- Platform Release 6.5
- Privacera Platform Installation
- Privacera Platform User Guide
- Privacera Discovery User Guide
- Privacera Encryption Guide
- Privacera Access Management User Guide
- AWS User Guide
- Overview of Privacera on AWS
- Configure policies for AWS services
- Using Athena with data access server
- Using DynamoDB with data access server
- Databricks access manager policy
- Accessing Kinesis with data access server
- Accessing Firehose with Data Access Server
- EMR user guide
- AWS S3 bucket encryption
- Getting started with Minio
- Plugins
- How to Get Support
- Coordinated Vulnerability Disclosure (CVD) Program of Privacera
- Shared Security Model
- Privacera Platform documentation changelog
Validation
About validation
Validations are a set of commands/checks that are performed before and after the installation of a Privacera component. Run the validations to ensure that all the pre-installation conditions are satisfied and the services post-installation are up and running with expected functionality. At the end of each check, a validation report is generated giving you the results of the check whether it has passed/failed.
Validations in Privacera Manager are divided into the following two parts, where each of them has its own set of commands/checks. Each part is independent and can be called at any time based on whether it's a pre-installation check or post-installation check.
Pre-installation Validation
The following sections describe validations to perform prior to installation.
pre_check
Checks if all the properties in the configuration YAML files are set correctly or not. If any passwords are used, they are checked as per the password policy.
Command to check for all configured services.
./privacera-manager.sh pre_check
Command to check for a specific service. For example, pre_check portal.
./privacera-manager.sh pre_check [service_tag]
pre_validation
Checks if a connection can be established between a Privacera service and an external service such as an external RDS database, S3, or ADLS. Validations make sure that the network connectivity and credentials specified in properties are working and have proper access to work with required external services.
Command to check for all configured services.
./privacera-manager.sh pre_validation
Command to check for a specific service. For example, pre_validation portal.
./privacera-manager.sh pre_validation [service_tag]
Post-installation validations
service_check
Checks if a Privacera service is up and running. Use this command to check for all configured services.
./privacera-manager.sh service_check
Command to check for a specific service. For example, service_check portal.
./privacera-manager.sh service_check [service_tag]
service_validation
Performs basic sanity checks on the services installed by carrying out some actions. This validates the integrity of the installed services whether they are working properly.
Command to check for all configured services:
./privacera-manager.sh service_validation
Command to check for a specific service. For example, service_validation portal.
./privacera-manager.sh service_validation [service_tag]
security_check
Checks where the Privacera passwords should be stored (JCEKS or vault), checks for default passwords in the configuration files, and validates the SSL certificate installed on the services.
Command to check for all configured services:
./privacera-manager.sh security_check
Command to check for a specific service. For example, security_check portal.
./privacera-manager.sh security_check [service_tag]
Validation reports
Validations reports are stored in the logs directory with the timestamp folder. After a validation run, it shows a validation summary and the path to the directory where all the last validation reports are generated.
The following is the screenshot of service check and it shows the path of the directory where the validation report is stored, also the summary of the service_check, how many of them passed or failed.
Supported validations
The following table contains all the supported validations for each Privacera service:
Service Name | Validation Type | Checks |
Privacera Portal tag : portal | pre_check | Validate External Database Properties |
Validate Properties for OKTA Login | ||
Validate Properties for LDAP Login | ||
Validate Properties for AAD Login | ||
Validate Properties for Portal SSL | ||
Check Portal padmin user password strength | ||
pre_validation | Check if external MySQL database is reachable | |
Check if external Postgres database is reachable | ||
Check if LDAP server is reachable | ||
service_check | Check if the portal is accessible | |
security_check | Check if all portal password property values are secured with JCEKS keystore | |
Verify Privacera Portal SSL Certificate | ||
Ranger tag : ranger | pre_check | Validate External Database Properties |
Validate Properties for Ranger SSL | ||
Check Ranger passwords strength | ||
pre_validation | Check if external MySQL database is reachable | |
Check if external Postgres database is reachable | ||
service_check | Check if ranger admin is accessible | |
security_check | Check if all ranger password property values are secured with JCEKS keystore | |
Verify Ranger Admin SSL Certificate | ||
Solr tag : solr | pre_check | Validate Properties for Solr Auth |
Check Solr auth user password strength | ||
service_check | Check if Solr is accessible | |
service_validation | Check if Solr Service is Functional | |
security_check | Verify Solr SSL Certificate | |
Zookeeper tag : zookeeper | service_check | Check if the Zookeeper container is running |
MariaDB tag : mariadb | pre_check | Check MariaDB root user password strength |
Audit Fluentd tag : audit-fluentd | pre_check | Validate audit-fluentd aws s3 properties |
Validate audit-fluentd azure properties | ||
service_check | Check if audit-fluentd is accessible | |
Audit Server tag : auditserver | pre_check | Validate AuditServer basic authentication properties |
Check AuditServer basic authetication password strength | ||
service_check | Check if auditserver is accessible | |
security_check | Check if all auditserver password property values are secured with JCEKS keystore | |
Crypto tag : crypto | service_validation | Check if Crypto is Functional |
Dataserver tag : dataserver | pre_check | Validate Properties for Azure Cloud |
Validate Properties for Shared Key Azure Cloud | ||
Validate Properties for GCP Cloud | ||
Validate Properties s3 Endpoint | ||
Validate Properties databricks scala | ||
Validate Properties For SSL | ||
Check strength of dataserver related passwords | ||
pre_validation | Check if able to connect to s3 using IAM role | |
Check if able to connect to s3 using keys | ||
Check if able to connect to s3 http endpoint | ||
Check if able to connect to s3 https endpoint | ||
Check if able to connect to adls gen2 shared_key_pairs | ||
Check if able to connect to adls gen2 storage | ||
Check if able to connect to gcp | ||
service_check | Check if non-ssl dataserver is accessible | |
Check if ssl dataserver is accessible | ||
service_validation | Check if S3 Service is Functional with Dataserver | |
Check if DynamoDB Service is Functional with Dataserver | ||
Check if Glue Service is Functional with Dataserver | ||
Check if Kinesis Service is Functional with Dataserver | ||
Check if Lambda Service is Functional with Dataserver | ||
security_check | Check if all dataserver password property values are secured with JCEKS keystore | |
Verify Dataserver SSL Certificate | ||
Discovery tag : discovery | pre_check | Validate Properties for External Database |
Validate Properties for AWS Resources | ||
Validate Properties for Azure Resources with terraform disabled | ||
Validate Properties for Azure Resources with Terraform enabled | ||
Validate Properties for GCP Resources | ||
Validate Properties for Discovery kubernetes | ||
Validate Properties for Discovery real time scan | ||
Validate Properties for Discovery Databricks | ||
Validate Properties for Discovery Databricks with managed script | ||
Validate Properties for Discovery Databricks Plugin | ||
pre_validation | Check if external mysql database is reachable | |
Check if external postgres database is reachable | ||
service_check | Check if discovery container is running | |
service_validation | Check if Discovery S3 Scanning is Functional | |
Grafana tag : grafana | service_check | Check if grafana container is running |
Graphite tag : graphite | service_check | Check if graphite container is running |
Kafka tag : kafka | service_check | Check if kafka container is running |
PEG tag : peg | pre_check | Validate Credentials for PEG to Privacera Portal Communication |
Validate PEG Basic Auth Properties | ||
Validate PEG Host Name | ||
Check PEG basic auth password strength | ||
service_check | Check if PEG is accessible | |
service_validation | Check if PEG is Functional | |
security_check | Check if PEG Privacera Portal password property values are secured with JCEKS keystore | |
Verify PEG SSL Certificate | ||
Pkafka tag : pkafka | service_check | Check if pkafka container is running |
PolicySync tag : policysync | service_check | Check if policysync container is running |
Ranger KMS tag : kms | pre_check | Validate Ranger KMS Master Key password property |
Validate Ranger KMS Host Name | ||
Check Ranger KMS Master key password strength | ||
service_check | Check if ranger kms container is running | |
security_check | Check Master key password used in Ranger KMS is stored in secure JCEKS keystore | |
Verify Ranger KMS SSL Certificate | ||
Ranger Usersync tag : usersync | pre_check | Validate Properties for LDAP Usersync |
Validate Properties for AAD Usersync | ||
Validate Properties for LDAP SSL Usersync | ||
Check strength of usersync passwords | ||
pre_validation | Check if ldap server is reachable | |
service_check | Check if ranger usersync container is running | |
security_check | Check if all ranger usersync password property values are secured with JCEKS keystore | |