Install and Secure Redis on CentOS 7

Step 1 – Install and Enable Remi Repository

Firstly, we will add the Remi repository to the CentOS 7 system. The Remi repository provides the latest version of Redis package for our installation.

Before adding the Remi repository, let’s install the EPEL repository and yum utility packages.

sudo yum install epel-release yum-utils

Now add the Remi repository for CentOS 7 using the yum command below.

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm

After that, enable the ‘remi’ repository using the yum-config-manager tool as below.

sudo yum-config-manager --enable remi

The Remi repository has been added and enabled on the CentOS 7 system, check using the yum command below.

yum repolist enabled

And you will get the result as below.

Step 2 – Install Redis on CentOS 7

After installing the Remi repository, we will install the latest Redis package. You can check the available Redis version using the yum command below.

yum search redis
yum info redis

Now you will get the Redis 5.0.5 is available on the Remi repository.

Install Redis using the command below.

sudo yum -y install redis

Once the installation is complete, start the redis service and add it to the system boot.

systemctl start redis
systemctl enable redis

The Redis service is up and running with the default configuration, check the service status and the port used by the server.

systemctl status redis
netstat -plntu

And you will get the result as below.

The Redis server is up and running on CentOS 7 system, running the localhost IP address ‘127.0.0.1’ with default TCP port ‘6379’.

Step 3 – Configure Redis

In this step, we’re going to configure our Redis Server installation on the CentOS 7 server.

Edit the Redis configuration file ‘/etc/redis.conf’ using vim editor.

vim /etc/redis.conf

Now change ‘bind’ address with your internal IP address. If you’re running as a cluster, you can change with the private IP address. It’s recommended to run the Redis Server on private internal IP address.

bind 127.0.0.1

Now change the ‘daemonize’ value to ‘yes’, because we will run the Redis service as a daemon.

daemonize yes

Since we’re using the CentOS 7 server and systemd, so we need to change the ‘supervised’ line configuration to ‘systemd’.

supervised systemd

Save and close.

Now restart the redis service.

systemctl restart redis

The basic configuration of the Redis Server has been completed. Now connect to the Redis Server using the redis-cli command as below.

redis-cli

Run the ping command below.

ping
ping "Hello Redis"

If your installation is correct, you will get the ‘PONG’ reply and the message that you write after the command.

Step 4 – Securing Redis Installation

In this step, we’re going to secure our Redis installation. There are 3 things that you must know about securing the Redis Server.

1. Network Security
The Network security for redis server is related with the ‘bind’ configuration on the redis configuration ‘redis.conf’. It’s recommended to use the internal private network for your Redis installation and don’t use the public.

Edit the Redis configuration file ‘/etc/redis.conf’ using vim editor.

vim /etc/redis.conf

On the ‘bind’ section, change the IP address with your own internal network IP address.

bind INTERNAL-IP-ADDRESS

Save and close. And now the redis service will run under the ‘INTERNAL-IP-ADDRESS’.

2. Password Authentication
The password authentication for Redis will give you access control to your Redis server. This is a little layer of security that will enhance your Redis server security, and it is not yet enabled by default installation.

To enable the Password Authentication for Rediser server, you will need to uncomment the ‘requirepass’ section on the ‘redis.conf’ file and type your strong password after it.

requirepass hakase-labs321@#$

Change the ‘hakase-labs321@#$’ with your strong password. And now the password authentication for Redis has been enabled.

3. Disabling Dangerous Redis Command
Redis provides a feature for disabling some specific Redis command. This feature can be used to rename or disable some of the dangerous commands such as ‘FLUSHALL’ for erasing all data, ‘CONFIG’ command to setup configuration parameter through the Redis CLI, etc.

To change or disable the Redis command, you can use the ‘rename-command’ option. Edit the redis configuration file ‘redis.conf’ and add some configurations below.

# rename-command COMMAND "CUSTOM"
rename-command CONFIG "REDISCONFIG"
rename-command FLUSHALL "DELITALL"

Save and close. Once all is complete, restart the redis service using the systemctl command below.

systemctl restart redis

And the basic Redis security for securing Redis installation has been applied to our host.

Other consideration, you may also need the ‘Data Encryption’ support for Redis, as well as the secure coding needed on the application side.

Step 5 – Testing

In this step, we’re going to test our Redis Server deployment using the ‘redis-cli’ command line.

– Testing Host and Authentication
Connect to the Redis Server using the redis-cli command by specifying the redis server hostname/ IP address and port.

redis-cli -h 10.5.5.15 -p 6379

Change the ‘10.5.5.15’ with your IP address. Once you’re connected to the server, try the ping command.

ping
ping "Hello Redis"

If you’re getting ann error because you need to authenticate before invoking any command on the Redis CLI shell.

Run the following command to authenticate against the Redis Server.

AUTH hakase-labs321@#$

Once you’re authenticated, you can try the ping command and you will get a reply from the Redis server.

ping
ping "Hello Redis"

Src: https://www.howtoforge.com/how-to-install-and-secure-redis-on-centos-7/

Share

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.