The exploit enables uploading SSH keys into redis and then dumping the same into the authorized_keys file.
Immediate steps to be taken to protect against the exploit :
- Bind redis to 127.0.0.1 if it is only being connected to locally or atleast only bind to the private network IP. In redis.conf , set the bind parameter and restart redis server:
If at all redis server needs public access, use iptables to restrict the redis port to specific IPs.
2. Run redis server as a non-root user which does not have any shell access. This is very important because the attacker cannot gain root privileges and cannot use a login shell.
3. Enable authentication in redis and use AUTH for all connections  .
- Add to redis.conf a random password :
- Configure your redis client to use AUTH for every connection :
- Restart redis server.
4. Secure the data directory and config files :
chmod 0600 /path/to/redis.conf
chmod 0700 /path/to/redis/datadir
Further recommended steps :
- For another layer of security, use stunnel to proxy encrypted data to and from redis.
- Disable commands that are not used, that could be dangerous like FLUSHALL or FLUSHDB in the config file or rename it to a random string:
rename-command FLUSHDB “”rename-command FLUSHALL “”
rename-command CONFIG averylonghardtoguessstring]]>
Check the pricing of our offerings here