| Plugin Title | Open Hadoop HDFS NameNode Metadata Service |
| Cloud | |
| Category | VPC Network |
| Description | Determines if TCP port 8020 for HDFS NameNode metadata service is open to the public. |
| More Info | While some ports such as HTTP and HTTPS are required to be open to the public to function properly, more sensitive services such as Hadoop/HDFS should be restricted to known IP addresses. |
| GOOGLE Link | https://cloud.google.com/vpc/docs/using-firewalls |
| Recommended Action | Restrict TCP port 8020 to known IP addresses for Hadoop/HDFS. |
- Log into the Google Cloud Platform Console.
- Scroll down the left navigation panel and choose the "Networking" to select the "Firewall rules" option under the "VPC network."
- On the "Firewall rules" page, select the "Firewall rule" which needs to be verified.
- On the selected "Firewall rules", if TCP port 8020 for "HDFS NameNode metadata service" is open to the public then the selected "Firewall rule" is not as per the best standards.
- Repeat steps number 2 - 4 to verify another "Firewall rule" in the network.
- Navigate to "VPC network" and choose the "Firewall rules" option under the "Networking" and select the "Firewall rule" which needs to be restricted to known IP addresses.
- On the "Firewall rules" page, click on the "Edit" button at the top and under the "Source IP ranges" enter the IP addresses as per the requirements.
- Click on the "Save" button at the bottom to make the changes.
- Repeat steps number 6 - 8 to restrict TCP port 8020 to known IP addresses for Hadoop/HDFS.
