These malware make use of server CPU and memory. They can install cron jobs also which will run in background.
If you abnormal usage of CPU , check the the process which is taking more CPU
running this command "top".
If redis-server is the process taking more CPU. Enable logs for redis.
By default logs are not enabled in redis.conf config file.
If you abnormal usage of CPU , check the the process which is taking more CPU
running this command "top".
If redis-server is the process taking more CPU. Enable logs for redis.
By default logs are not enabled in redis.conf config file.
# Specify the log file name. Also the empty string can be used to force
# Redis to log on the standard output. Note that if you use standard
# output for logging but daemonize, logs will be sent to /dev/null
logfile "/your-path/redis.log"
# Redis to log on the standard output. Note that if you use standard
# output for logging but daemonize, logs will be sent to /dev/null
logfile "/your-path/redis.log"
Also apply file permission and ownership to redis user for the file redis.log
There are many ways you can make REDIS server secure.
1. First thing is use REDIS as localhost , never attach any public IP to it.
use configuration edit your redis.conf file search and fine bind
bind 127.0.0.1
2. Second important thing is enable password for Redis
edit redis.conf file
requirepassword <strong password>
3. Disble dangerous Redis CLI commands
in redis.conf search for rename-command
rename-command CONFIG ""
rename-command BGREWRITEAOF ""rename-command BGSAVE ""rename-command SAVE ""rename-command SPOP ""rename-command SREM ""rename-command RENAME ""rename-command DEBUG ""rename-command FLUSHDB ""rename-command FLUSHALL ""rename-command KEYS ""rename-command PEXPIRE ""rename-command DEL ""rename-command SHUTDOWN ""
No comments:
Post a Comment