Support Questions

shyam_kf657 · ‎05-30-2016

Hello Team,

I am using Ambari HDP 2.3 version. One of the host I installed Smart Sense, I need to do masking for some of the password fields. I have done masking for the fields which are present in XML files. But, I have passwords in text file as well. I am not aware how to mask those passwords also in text files. Please help me on this.

1) For the XML files masking is done by using below setup in Anonymization rule.

{ "name":"Delete_Yarn_Hbase_Hive_MR_Trust_Store_Password",

"path":"ssl-server.xml",

"property": "ssl.server.truststore.password",

"operation":"REPLACE",

"value":"Hidden" }

I am not aware to how to mask the password, in a text file. Awaiting for your reply.

amiller · ‎05-31-2016

Anonymization rules are covered in the SmartSense Admin Guide. You will need to use a regular expression-based rule to mask from a text file. Depending on what text file(s) may contain passwords, you can either specify the exact filename or use a regular expression here as well. It's best to define the path as specifically as possible to avoid accidentally masking values in unrelated files.

The string to mask/replace is identified by a regular expression. Here's a very simple example that will replace a line that contains the string "password:" in my-credentials.txt:

  {
    "name":"my_credentials",
    "path":"my-credentials.txt",
    "pattern": ".*password:.*",
    "value": "password: Hidden"
  },

View solution in original post

KuldeepK · ‎05-31-2016

@shyam gurram - Good question. I will try this and keep you updated.

shyam_kf657 · ‎05-31-2016

Hi Kuldeep Kulkarni,

Awaiting for your comments.

amiller · ‎05-31-2016

Anonymization rules are covered in the SmartSense Admin Guide. You will need to use a regular expression-based rule to mask from a text file. Depending on what text file(s) may contain passwords, you can either specify the exact filename or use a regular expression here as well. It's best to define the path as specifically as possible to avoid accidentally masking values in unrelated files.

The string to mask/replace is identified by a regular expression. Here's a very simple example that will replace a line that contains the string "password:" in my-credentials.txt:

  {
    "name":"my_credentials",
    "path":"my-credentials.txt",
    "pattern": ".*password:.*",
    "value": "password: Hidden"
  },

czounaidou · ‎05-31-2016

You can also use sub-pattern to replace passwords in the text file.

{

"name": "replace_password",

"path": "my_secured_file.txt",

"pattern": "mypassword=([^ ]+) ",

"extract":"=([^ ]+)",

"value":"Hidden"

}

shyam_kf657 · ‎06-06-2016

Hi Alex,

Thanks for the post, In a text file I have two properties. The script is working for one of the property, but as per the logic it should for the other property also.

env:KERBEROS_KADMINST_PASSWORD=t.w48oJj-

env:KERBEROS_MASTERDB_PASSWORD=xtW2+OGi-

The above are the two properties that i need to mask their passwords.

{ "name":"Hive_Pass_Phrase",

"path":"hive_config.txt",

"pattern": ".*PASSWORD.*$",

"operation":"REPLACE",

"value":"PASSWORD Hidden" },

As per the above code it should work for the both the properties, it is working only for env:KERBEROS_KADMINST_PASSWORD, not for other. Please help me on this.

Regards

Shyam

Cloudera Community

Support Questions

Mask the password fields in a text file by using smart sense

{ "name":"Delete_Yarn_Hbase_Hive_MR_Trust_Store_Password",

"path":"ssl-server.xml",

"property": "ssl.server.truststore.password",

"operation":"REPLACE",

"value":"Hidden" }