redis啟動時警告資訊去除及簡單安全設定

標籤：redis

windows: https://github.com/MSOpenTech/redis/releases

12645:M 29 Jul 23:05:55.764 # Server started, Redis version 3.0.3

12645:M 29 Jul 23:05:55.766 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add ‘vm.overcommit_memory = 1‘ to /etc/sysctl.conf and then reboot or run the command ‘sysctl vm.overcommit_memory=1‘ for this to take effect.

12645:M 29 Jul 23:05:55.767 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command ‘echo never > /sys/kernel/mm/transparent_hugepage/enabled‘ as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.

12645:M 29 Jul 23:05:55.769 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.

12645:M 29 Jul 23:05:55.769 * The server is now ready to accept connections on port 6379

==>

# echo "vm.overcommit_memory = 1" >> /etc/sysctl.conf  or sysctl vm.overcommit_memory=1

# echo never > /sys/kernel/mm/transparent_hugepage/enabled

# echo "net.core.somaxconn = 511" >> /etc/sysctl.conf or  echo 511 > /proc/sys/net/core/somaxconn

啟動:

[[email protected] ~]# redis-server /etc/redis.conf 

12704:M 29 Jul 23:33:25.615 * Increased maximum number of open files to 10032 (it was originally set to 1024).

                _._                                                  

           _.-``__ ‘‘-._                                             

      _.-``    `.  `_.  ‘‘-._           Redis 3.0.3 (00000000/0) 64 bit

  .-`` .-```.  ```\/    _.,_ ‘‘-._                                   

 (    ‘      ,       .-`  | `,    )     Running in standalone mode

 |`-._`-...-` __...-.``-._|‘` _.-‘|     Port: 6379

 |    `-._   `._    /     _.-‘    |     PID: 12704

  `-._    `-._  `-./  _.-‘    _.-‘                                   

 |`-._`-._    `-.__.-‘    _.-‘_.-‘|                                  

 |    `-._`-._        _.-‘_.-‘    |           http://redis.io        

  `-._    `-._`-.__.-‘_.-‘    _.-‘                                   

 |`-._`-._    `-.__.-‘    _.-‘_.-‘|                                  

 |    `-._`-._        _.-‘_.-‘    |                                  

  `-._    `-._`-.__.-‘_.-‘    _.-‘                                   

      `-._    `-.__.-‘    _.-‘                                       

          `-._        _.-‘                                           

              `-.__.-‘                                               

12704:M 29 Jul 23:33:25.616 # Server started, Redis version 3.0.3

12704:M 29 Jul 23:33:25.616 * DB loaded from disk: 0.000 seconds

12704:M 29 Jul 23:33:25.616 * The server is now ready to accept connections on port 6379

Redis 未授權訪問漏洞————————

漏洞描述：

 

redis 預設不要求輸入密碼即可訪問，駭客直接存取即可擷取資料庫中所有資訊，造成嚴重的資訊泄露。

 

修複方案：

1、綁定需要訪問資料庫的IP

修改 redis.conf 中的 “bind 127.0.0.1” ，改成需要訪問此資料庫的IP地址。

bind 192.168.31.202 192.168.31.200

bind 127.0.0.1

2、設定訪問密碼

在 redis.conf 中找到“requirepass”欄位，在後面填上你需要的密碼。

 

 

註：上述兩種方法修改後，需要重啟redis才會生效。

本文出自 “態度決定一切” 部落格，請務必保留此出處http://relearn.blog.51cto.com/2605709/1696731

redis啟動時警告資訊去除及簡單安全設定