WebMail 
LiveChat 
How to Install and Secure Redis on CentOS 7
How to Install and Secure Redis on CentOS 7
Redis is an open-source, in-memory data structure store, used as a database, cache, and message broker. It’s a distributed in-memory key-value database with optional durability. Supports major data structures such as string, hashes, lists, sets, bitmaps, sorted sets, HyperlogLogs, stream, and geospatial indexes with radius queries.eval(ez_write_tag([[728,90],’howtoforge_com-box-3′,’ezslot_6′,106,’0′,’0′]));
In this tutorial, we will show you how to install and configure Redis Server on CentOS 7. We will install the Redis Server from the Remi repository, and then secure the installation.eval(ez_write_tag([[580,400],’howtoforge_com-medrectangle-3′,’ezslot_2′,121,’0′,’0′]));
Prerequisite
For this guide, we will install the Redis on CentOS 7 Server with 1GB of RAM and 2CPUs. This is for testing only, and you will need more than this for your production.
What we will do:
- Install and Enable Remi Repository
- Install Redis Server
- Configure Redis Server
- Securing Redis Server
- Testing
Step 1 – Install and Enable Remi Repository
Firstly, we will add the Remi repository to the CentOS 7 system. The Remi repository provides the latest version of Redis package for our installation.
Before adding the Remi repository, let’s install the EPEL repository and yum utility packages.
sudo yum install epel-release yum-utilsNow add the Remi repository for CentOS 7 using the yum command below.
sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpmAfter that, enable the ‘remi’ repository using the yum-config-manager tool as below.
sudo yum-config-manager --enable remiThe Remi repository has been added and enabled on the CentOS 7 system, check using the yum command below.eval(ez_write_tag([[580,400],’howtoforge_com-medrectangle-4′,’ezslot_1′,108,’0′,’0′]));
yum repolist enabledAnd you will get the result as below.
Step 2 – Install Redis on CentOS 7
After installing the Remi repository, we will install the latest Redis package. You can check the available Redis version using the yum command below.
yum search redis
yum info redisNow you will get the Redis 5.0.5 is available on the Remi repository.
Install Redis using the command below.
sudo yum -y install redisOnce the installation is complete, start the redis service and add it to the system boot.
systemctl start redis
systemctl enable redisThe Redis service is up and running with the default configuration, check the service status and the port used by the server.
systemctl status redis
netstat -plntuAnd you will get the result as below.
The Redis server is up and running on CentOS 7 system, running the localhost IP address ‘127.0.0.1’ with default TCP port ‘6379’.
Step 3 – Configure Redis
In this step, we’re going to configure our Redis Server installation on the CentOS 7 server.
Edit the Redis configuration file ‘/etc/redis.conf’ using vim editor.
vim /etc/redis.confNow change ‘bind’ address with your internal IP address. If you’re running as a cluster, you can change with the private IP address. It’s recommended to run the Redis Server on private internal IP address.
bind 127.0.0.1Now change the ‘daemonize’ value to ‘yes’, because we will run the Redis service as a daemon.
daemonize yesSince we’re using the CentOS 7 server and systemd, so we need to change the ‘supervised’ line configuration to ‘systemd’.
supervised systemdSave and close.
Now restart the redis service.
systemctl restart redisThe basic configuration of the Redis Server has been completed. Now connect to the Redis Server using the redis-cli command as below.
redis-cliRun the ping command below.
ping
ping "Hello Redis"If your installation is correct, you will get the ‘PONG’ reply and the message that you write after the command.
Step 4 – Securing Redis Installation
In this step, we’re going to secure our Redis installation. There are 3 things that you must know about securing the Redis Server.
1. Network Security
The Network security for redis server is related with the ‘bind’ configuration on the redis configuration ‘redis.conf’. It’s recommended to use the internal private network for your Redis installation and don’t use the public.
Edit the Redis configuration file ‘/etc/redis.conf’ using vim editor.
vim /etc/redis.confOn the ‘bind’ section, change the IP address with your own internal network IP address.
bind INTERNAL-IP-ADDRESSSave and close.
And now the redis service will run under the ‘INTERNAL-IP-ADDRESS’.
2. Password Authentication
The password authentication for Redis will give you access control to your Redis server. This is a little layer of security that will enhance your Redis server security, and it is not yet enabled by default installation.
To enable the Password Authentication for Rediser server, you will need to uncomment the ‘requirepass’ section on the ‘redis.conf’ file and type your strong password after it.
requirepass [email protected]#$Change the ‘[email protected]#$’ with your strong password. And now the password authentication for Redis has been enabled.
3. Disabling Dangerous Redis Command
Redis provides a feature for disabling some specific Redis command. This feature can be used to rename or disable some of the dangerous commands such as ‘FLUSHALL’ for erasing all data, ‘CONFIG’ command to setup configuration parameter through the Redis CLI, etc.
To change or disable the Redis command, you can use the ‘rename-command’ option. Edit the redis configuration file ‘redis.conf’ and add some configurations below.
# rename-command COMMAND "CUSTOM"
rename-command CONFIG "REDISCONFIG"
rename-command FLUSHALL "DELITALL"Save and close.
Once all is complete, restart the redis service using the systemctl command below.
systemctl restart redisAnd the basic Redis security for securing Redis installation has been applied to our host.
Other consideration, you may also need the ‘Data Encryption’ support for Redis, as well as the secure coding needed on the application side.
Step 5 – Testing
In this step, we’re going to test our Redis Server deployment using the ‘redis-cli’ command line.
– Testing Host and Authentication
Connect to the Redis Server using the redis-cli command by specifying the redis server hostname/ IP address and port.
redis-cli -h 10.5.5.15 -p 6379Change the ‘10.5.5.15’ with your IP address.
Once you’re connected to the server, try the ping command.
ping
ping "Hello Redis"Now you will get the result as below.
You’re getting ann error because you need to authenticate before invoking any command on the Redis CLI shell.
Run the following command to authenticate against the Redis Server.
AUTH [email protected]#$Once you’re authenticated, you can try the ping command and you will get a reply from the Redis server.
ping
ping "Hello Redis"Below is the result after you’re authenticated to the Redis Server.
– Testing Disabled/Renamed Command
Run all commands that we’ve renamed on the shell and you will get the command error.
CONFIG
FLUSHALLBelow is the error result of those commands.
Next, run the ‘CUSTOM’ commands for each.
Create a new Key using the ‘SET’ command as below.
SET Name "Hakase Labs"
SET Blog "Howtoforge.com"
Keys *Now delete all keys and data using the renamed ‘FLUSHALL’ command ‘DELITALL’.
DELITALLFor the ‘CONFIG’ command, you can try to retrieve or set up new value of the Redis Server configuration. The ‘CONFIG’ command renamed to ‘REDISCONFIG’.
REDISCONFIG get bind
REDISCONFIG get requirepassAnd below is the result of these new renamed custom command.
The Basic installation of Redis Server on CentOS 7 Server has been completed, and the basic security for Redis Server has been applied.
Reference
- https://redis.io/documentation
