Aqua CSPM

Open Hadoop HDFS NameNode WebUI

Quick Info

Plugin TitleOpen Hadoop HDFS NameNode WebUI
CloudORACLE
CategoryNetworking
DescriptionDetermine if TCP port 50070 and 50470 for Hadoop/HDFS NameNode WebUI service is open to the public
More InfoWhile some ports such as HTTP and HTTPS are required to be open to the public to function properly, more sensitive services such as Hadoop/HDFS should be restricted to known IP addresses.
ORACLE Linkhttps://docs.cloud.oracle.com/iaas/Content/Network/Concepts/securitylists.htm
Recommended ActionRestrict TCP port 50070 and 50470 to known IP addresses for Hadoop/HDFS

Detailed Remediation Steps

  1. Log in to the Google Oracle Platform Console.
  2. Scroll down the left navigation panel and choose the “Virtual Cloud Networks” under the “Networking.”
  3. On the “Virtual Cloud Networks” page, click on the “Name” as a link to access the “Virtual Network.”
  4. On the “Virtual Cloud Network Details” page, scroll down the left navigation panel and choose the “Network Security Groups” option under the “Resources.”
  5. On the “Network Security Groups” page, select the “Security group” by clicking on the “Name” as a link to access the security group.
  6. On the “Network Security Group Details” page, under the “Security Rules” check if TCP port 50070 and 50470 for “Hadoop/HDFS NameNode WebUI” service is open to the public.Hadoop/HDFS NameNode WebUI should be restricted to known IP addresses.
  7. Repeat steps number 2 - 6 to check other “Security Groups” in the account.
  8. Navigate to “Virtual Cloud Networks” under the “Networking”, click on the “Name” as a link to access the “Virtual Network”, select the “Security Group” in which TCP port 50070 and 50470 for Hadoop/HDFS NameNode WebUI needs to restrict to known IP addresses.
  9. On the “Security Rules” page, click on the checkbox of the “Ingress” and click on the “Edit” button at the top to make the changes.
  10. On the “Edit Rules” page, enter the “IP Address” as per requirements under the “Source CIDR” and click on the “Save” button to make the changes.
  11. Repeat steps number to restrict TCP port 50070 and 50470 to known IP addresses.