Chapter 8. Accounting
So far in this part of the book, we’ve described how to properly identify and authenticate users and services, as well as how authorization controls limit what users and services can do in the cluster. While all of these various controls do a good job defining and enforcing a security model for a Hadoop cluster, they do not complete a fundamental component of a security model: accounting. Also referred to as auditing, accounting is the mechanism to keep track of what users and services are doing in the cluster. This is a critical piece of the security puzzle because without it, breaches in security can occur without anybody noticing. Accounting rounds out a security model by providing a record of what happened, which can be used for:
- Active auditing
-
This type of auditing is used in conjunction with some kind of alerting mechanism. For example, if a user tries to access a resource on the cluster and is denied, active auditing could generate an email to security administrators alerting them of this event.
- Passive auditing
-
This refers to auditing that does not generate some kind of alert. Passive auditing is often a bare-minimum requirement in a business so that designated auditors and security administrators can query audit events to look for certain events. For example, if there is a breach in security to the cluster, a security administrator can query the audit logs to find the data that was accessed during the breach.
- Security compliance
-
A business ...
Get Hadoop Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.