# Mitigations

Modify `redis.conf` to disable dangerous commands:

```
rename-command FLUSHALL ""
rename-command CONFIG ""
rename-command EVAL ""
```

Create a redis user for Redis operations:

```bash
$ groupadd -r redis && user add -r -g redis redis
```

Modify `redis.conf` to add a password for Redis authentication:

```
requirepass mypassword
```

Modify `redis.conf` to allow access from localhost only:

```
bind 127.0.0.1
```

Set correct permission for `authorized_keys` to prevent attackers from adding their public keys into this file:

```bash
$ chmod 400 ~/.ssh/authorized_keys
```