CentOS

How to Install and Secure Redis on CentOS 8

What is Redis?

Redis is an open-source in-memory key-value data store that supports different kinds of data structures. It can be used as a database, cache, message broker, and queue.

Its amazingly fast, written in C and built-in replication with different levels of on-disk persistence, provides high availability through Redis Sentinel and automatic partitioning with Redis Cluster.

In this tutorial, you will learn how to install and manage Redis on the CentOS 8 Server. Furthermore, you will learn how to secure Redis with Password authentication, setup bind IP address to local Network, and disable Redis dangerous command.

Prerequisites

For this tutorial, make sure you have got a CentOS 8 server with root the sudo privileges.

Below is the tutorial about the CentOS 8 server installation.

Install CentOS 8 Server

Before going any further, log in to your CentOS server and type the sudo command to get the root privileges on your system.

sudo su

Step 1 – Install Redis

First, you will install the Redis packages, which available by default on the CentOS AppStream repository.

Install Redis to the CentOS 8 Server using the dnf command below.

dnf install redis

Once the installation is finished, start the Redis service and add it to the system boot, then check the Redis service status.

systemctl enable --now redis
systemctl status redis

As a result, the Redis service is up and running, and you’ve successfully installed Redis on the CentOS 8 server.

Install Redis on CentOS 8

Step 2 – Configure Redis

In general, the default Redis configuration file located at the ‘/etc/redis.conf’. And for this step, you will learn the basic configuration of Redis by editing its configuration file.

Edit the Redis configuraiton ‘/etc/redis.conf’ using vim editor.

vim /etc/redis.conf

On the ‘bind’ option, define the IP address that Redis will run under. Use the localhost ‘127.0.0.1’ or use your local network IP address.

bind 127.0.0.1

Now change the ‘supervised’ option to ‘systemd’, because the default service manager for CentOS is systemd.

supervised systemd

Save and close.

Next, restart the Redis service and make sure there is no error.

systemctl restart redis

As a result, you’ve successfully configured Redis on the CentOS system.

Now test the Redis configuration using the ‘redis-cli’ command as below.

redis-cli

The ‘redis-cli’ command will automatically connect to the Redis server on your system.

Now send the ‘ping’ message to a Redis server.

ping

You will get the ‘PONG’ as a response.

Next, create a new key named ‘test’ with the value ‘Redis is Working!’, then call the ‘test’ key.

set test "Redis is Working!"
get test

And you will get the value ‘Redis is Working!‘ as can be seen below.

Redis Basic Configuration

As a result, your Redis configuration is working without any error, now type ‘exit’ to logout from the ‘redis-CLI’ shell.

Step 3 – Secure Redis

At this stage, your Redis service is up and running, but its important to realize that you must secure your Redis installation.

For this step, you will secure Redis by specifying the bind-address, enable Redis password authentication, and disable/rename some Redis dangerous command.

Edit the Redis confogiration ‘/etc/redis.conf’ using vim editor.

vim /etc/redis.conf

– Bind Address to Local Network

For the production environment, you should run Redis on the internal IP address. And for security reasons, don’t run Redis server under the public IP address.

Run Redis under the internal network IP address using the ‘bind’ option as below.

bind 10.5.5.36

As a result, the Redis service will be run on the local IP address ‘10.5.5.36’.

– Enable Password Authentication

By default, the password authentication on Redis is disabled. You will generate a new password and enable Redis authentication through the ‘requirepass’ option.

Open a new SSH session and generate a new password using the openssl command below.

openssl rand 60 | openssl base64 -A

Copy the password to your note.

After that, back to the previous SSH session, uncomment the ‘requirepass’ option and change the password with your own.

requirepass Ut3MXiWIlqMPkTrDBSk4ifAzvFDQkCUH9F8BdMMnDwIsSPN/yHTXS/TaYpZ4m5e1Z3DaDBfHBNuZJMQw

As a result, you’ve enabled password authentication for the Redis server.

– Disable/Rename Dangerous Commands

On Redis, you can disable commands or make it an unguessable name. In effect, a normal client cannot run some dangerous commands on the Redis server.

To disable command on Redis, use the ‘rename-command’ option. Also, you must disable the ‘CONFIG’ command, so the normal client cannot read the Redis configuration.

Disable Redis command using the ‘rename-command’ as below.

# rename-command COMMAND "CUSTOM"
rename-command FLUSHALL "DefineYourCommandForFlushAsYouWant"
rename-command CONFIG "DefineYourCommandForShowingConfigRedis"

As a result, you’ve disabled the ‘FLUSHALL’ and ‘CONFIG’ command. A normal client cannot run both commands, and will not be able to read the Redis configuration.

Next, restart the Redis service to apply the new configuration.

systemctl restart redis

And finally, you’ve successfully secured the Redis Server.

Step 4 – Testing

In this step, you will test the Redis authentication and run disabled commands.

– Testing Redis Password Authentication

To test Redis authentication, run the ‘redis-cli’ command below.

redis-cli

Now type the ‘ping’ query and create a new key named ‘key1’ as below.

ping
set key1 "value1"

And you will get an error response about the ‘Authentication Required‘ for both commands.

Next, authenticate against Redis Server using your password.

auth Ut3MXiWIlqMPkTrDBSk4ifAzvFDQkCUH9F8BdMMnDwIsSPN/yHTXS/TaYpZ4m5e1Z3DaDBfHBNuZJMQw

If your password is correct, you will get an ‘OK‘ response.

After that, run the ping command again and create a new key.

ping
set key1 "value1"
get key1

Once you’re authenticated, you will get the ‘PONG‘ response, and you’ve created a new key named ‘key1‘.

Enable Authentication on Redis

As a result, you’ve successfully enabled the Redis Password Authentication.

– Run Renamed Command

At the top, you’ve disabled the ‘FLUSHALL’ and ‘CONFIG’ commands.

The ‘FLUSHALL’ command is used to delete all keys from the database, and the ‘CONFIG’ command is used to set up and show the configuration of Redis.

Remove all available keys on the Redis server using the ‘FLUSHALL’ command below.

FLUSHALL

Now you will get an error response ‘Unknow command ‘FLUSHALL’‘ because it’s disabled.

Also, for the ‘CONFIG’ command, you will get the same error response.

CONFIG

The ‘unknown command ‘CONFIG’‘.

Now try to use the command that you’ve defined on the Redis configuration.

DefineYourCommandForFlushAsYouWant
DefineYourCommandForShowingConfigRedis get bind
DefineYourCommandForShowingConfigRedis get supervised

And you will get the result as below.

Redis Disable Dangerous Command

As a result, you’ve successfully disabled commands on the Redis Server.

And finally, you’ve successfully install Redis on the CentOS 8 Server. Also, you’ve secured the Redis Server installation.

Write A Comment