本文旨在闡明如何在centos 7的系統下,安全安裝redis服務。
1,禁止redis開放到外網
2,爲redis配置登陸密碼
3,以非root用戶啓動
4,禁用掉危險的命令
下面以在centos7的系統環境下,安裝redis 4.0.14爲例,
前面步驟按照常規,先下載redis源碼包,解壓,編譯和安裝
cd /usr/local/src && wget http://download.redis.io/releases/redis-4.0.14.tar.gz
tar -zxvf redis-4.0.14.tar.gz && cd redis-4.0.14
make && make install
cp redis.conf /etc/
創建一個redis用戶,用於運行redis命令
useradd redis
passwd redis
修改redis的配置文件:
#支持後臺啓動
sed -i "s#daemonize no#daemonize yes#g" /etc/redis.conf
#日誌文件存放路徑配置
sed -i 's#logfile ""#logfile "/home/redis/redis.log"#g' /etc/redis.conf
#數據文件存放路徑
sed -i 's#dir ./#dir /home/redis/#g' /etc/redis.conf
sed -i 's#appendonly no#appendonly yes#g' /etc/redis.conf
#給config命令重命名
echo "rename-command CONFIG CONFIG_xxMnq5ul0c" >> /etc/redis.conf
#禁用掉清空數據庫的命令
echo 'rename-command FLUSHDB ""' >> /etc/redis.conf
echo 'rename-command FLUSHALL ""'>> /etc/redis.conf
#爲redis配置密碼
echo "requirepass password" >> /etc/redis.conf
爲redis服務配置service文件:
vim /etc/init.d/redis
#!/bin/sh
#
# Simple Redis init.d script conceived to work on Linux systems
# as it does use of the /proc filesystem.
### BEGIN INIT INFO
# Provides: redis_6379
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Redis data structure server
# Description: Redis data structure server. See https://redis.io
### END INIT INFO
REDISPORT=6379
EXEC=/usr/local/bin/redis-server
CLIEXEC=/usr/local/bin/redis-cli
PIDFILE=/home/redis/redis_${REDISPORT}.pid
CONF="/etc/redis.conf"
start()
{
if [ -f $PIDFILE || ]
then
echo "$PIDFILE exists, process is already running or crashed"
else
echo "Starting Redis server..."
$EXEC $CONF
fi
}
stop()
{
if [ ! -f $PIDFILE ]
then
echo "$PIDFILE does not exist, process is not running"
else
PID=$(cat $PIDFILE)
echo "Stopping ..."
$CLIEXEC -p $REDISPORT -a 'PASSWORD' shutdown
while [ -x /proc/${PID} ]
do
echo "Waiting for Redis to shutdown ..."
sleep 1
done
echo "Redis stopped"
fi
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo "Please use start,stop or restart as first argument"
;;
esac
然後執行命令:
chmod +x /etc/init.d/redis
chkconfig --add redis
啓動的時候,可以使用下面的命令進行啓動:
su - redis -c "service redis start"
關閉命令:su -redis -c "service redis stop"
一些不足之處:
1,在service文件中,將密碼寫在了這個文件裏面,因爲redis-cli關閉服務的時候,需要使用密碼認證。
2,所有的文件都放在了/home/redis/下面。
如果大家有些什麼好的改進,請在下方留言,謝謝!!