache.org/doc/r3.4.10/zookeeperAdmin.html <
> https://zookeeper.apache.org/doc/r3.4.10/zookeeperAdmin.html>
>
> and search for:
> 4lw.commands.whitelist
> Otherwise, I don't know how else you'd be able to protect access to 4lw
> other than use a firewall.
>
> -Flavio
>
> > On 31 May 2017, at 10:34, Novin Novin <to...@gmail.com> wrote:
> >
> > One more thing I like to add I'm using zookeeper version 3.4.8
> > On Wed, 31 May 2017 at 09:32 Novin Novin <to...@gmail.com> wrote:
> >
> >> Hi Guys,
> >>
> >> I'm newbie to zookeeper. I have setup zookeeper ensemble for SolrCloud
> and
> >> using acls.
> >>
> >> But I'm worry about here for security of 4 character commands. I am able
> >> to run 4 character from outside of ensemble and also able to connect
> with
> >> zookeeper. I really don't want to turn off these commands because
> these
> >> are really handy for administration.
> >>
> >> Is there any way to protect those 4 character commands for zookeeper
> other
> >> than firewall?
> >>
> >> Any help would be appreciated.
> >>
> >> Cheers,
> >> Navin
> >>
> >>
>
>