redis (8), security settings

Others 2022-04-28 09:41:55 views: 0
 
If redis is deployed on the intranet and cannot be accessed by external machines, then the following content does not need to be read.
If redis is deployed on the public network, let’s take a look. The recent redis security incidents are quite serious, and most machines have even been hacked.
 
There are several ways to set up security:
 
1. Set a password 
requirepass yourpassword
 
Configured in redis, the password is in plain text. At this time, other clients need to bind the password to access redis. The execution efficiency of Redis is very fast, and external devices can test a considerable number of passwords per second. Redis passwords are stored in the Redis.conf file and in the configuration of the internal client, so they do not need to be remembered by the administrator. So a rather long password can be used.
 If a password is set, the master redis database password of the response should also be configured during master-slave replication.
2. Bind ip 
bind ip

 

You can set binding fixed ip access, you can also bind multiple ip 
bind ip1 ip2 #There is a space in the middle
 
If ip is bound, when master-slave replication, also bind the ip of the slave redis database server
 
3. Disable special commands
It is possible to disable some Redis commands, or rename them. This way the request from the client can only execute a limited number of commands.
In this case it is possible to rename the command from the command table or hide the command entirely. This feature can be used as a declaration in the Redis.conf configuration file. E.g: 
rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52
 
4. Modify the default port number 
port 9001
In fact, don't look down on this method. In recent redis security incidents, most of the hackers are the default port of 6379. If you modify the port slightly, it will be much safer.
 
5. Do not use root privileges at startup
Even if redis is cracked, it only obtains the permission to start the redis user, but it is best not to use root to start redis. Once redis is hacked, the root privileges of the server are obtained and it is over.

 

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=326236109&siteId=291194637
Recommended
Face Wall Intelligence releases the Eurux-8x22B open source large model - it can be called the "science champion"
Kaiyuan Daily | Google supports Hongmeng to take over; open source Rabbit R1; Android phones supported by Docker; Microsoft’s anxiety and ambition; Haier Electric shuts down the open platform
Ranking
Jianzhi offer interview questions 68-II. The nearest common ancestor of a binary tree (recursive)
jQuery Mobile development 1-UI components
Summary of Kotlin function knowledge
[ZZ] The Naked Truth About Anisotropic Filtering
Diagnosis: record a recovery of abnormal CRASH storage caused the database to be unable to be opened normally
Redis introduction and Linux installation Redis
Experiment 2 Introduction to switches
glances open source command-line system monitoring tools introduced
Use of selector
vue3 handwriting a carousel picture
Daily
More
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)

Code World

© 2018 codetd.com