Created 05-30-2016 11:04 PM
Hello Team,
I am using Ambari HDP 2.3 version. One of the host I installed Smart Sense, I need to do masking for some of the password fields. I have done masking for the fields which are present in XML files. But, I have passwords in text file as well. I am not aware how to mask those passwords also in text files. Please help me on this.
1) For the XML files masking is done by using below setup in Anonymization rule.
I am not aware to how to mask the password, in a text file. Awaiting for your reply.
Created 05-31-2016 06:19 PM
Anonymization rules are covered in the SmartSense Admin Guide. You will need to use a regular expression-based rule to mask from a text file. Depending on what text file(s) may contain passwords, you can either specify the exact filename or use a regular expression here as well. It's best to define the path as specifically as possible to avoid accidentally masking values in unrelated files.
The string to mask/replace is identified by a regular expression. Here's a very simple example that will replace a line that contains the string "password:" in my-credentials.txt:
{ "name":"my_credentials", "path":"my-credentials.txt", "pattern": ".*password:.*", "value": "password: Hidden" },
Created 05-31-2016 05:07 AM
@shyam gurram - Good question. I will try this and keep you updated.
Created 05-31-2016 02:58 PM
Hi Kuldeep Kulkarni,
Awaiting for your comments.
Created 05-31-2016 06:19 PM
Anonymization rules are covered in the SmartSense Admin Guide. You will need to use a regular expression-based rule to mask from a text file. Depending on what text file(s) may contain passwords, you can either specify the exact filename or use a regular expression here as well. It's best to define the path as specifically as possible to avoid accidentally masking values in unrelated files.
The string to mask/replace is identified by a regular expression. Here's a very simple example that will replace a line that contains the string "password:" in my-credentials.txt:
{ "name":"my_credentials", "path":"my-credentials.txt", "pattern": ".*password:.*", "value": "password: Hidden" },
Created 05-31-2016 10:21 PM
You can also use sub-pattern to replace passwords in the text file.
{
"name": "replace_password",
"path": "my_secured_file.txt",
"pattern": "mypassword=([^ ]+) ",
"extract":"=([^ ]+)",
"value":"Hidden"
}
Created 06-06-2016 03:03 PM
Hi Alex,
Thanks for the post, In a text file I have two properties. The script is working for one of the property, but as per the logic it should for the other property also.
env:KERBEROS_KADMINST_PASSWORD=t.w48oJj-
env:KERBEROS_MASTERDB_PASSWORD=xtW2+OGi-
The above are the two properties that i need to mask their passwords.
{ "name":"Hive_Pass_Phrase",
"path":"hive_config.txt",
"pattern": ".*PASSWORD.*$",
"operation":"REPLACE",
"value":"PASSWORD Hidden" },
As per the above code it should work for the both the properties, it is working only for env:KERBEROS_KADMINST_PASSWORD, not for other. Please help me on this.
Regards
Shyam