How to secure Redis database
Posted By : Shiv Kumar | 10-Apr-2017
In previous blog I have explained how to set up a key value database Redis. After installing redis we can access redis database using command redis-cli, because redis security is not implemented yet.
If you run following command on redis cli :
127.0.0.1:6379> auth admin (error) ERR Client sent AUTH, but no password is set - It gives this error message means no security password is set yet.
We can secure our Redis database in many ways as described below :
1. Bind it to some private ip instead of localhost :
1.1 Open redis.conf 1.2 Go to configuration # bind 127.0.0.1 and uncomment it. 1.3 Change local ip to some private ip. 1.4 Save the changes and restart redis server.
2. Configure a secure password :
2.1 Open redis.conf 2.2 Go to configuration # requirepass foobared and uncomment it. 2.3 Change password to some secure password. 2.4 Save the changes and restart redis server. Now each time you access redis database and run command you have to provide password, otherwise it will give error (error) NOAUTH Authentication required. 2.5 Run command auth password. It gives OK. Now you can access redis database using command redis-cli -h hostname -p portnumber -a securepassword
3. Rename dangerous commands :
There is a set of some commands which are very dangerous to execute , so they should be executed by some authorised user.
To secure redis in this perspective you can completelly kill or rename those command using following syntax :
Go to redis.conf and do following : Completely kill command : rename-command FLUSHDB "" -- renamed to empty string means no operation will be performd when this command is executed. Rename to some other name : rename-command FLUSHDB FLUSHDB_MANUAL -- command is renamed to FLUSHDB_MANUAL If you run now FLUSHDB on redis console it will give following error: (error) ERR unknown command 'FLUSHDB'
4. Another way to secure redis is setting permission and ownership to the redis folder using following command :
sudo chmod 700 redis folder
Thanks
Shiv Kumar
Cookies are important to the proper functioning of a site. To improve your experience, we use cookies to remember log-in details and provide secure log-in, collect statistics to optimize site functionality, and deliver content tailored to your interests. Click Agree and Proceed to accept cookies and go directly to the site or click on View Cookie Settings to see detailed descriptions of the types of cookies and choose whether to accept certain cookies while on the site.
About Author
Shiv Kumar
Shiv is an experienced Java Developer with a strong background in multiple technologies. He specializes in defining system architectures to ensure reliable and resilient solutions. He possesses a comprehensive understanding of the latest technologies and has hands-on experience in Core Java, Spring Boot, Hibernate, Apache Kafka messaging queue, Redis, as well as relational databases like MySQL and PostgreSQL, and non-relational databases like MongoDB. He excels in API implementations, Microservices, Web Services development, testing, and deployments. Shiv actively contributes to code enhancements and consistently delivers valuable contributions to various client projects, including Fabtrack, Pando, Pandojo, Digikam, WhatsApp Integration, Croniz, Punchin Application, Script TV, Bhaasha, and more. He demonstrates strong analytical skills and a creative mindset. In addition, he has a passion for reading books and exploring new technologies and innovations.