Mitigations
Modify redis.conf
to disable dangerous commands:
rename-command FLUSHALL ""
rename-command CONFIG ""
rename-command EVAL ""
Create a redis user for Redis operations:
$ groupadd -r redis && user add -r -g redis redis
Modify redis.conf
to add a password for Redis authentication:
requirepass mypassword
Modify redis.conf
to allow access from localhost only:
bind 127.0.0.1
Set correct permission for authorized_keys
to prevent attackers from adding their public keys into this file:
$ chmod 400 ~/.ssh/authorized_keys
Last updated
Was this helpful?