Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
ArtiomK2020-08-06 19:19:07
Redis
ArtiomK, 2020-08-06 19:19:07

Redis in Docker container (accessible from the Internet) suddenly starts writing to var/spool/cron how to solve this problem?

Just yesterday I installed a Redis 6 server in a Docker container (the container is available from the Internet). After a few hours, the container has such a problem, it starts trying to work with the var/spool/cron directory. After restarting the container, everything works fine, after a few hours the problem recurs.

I was looking for a similar problem, they write that this is supposedly due to the fact that Redis is hacked:
Link

Is this so, or is it a problem in the configuration of the dockerfile or something else, how to solve such a problem?

FROM redis:6.0-alpine

WORKDIR /usr/src/app

RUN apk add --no-cache tzdata

ENV TZ=Europe/Moscow

RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

COPY redis.conf /usr/local/etc/redis/redis.conf

CMD [ "redis-server", "/usr/local/etc/redis/redis.conf" ]

RUN chmod 0755 /usr/src/app/
RUN chmod 0755 /etc/crontabs/
RUN chmod 0755 /data/


Key places in the Redis configuration file:

# bind 192.168.1.100 10.0.0.1
# bind 127.0.0.1 ::1

protected-mode no  # Без этого не доступен из Интернета

port 6379

dbfilename dump.rdb

dir ./

user someusername allcommands allkeys on >somelongpassword  # вроде бы пароль работает, без него не могу зайти


I run it like this:
docker run -p 6379:6379 -v somevolume:/usr/src/app --name myhackedredisname -d --network somenetwork myhackedredisname_image


Prinskrin from the terminal I pin:
5f2c2d4e2297f443766288.png

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
ArtiomK, 2020-08-09
@ArtiomK

As the person who wrote the C++ connector for Redis correctly answered, Redis has one more user whose existence is not shown in the configuration file in any way - the default user.
This user by default does not have any password at all, under this user they logged in when hacking.
The existence of this user explains why I was getting an error when trying to make a protected mod enabled.
In the end, I turned off the default user, an alternative option to make him a password and turned on the protected mod.
Total:
Dockerfile:

FROM redis:6.0-alpine

WORKDIR /usr/src/app

RUN apk add --no-cache tzdata

ENV TZ=Europe/Moscow

RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

COPY redis.conf /usr/local/etc/redis/redis.conf

CMD [ "redis-server", "/usr/local/etc/redis/redis.conf" ]

In the Redis config file:
protected-mode yes

user default off

user someusername allcommands allkeys on >somelongpassword # можно также отключить часть команд

Similar questions
H
Hanry6542020-01-02 22:27:04
Is it possible to get a callback when a key expires in redis? 1Reply
R
River00512019-05-14 20:43:40
How can I cache only part of the html code on the page? 4Reply
M
mitaichik2017-01-23 14:14:16
How to count the number of events per hour? 2Reply
E
Eugene2015-01-24 10:58:26
What is the best way to implement the output of popular posts in 24 hours? 3Reply
V
Vitaly Vitaly2015-01-25 15:22:26
Where to store data that changes every 3-6 months? 5Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question