Hortonworks Cybersecurity Platform
Also available as:
PDF
loading table of contents...

Use Fastcapa in a Kerberized Environment

You can use the Fastcapa probe in a Kerberized environment.

The following task assumes that you have configured the following values. If necessary, change these values to match your environment.

The Kafka broker is at kafka1:6667.

ZooKeeper is at zookeeper1:2181.

The Kafka security protocol is SASL_PLAINTEXT.

The keytab used is located at /etc/security/keytabs/metron.headless.keytab.

The service principal is metron@EXAMPLE.COM.

  1. Build Librdkafka with SASL support (--enable-sasl):
    wget https://github.com/edenhill/librdkafka/archive/v0.9.4.tar.gz  -O - | tar -xz
    cd librdkafka-0.9.4/
    ./configure --prefix=$RDK_PREFIX --enable-sasl
    make 
    make install
    
  2. Verify that Librdkafka supports SASL:
    $ examples/rdkafka_example -X builtin.features
    builtin.features = gzip,snappy,ssl,sasl,regex
    
  3. If Librdkafka does not support SASL, install libsasl or libsasl2. Use the following command to install libsasl on your CentOS environment:
    yum install -y cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi
  4. Grant access to your Kafka topic (in this example, named pcap):
    $KAFKA_HOME/bin/kafka-acls.sh --authorizer kafka.security.auth.SimpleAclAuthorizer \
      --authorizer-properties zookeeper.connect=zookeeper1:2181 \
      --add --allow-principal User:metron --topic pcap
    
  5. Obtain a Kerberos ticket:
    kinit -kt /etc/security/keytabs/metron.headless.keytab metron@EXAMPLE.COM
    
  6. Add the following additional configuration values to your Fastcapa configuration file:
    security.protocol = SASL_PLAINTEXT
    sasl.kerberos.keytab = /etc/security/keytabs/metron.headless.keytab
    sasl.kerberos.principal = metron@EXAMPLE.COM
    
    For example:
    $ pycapa --producer \
        --interface eth0 \
        --kafka-broker kafka1:6667 \
        --kafka-topic pcap --max-packets 10 \
        -X security.protocol=SASL_PLAINTEXT \
        -X sasl.kerberos.keytab=/etc/security/keytabs/metron.headless  .keytab \
        -X sasl.kerberos.principal=metron-metron@METRONEXAMPLE.COM
    INFO:root:Connecting to Kafka; {'sasl.kerberos.principal':   'metron-metron@METRONEXAMPLE.COM', 'group.id': 'ORNLVWJZZUAA',   'security.protocol': 'SASL_PLAINTEXT', 'sasl.kerberos.keytab':   '/etc/security/keytabs/metron.headless.keytab', 'bootstrap.servers': 'kafka1:6667'}
    INFO:root:Starting packet capture
    INFO:root:Waiting for '1' message(s) to flush
    INFO:root:'10' packet(s) in, '10' packet(s) out
  7. Run Fastcapa