linux_wiki:redis

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
linux_wiki:redis [2018/09/17 22:06]
billdozor created 		linux_wiki:redis [2019/05/25 23:50] (current)
Line 60: Line 60:
 bind 192.168.1.100 bind 192.168.1.100
 </code> </code>
 +
 +----
 +
 +===== Security =====
 +
 +Redis was designed to be deployed on trusted networks. It is recommended to NOT expose Redis to the internet.
 +
 +That being said, there are some protection measures that can be taken.
 +
 +\\
 +**Firewall**
 +  * Use firewalld to only allow certain networks access to the Redis port<code bash># Allow only the 192.168.1.0/24 network
 +firewall-cmd --zone=internal --add-source=192.168.1.0/24 --permanent
 +
 +# To the Redis port
 +firewall-cmd --zone=internal --add-port=6379/tcp --permanent
 +
 +# Reload rules
 +firewall-cmd --reload</code>
 +
 +\\
 +**Authentication (password) for clients**
 +  * Clients must authenticate before sending commands<code bash>requirepass c5bdeb2b550e038740466ec0c8dc03df3e8bb629bde539251840da1af6ee62d2</code>
 +    * Recommended to use the hash of something to set a complicated password that can't be memorized if seen. Example<code bash>echo "this is the coolest password ever" | sha256sum 
 +c5bdeb2b550e038740466ec0c8dc03df3e8bb629bde539251840da1af6ee62d2</code>
 +
 +\\
 +**Disable Certain Commands**
 +  * Certain commands can be disabled for clients by renaming them
 +    * Renamed command for hard to guess CONFIG<code bash>rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52</code>
 +    * Disabling the CONFIG command completely<code bash>rename-command CONFIG ""</code>
 +
 +\\
 +**Encryption Tunneling**
 +  * Redis traffic can be piped through an encrypted tunnel using spiped
 +  * FIXME - to do
 +
 +----
 +
 +===== General =====
 +
 +**Daemonize**
 +  * Enable redis to run as a daemon<code bash>daemonize yes</code>
 +
 +**Supervisor Interaction**
 +  * Enable redis to send signals to systemd<code bash>supervised systemd</code>
 +
 +**Append Log**
 +  * Enable append only file<code bash>appendonly yes</code>
 +
 +**File Sync**
 +  * Configure how often memory flushes to disk<code bash>appendfsync everysec</code>
 +
 +----
 +
 +====== Client: Install ======
 +
 +Install the Python Redis client<code bash>pip install redis</code>
 +
 +----
 +
 +====== Client: Configure ======
 +
 +Import the Redis module and connect to the Redis server<code bash>import redis
 +
 +redis_db.keys()
 +
 +redis_db = redis.StrictRedis(host="192.168.1.151", port=6379, db=0, password="c5bdeb2b550e038740466ec0c8dc03df3e8bb629bde539251840da1af6ee62d2")</code>
 +
 +\\
 +**Example Client Use**
 +  * String
 +  * List
 +  * Hash
  
 ---- ----
  
  • linux_wiki/redis.1537236373.txt.gz
  • Last modified: 2019/05/25 23:50
  • (external edit)