Easy guide for Securing Redis Server

Like any other application or server, Redis installations might also be susceptible to unauthorized access or intrusions, if we have not secured it properly. In this tutorial, we will focus on securing Redis server to avoid any unauthorized access or intrusions.

Redis is an open source, in-memory data structure store or a key-value store that can be used as a cache for application, as a database server or even as a message broker. In our previous tutorials, we have already discussed the installation & also setting up a master-slave like architecture for the Redis server.

Recommended Read: SysAdmin’s guide to REDIS CLI Commands

Also Read: How to install CouchDB (& GUI manager) on CentOS & Ubuntu

So let’s start this tutorial on securing Redis server,

1- Securing redis server installation with a password

Note:- This is the configuration file path for my installation, yours can be ‘/etc/redis/redis.conf’ or if you have a custom installation like mine, then go to that location.

# vim /usr/local/redis/6379.conf

And look for the parameter ‘requirepass’, we need to uncomment it & then assign a password,

requirepass test@9879

Once the changes have been made, restart the redis service to implement the changes made. Now to connect to redis-cli, you will have to enter the password. First, connect to redis-cli,

# redis-cli

Now provide the password,

127.0.0.1:6379> auth test#9897

That’s it. You will now be connected to redis-cli.

2- Securing redis server access to localhost only

To avoid that, open your redis configuration file,

# vim /usr/local/redis/6379.conf

Once you have opened the file, look for ‘bind’ parameter & change it to,

bind 127.0.0.1 ::1

Now save the file & exit. Now restart the redis service to implement the changes made.

3- Securing Redis server by renaming dangerous commands

So disabling a command is a similar process to renaming a command, for renaming, we will provide an alternate name for the command but for disabling it we will rename it to empty name or string.

To rename a command, open the configuration file,

# vim /usr/local/redis/6379.conf

Now under the ‘Security’ section, we can rename or disable a command. To disable a command, use the following example as reference,

rename-command FLUSHALL “”

For renaming a command, use the following example as reference,

rename-command FLUSHALL DELETEITALL

Here, we have renamed FLUSHALL command to DELETEITALL (Delete It All). Once changes have been made, save the file & restart the redis service to implement the changes. Now login to redis-cli & check the renamed commands.

So this was our guide on securing redis server. Please feel free to send in any questions, queries using the comment box below.

We are giving you exclusive deals to try Linux Servers for free with 100$ credit, check these links to claim your 100$,

DigitalOcean — 100$ free credit & Linode — 100$ free credit

Check some Exclusive Deals, HERE.

Also, check out DevOps Book You should read section.

http://linuxtechlab.com is a beginner friendly website where you can learn Linux Tips & tricks,Scripting, also has lots of tutorials aimed at making Linux easy.