Install and Secure Redis on CentOS 7 Rumi, July 21, 2021 Step 1 – Install and Enable Remi Repository Firstly, we will add the Remi repository to the CentOS 7 system. The Remi repository provides the latest version of Redis package for our installation. Before adding the Remi repository, let’s install the EPEL repository and yum utility packages. sudo yum install epel-release yum-utils Now add the Remi repository for CentOS 7 using the yum command below. sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm After that, enable the ‘remi’ repository using the yum-config-manager tool as below. sudo yum-config-manager --enable remi The Remi repository has been added and enabled on the CentOS 7 system, check using the yum command below. yum repolist enabled And you will get the result as below. Step 2 – Install Redis on CentOS 7 After installing the Remi repository, we will install the latest Redis package. You can check the available Redis version using the yum command below. yum search redis yum info redis Now you will get the Redis 5.0.5 is available on the Remi repository. Install Redis using the command below. sudo yum -y install redis Once the installation is complete, start the redis service and add it to the system boot. systemctl start redis systemctl enable redis The Redis service is up and running with the default configuration, check the service status and the port used by the server. systemctl status redis netstat -plntu And you will get the result as below. The Redis server is up and running on CentOS 7 system, running the localhost IP address ‘127.0.0.1’ with default TCP port ‘6379’. Step 3 – Configure Redis In this step, we’re going to configure our Redis Server installation on the CentOS 7 server. Edit the Redis configuration file ‘/etc/redis.conf’ using vim editor. vim /etc/redis.conf Now change ‘bind’ address with your internal IP address. If you’re running as a cluster, you can change with the private IP address. It’s recommended to run the Redis Server on private internal IP address. bind 127.0.0.1 Now change the ‘daemonize’ value to ‘yes’, because we will run the Redis service as a daemon. daemonize yes Since we’re using the CentOS 7 server and systemd, so we need to change the ‘supervised’ line configuration to ‘systemd’. supervised systemd Save and close. Now restart the redis service. systemctl restart redis The basic configuration of the Redis Server has been completed. Now connect to the Redis Server using the redis-cli command as below. redis-cli Run the ping command below. ping ping "Hello Redis" If your installation is correct, you will get the ‘PONG’ reply and the message that you write after the command. Step 4 – Securing Redis Installation In this step, we’re going to secure our Redis installation. There are 3 things that you must know about securing the Redis Server. 1. Network Security The Network security for redis server is related with the ‘bind’ configuration on the redis configuration ‘redis.conf’. It’s recommended to use the internal private network for your Redis installation and don’t use the public. Edit the Redis configuration file ‘/etc/redis.conf’ using vim editor. vim /etc/redis.conf On the ‘bind’ section, change the IP address with your own internal network IP address. bind INTERNAL-IP-ADDRESS Save and close. And now the redis service will run under the ‘INTERNAL-IP-ADDRESS’. 2. Password Authentication The password authentication for Redis will give you access control to your Redis server. This is a little layer of security that will enhance your Redis server security, and it is not yet enabled by default installation. To enable the Password Authentication for Rediser server, you will need to uncomment the ‘requirepass’ section on the ‘redis.conf’ file and type your strong password after it. requirepass hakase-labs321@#$ Change the ‘hakase-labs321@#$’ with your strong password. And now the password authentication for Redis has been enabled. 3. Disabling Dangerous Redis Command Redis provides a feature for disabling some specific Redis command. This feature can be used to rename or disable some of the dangerous commands such as ‘FLUSHALL’ for erasing all data, ‘CONFIG’ command to setup configuration parameter through the Redis CLI, etc. To change or disable the Redis command, you can use the ‘rename-command’ option. Edit the redis configuration file ‘redis.conf’ and add some configurations below. # rename-command COMMAND "CUSTOM" rename-command CONFIG "REDISCONFIG" rename-command FLUSHALL "DELITALL" Save and close. Once all is complete, restart the redis service using the systemctl command below. systemctl restart redis And the basic Redis security for securing Redis installation has been applied to our host. Other consideration, you may also need the ‘Data Encryption’ support for Redis, as well as the secure coding needed on the application side. Step 5 – Testing In this step, we’re going to test our Redis Server deployment using the ‘redis-cli’ command line. – Testing Host and Authentication Connect to the Redis Server using the redis-cli command by specifying the redis server hostname/ IP address and port. redis-cli -h 10.5.5.15 -p 6379 Change the ‘10.5.5.15’ with your IP address. Once you’re connected to the server, try the ping command. ping ping "Hello Redis" If you’re getting ann error because you need to authenticate before invoking any command on the Redis CLI shell. Run the following command to authenticate against the Redis Server. AUTH hakase-labs321@#$ Once you’re authenticated, you can try the ping command and you will get a reply from the Redis server. ping ping "Hello Redis" Src: https://www.howtoforge.com/how-to-install-and-secure-redis-on-centos-7/ Collected Articles Configurations (Linux) CentOSCentOS 7Redis
Installing and securing Redis on CentOS 7 involves setting up the Redis server and implementing security measures to protect your Redis instance. Here’s a step-by-step guide: Step 1: Install Redis 1. Update the package repositories: “`bash sudo yum update “` 2. Install Redis: “`bash sudo yum install redis “` Step 2: Configure Redis 1. Open the Redis configuration file for editing: “`bash sudo nano /etc/redis.conf “` 2. Modify the following settings to improve security: – Change `bind` to `127.0.0.1` to bind Redis to localhost. – Set `requirepass` to a strong password. – Optionally, adjust other settings as needed. 3. Save and close the file. Step 3: Start and Enable Redis 1. Start the Redis service: “`bash sudo systemctl start redis “` 2. Enable Redis to start on boot: “`bash sudo systemctl enable redis “` Step 4: Test Redis Connectivity 1. Check that Redis is running: “`bash redis-cli ping “` You should receive a response of “PONG.” Step 5: Configure Firewall 1. If the firewall is enabled, allow Redis traffic: “`bash sudo firewall-cmd –add-port=6379/tcp –permanent sudo firewall-cmd –reload “` Step 6: Secure Redis Access 1. To secure Redis further, you can limit access to specific IP addresses or networks. Edit the Redis configuration file: “`bash sudo nano /etc/redis.conf “` 2. Add the following line to allow connections only from localhost: “` bind 127.0.0.1 “` 3. Save and close the file. Step 7: Authentication 1. Open the Redis configuration file again: “`bash sudo nano /etc/redis.conf “` 2. Uncomment the `requirepass` line and set a strong password: “` requirepass your_strong_password “` 3. Save and close the file. Step 8: Restart Redis 1. Restart the Redis service to apply the changes: “`bash sudo systemctl restart redis “` Step 9: Test Authentication 1. Test the password authentication: “`bash redis-cli -a your_strong_password ping “` You should receive a response of “PONG.” Step 10: Monitor and Maintain 1. Monitor the Redis logs for any issues: “`bash sudo journalctl -u redis “` 2. Keep Redis up to date and apply security updates as needed. By following these steps, you’ll have installed and secured Redis on your CentOS 7 system, protecting your Redis instance from unauthorized access.