Links

Mitigations

Modify redis.conf to disable dangerous commands:
rename-command FLUSHALL ""
rename-command CONFIG ""
rename-command EVAL ""
Create a redis user for Redis operations:
$ groupadd -r redis && user add -r -g redis redis
Modify redis.conf to add a password for Redis authentication:
requirepass mypassword
Modify redis.conf to allow access from localhost only:
bind 127.0.0.1
Set correct permission for authorized_keys to prevent attackers from adding their public keys into this file:
$ chmod 400 ~/.ssh/authorized_keys