feat(modules): add zookeeper and hadoop namenode exposure modules#262
Open
TBX3D wants to merge 1 commit into
Open
feat(modules): add zookeeper and hadoop namenode exposure modules#262TBX3D wants to merge 1 commit into
TBX3D wants to merge 1 commit into
Conversation
add two recon modules detecting anon-by-design big-data control surfaces that leak operational topology: - zookeeper-admin-exposure (medium): probes /commands/monitor on a zookeeper adminserver and matches the command/monitor envelope plus server_state; the adminserver has no auth on reads, so an open one discloses the version, ensemble role, connection counts and data size, while a firewalled or disabled adminserver is not reachable; extracts the version - hadoop-namenode-exposure (medium): probes /jmx for the NameNodeInfo bean and matches the bean name plus LiveNodes/DeadNodes; the namenode jmx is unauthenticated unless kerberos spnego is set, so an open one discloses the hdfs version and every datanode internal hostname, while a kerberos-secured namenode returns 401; extracts the software version trino/presto were dropped: /v1/info is ResourceSecurity(PUBLIC) so it answers on secured clusters too and would be a fingerprint, not an exposure. both modules carry hard-test coverage with N-1 anchor traps (a non-monitor zookeeper command and a non-NameNodeInfo hadoop bean stay quiet), cross false-positive guards both ways and a secured-instance status case.
github-actions
Bot
added
size/l
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #262 +/- ##
=======================================
Coverage ? 53.23%
=======================================
Files ? 81
Lines ? 6852
Branches ? 0
=======================================
Hits ? 3648
Misses ? 2938
Partials ? 266 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
pr summary3 files changed (+208 -0)
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
modules/recon/zookeeper-admin-exposure.yamlflags an exposed apache zookeeper adminserver over/commands/monitor, keyed on the"command":"monitor"response envelope paired with theserver_statefield, then extracts the version; the adminserver (default port 8080 since 3.5) has no auth on its read commands, leaking the ensemble role, connection counts and data size.modules/recon/hadoop-namenode-exposure.yamlflags an exposed hadoop hdfs namenode jmx interface over/jmx?qry=Hadoop:service=NameNode,name=NameNodeInfo, keyed on that bean name paired with theLiveNodesandDeadNodesattributes, then extracts the software version; the namenode jmx is anonymous unless kerberos spnego is configured, andLiveNodescarries every datanode's internal hostname.build/vet/lint clean,
go test ./internal/modules/green (the two modules end to end viaExecuteHTTPModule, real-hit and near-miss cases).