Redis Logo
How to Install and Harden (Secure) Redis Server on Ubuntu 14.04
Jason Jason Photo By Jason Jason, Feb 24, 2016

Redis is probably my favorite caching service. It just works! I used to go with Memcached, but if something was improperly configured or it received a piece of data it didn't like, you were hating life.

What is Redis

Direct quote from the Redis documentation:

Redis is an open source (BSD licensed), in-memory data structure store, used as database, cache and message broker

Redis allows you to store things in memory (as opposed to on the hard drive), which makes it really fast. Though you could actually use it as a NoSQL database with the built in option to persist (save to hard disk) the data, I still prefer to have most of my data stored in a relational database such as MySQL and then use Redis as a caching service.

Installation

Run the following commands on the terminal:

sudo apt-get install redis-server

This will install and automatically start the redis service.

Secure Installation

Redis is designed with minimal security around it so you'll need to secure it before you'll want to put any data in there. Of course, you should have a good firewall place with specific rules to allow/deny all connections. Personally, I like to disable the heck out of everything and only leave ports 22 (SSH), 80 (HTTP), and 443 (HTTPS) open to the outside world. Here's a quick How To Implement a Basic Firewall Template with Iptables on Ubuntu 14.04.

Now back to securing Redis:

sudo nano /etc/redis/redis.conf

make sure there is a line in there that looks like this:

bind 127.0.0.1

The above config option means that Redis will only accept connections from the same server. If you need to configure this for something different, take a look at the references below.

Then look for the requirepass option and uncomment it and put your password right next to it, like what is show below:

requirepass [SOME REALLY LONG PASSWORD]

Then at the very bottom of the config file, paste this in:

# --------------------------------------------------
# Added by JJ to disable dangerous commands
rename-command FLUSHDB ""
rename-command FLUSHALL ""
rename-command KEYS ""
rename-command PEXPIRE ""
rename-command DEL ""
rename-command CONFIG ""
rename-command SHUTDOWN ""
rename-command BGREWRITEAOF ""
rename-command BGSAVE ""
rename-command SAVE ""
rename-command SPOP ""
rename-command SREM ""
rename-command RENAME ""
rename-command DEBUG ""

Save the config file and then restart Redis:

sudo service redis-server restart

... and you're done!

References

https://www.digitalocean.com/community/tutorials/how-to-secure-your-redis-installation-on-ubuntu-14-04

https://hostpresto.com/community/tutorials/how-to-install-and-configure-redis-on-ubuntu-14-04/

https://www.digitalocean.com/community/tutorials/how-to-configure-a-redis-cluster-on-ubuntu-14-04


Tags & Categories

Favorites Cache