In the trigger API I mentioned you’ll get the data that is about to get inserted, you can decode that data and check that it is compliant to your security. If you want to kill the node, just call System.exit() or CassandraDaemon.stop(); The thing is that if you have RF=4 with 4 nodes, they will all receive the same update and this will kill your whole cluster. If instead you throw an exception, you’ll prevent the rogue write and your client will get an error.
As far as I know there is no public interface to plug your code at the replication level, and even if there was one, it would only work when you have different DCs. One DC would stay with rogue data, and the other one would shutdown. -- Jacques-Henri Berthemet From: Abdelkrim Fitouri [mailto:abdou....@gmail.com] Sent: jeudi 16 novembre 2017 22:33 To: user@cassandra.apache.org Subject: Re: Executing a check before replication / manual replication ok please find bellow an example: Lets suppose that i have a cassandra cluster of 4 nodes / one DC / replication factor = 4, So in this architecture i have on full copy of the data on each node. Imagine now that one node have been hacked and in some way with full access to cqlsh session, if data is changed on that node, data will be changed on the three other, am i right ? imagine now that i am able to know (using cryptographic bases) if one column was modified by my API ( => normal way) or not ( => suspicious way), and i want to execute this check function just before any replication of a keyspace to avoid that all the replica will be affected by that and so a rollback will be not easy and the integrity of all the system will be down, the check will for example kill the local cassandra service ... Hope that my question is more clear now. Many thanks for any help. 2017-11-16 22:01 GMT+01:00 Oliver Ruebenacker <cur...@gmail.com<mailto:cur...@gmail.com>>: Hello, If I understand the OP right, he wants an automated response one node displays suspicious activity. I suppose in that case, one would want the node to be removed from the cluster or shut down or both. Best, Oliver On Thu, Nov 16, 2017 at 3:40 PM, kurt greaves <k...@instaclustr.com<mailto:k...@instaclustr.com>> wrote: What's the purpose here? If they have access to cqlsh, they have access to every nodes data, not just the one they are on. An attacker modifying RF would be the least of your worries. If you manage to detect that some node is compromise you should isolate it immediately. On 16 Nov. 2017 07:33, "Abdelkrim Fitouri" <abdou....@gmail.com<mailto:abdou....@gmail.com>> wrote: Hi, I know that cassandra handel properly data replication between cluster nodes, but for some security reasons I am wonderning how to avoid data replication after a server node have been compromised and someone is executing modification via cqlsh ? is there a posibility on Cassandra to execute a custom check / Hook before replication ? is there a posibilty to execute a manual replication between node ? -- Best Regards. Abdelkarim FITOURI System And Security Engineer -- Oliver Ruebenacker Senior Software Engineer, Diabetes Portal<http://www.type2diabetesgenetics.org/>, Broad Institute<http://www.broadinstitute.org/>
