Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
ArtiomK2020-08-06 19:19:07
Redis
ArtiomK, 2020-08-06 19:19:07

Redis in Docker container (accessible from the Internet) suddenly starts writing to var/spool/cron how to solve this problem?

Just yesterday I installed a Redis 6 server in a Docker container (the container is available from the Internet). After a few hours, the container has such a problem, it starts trying to work with the var/spool/cron directory. After restarting the container, everything works fine, after a few hours the problem recurs.

I was looking for a similar problem, they write that this is supposedly due to the fact that Redis is hacked:
Link

Is this so, or is it a problem in the configuration of the dockerfile or something else, how to solve such a problem?

FROM redis:6.0-alpine

WORKDIR /usr/src/app

RUN apk add --no-cache tzdata

ENV TZ=Europe/Moscow

RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

COPY redis.conf /usr/local/etc/redis/redis.conf

CMD [ "redis-server", "/usr/local/etc/redis/redis.conf" ]

RUN chmod 0755 /usr/src/app/
RUN chmod 0755 /etc/crontabs/
RUN chmod 0755 /data/


Key places in the Redis configuration file:

# bind 192.168.1.100 10.0.0.1
# bind 127.0.0.1 ::1

protected-mode no  # Без этого не доступен из Интернета

port 6379

dbfilename dump.rdb

dir ./

user someusername allcommands allkeys on >somelongpassword  # вроде бы пароль работает, без него не могу зайти


I run it like this:
docker run -p 6379:6379 -v somevolume:/usr/src/app --name myhackedredisname -d --network somenetwork myhackedredisname_image


Prinskrin from the terminal I pin:
5f2c2d4e2297f443766288.png

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
ArtiomK, 2020-08-09
@ArtiomK

As the person who wrote the C++ connector for Redis correctly answered, Redis has one more user whose existence is not shown in the configuration file in any way - the default user.
This user by default does not have any password at all, under this user they logged in when hacking.
The existence of this user explains why I was getting an error when trying to make a protected mod enabled.
In the end, I turned off the default user, an alternative option to make him a password and turned on the protected mod.
Total:
Dockerfile:

FROM redis:6.0-alpine

WORKDIR /usr/src/app

RUN apk add --no-cache tzdata

ENV TZ=Europe/Moscow

RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

COPY redis.conf /usr/local/etc/redis/redis.conf

CMD [ "redis-server", "/usr/local/etc/redis/redis.conf" ]

In the Redis config file:
protected-mode yes

user default off

user someusername allcommands allkeys on >somelongpassword # можно также отключить часть команд

Similar questions
F
freeeeez2021-04-26 10:15:06
How to refresh the page when going back in the browser? 1Reply
R
Roman Terekhin2015-06-24 13:30:58
Many many different html - separate files or database? 1Reply
A
Alexander Shendrik2015-06-30 21:05:53
Which is better: Redis or Python dict? 2Reply
P
pingo2019-11-21 12:26:20
For what reason can an opencart user log in under someone else's account? 0Reply
P
programmerjava2015-08-03 18:21:29
Hibernate cache lvl2 vs Redis? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question