In this article, we have covered how it is easy to install and configure Redis on AlmaLinux 9. We will install redis-cli 6.2.7.
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker. It supports data structures such as strings, hashes, lists, sets, sorted sets with range queries, bitmaps, hyperloglogs, geospatial indexes with radius queries and streams.
Redis was designed for use by trusted clients in a trusted environment, and has no robust security features of its own. Redis does, however, have a few security features like a basic unencrypted password as well as command renaming and disabling.
We have covered installation and configuration of Redis.
Prerequisites
- A AlmaLinux 9 installed dedicated server or KVM VPS.
- A root user access or normal user with sudo privileges.
Step 1 – Keep the server up to date
dnf update -y
Step 2 – Install Redis
Run following DNF package manager command to install Redis.
dnf install redis -y
This is important configuration change to make in the Redis configuration file. supervised directive allows you to delivery an init system to manage Redis as a service.
Edit "redis.conf" file.
vi /etc/redis/redis.conf
Find supervised auto or supervised. Uncomment it and change the supervised value to systemd like shown below:
...
supervised systemd
Save and exit the Redis configuration file. After editing the file, start and enable the Redis service:
systemctl start redis
systemctl enable redis
To verify that Redis has installed successfully, we can run following command:
redis-cli ping
Output:
PONG
At this point, Redis is running on our server and we can begin configuring it to enhance its security.
Step 3 – Configure Firewall
We need to add Redis port in firewalld configuration using the firewall-cmd command.
firewall-cmd --permanent --add-port=6379/tcp
Reload the firewall to implement the new rule.
firewall-cmd --reload
Step 4 – Configure a Redit password
Configuring a Redis password enables one of its built-in security features. The auth command, which requires clients to authenticate before being allowed access to the database. Like the bind setting, the password is configured directly in Redis’s configuration file, /etc/redis/redis.conf. Reopen that file:
vi /etc/redis/redis.conf
Find requirepass.
# requirepass foobared
Uncomment it by removing the #, and change foobared to a very strong password of your choosing. You can generate strong password using our Password Generator tool.
After setting the password, save and close the file then restart Redis:
systemctl restart redis
To test that the password works, open the Redis client:
redis-cli
A sequence of commands used to verify whether the Redis password is working is as follows. Before authenticating, the first command tries to set a key to a value:
127.0.0.1:6379> set key1 23
That won’t work as you have not yet authenticated, so Redis returns an error:
Output
(error) NOAUTH Authentication required.
The following command authenticates with the password specified in the Redis configuration file:
127.0.0.1:6379> auth your_redis_password
Redis will acknowledge that you have been authenticated:
Output
OK
After that, running the previous command again should be successful:
127.0.0.1:6379> set key1 23
Output
OK
The get key1 command queries Redis for the value of the new key:
127.0.0.1:6379> get key1
Output
"23"
This last command exits redis-cli. You may also use exit:
127.0.0.1:6379> quit
Step 5 – Rename Commands
Redis allows us to rename commands as a security feature. Also we can disable certain commands.
To Rename commands, follow this steps:
Edit Redis configuration file.
vi /etc/redis/redis.conf
Add following line:
rename-command FLUSHDB FDB
Once we restart the Redis service, use "FDB" command instead of "FLUSHDB".
To disable commands, add follow line:
rename-command FLUSHDB ""
Empty string will disable that command.
Save and exit the configuration file. Then apply the changes by restarting Redis:
systemctl restart redis
You can verify it by running the command in the "redis-cli".
Remember: The best time to rename/disable a command is, before your Redis-using application has been deployed
We have seen, how to install and configure Redis on AlmaLinux 9. Here is the recommended guide by Redis developers in the official Redis security guide.
