Mitigations
Modify
redis.conf to disable dangerous commands:rename-command FLUSHALL ""
rename-command CONFIG ""
rename-command EVAL ""
Create a redis user for Redis operations:
$ groupadd -r redis && user add -r -g redis redis
Modify
redis.conf to add a password for Redis authentication:requirepass mypassword
Modify
redis.conf to allow access from localhost only:bind 127.0.0.1
Set correct permission for
authorized_keys to prevent attackers from adding their public keys into this file:$ chmod 400 ~/.ssh/authorized_keys
Last modified 1yr ago