Center中redis安全漏洞

4 年 ago

HXWK

1 minute

注: 本文档内容适用于Auditsys4.5X版本的Center

场景说明：客户POC测试环境, 客户通过青藤云扫描出Center上的两个Redis高危漏洞。

漏洞1

$C:\Users\admin\AppData\Roaming\DingTalk\695081282_v2\ImageFiles\b7\lALPD4PvMe15x5fNAxrNA6w_940_794.png$

漏洞2

$C:\Users\admin\AppData\Roaming\DingTalk\695081282_v2\ImageFiles\dd\lADPBG1Q7ixn_YPNA63NB4A_1920_941.jpg$

处理办法

切换到目录：cd /etc/systemd/system

修改配置文件vi redis.service如下

$C:\Users\admin\AppData\Roaming\DingTalk\695081282_v2\ImageFiles\a1\lALPD4d8sRm7u3LNAW3NAh4_542_365.png$

[Unit]

Description=Redis

After=network.target

[Service]

Type=forking

ExecStart=/usr/local/redis/bin/redis-server /usr/local/redis/etc/redis.conf

ExecReload=/bin/kill -s HUP $MAINPID

ExecStop=/bin/kill -s QUIT $MAINPID

PrivateTmp=false

Restart=always

User=auditsys

Group=auditsys

StartLimitIntervalSec=0

RestartSec=60

[Install]

WantedBy=multi-user.target

删除根目录下dump.rdb目录：rm -rf /dump.rdb

修改配置文件：vi /usr/local/redis/etc/redis.conf +150

pidfile /usr/local/redis/redis.pid

修改配置文件：vi /usr/local/redis/etc/redis.conf +247

dir /usr/local/redis/

创建auditsys用户useradd auditsys ,修改密码：passwd P@ssw0rd1234.

改变redis目录的属组：

chown -R auditsys:auditsys redis/

重启systemctl daemon-reload， systemctl restart redis

查看redis运行ps –ef |grep redis

$C:\Users\admin\AppData\Roaming\DingTalk\695081282_v2\ImageFiles\7d\lALPD4PvMnUBO2k7zQLR_721_59.png$