什么是Redis改变自己的配置

Question

Redis 将其自己的配置目录更改为/etc/cron.d并将 dbfile 更改为ntp而不是默认配置。一旦我们重新启动redis，它将重置为/var/lib/redis和dump.rdb，但过了一会儿，它会给出“无法打开RDB文件”错误

默认的 dire 和 rdb 文件具有正确的权限，并且 redis 只允许内部 IP。

命令行输出

127.0.0.1:6381> CONFIG GET dir
1) "dir"
2) "/etc/cron.d"
127.0.0.1:6381> CONFIG GET "dbfilename"
1) "dbfilename"
2) "ntp"

/var/log/redis/redis-server.log

3204:M 21 May 16:07:19.124 * Background saving terminated with success
3204:M 21 May 16:12:18.962 * 10000 changes in 60 seconds. Saving...
3204:M 21 May 16:12:18.967 * Background saving started by pid 25469
25469:C 21 May 16:12:20.931 * DB saved on disk
25469:C 21 May 16:12:20.934 * RDB: 3 MB of memory used by copy-on-write
3204:M 21 May 16:12:20.968 * Background saving terminated with success

3204:M 21 May 16:17:21.082 * 10 changes in 300 seconds. Saving...
3204:M 21 May 16:17:21.088 * Background saving started by pid 25865
25865:C 21 May 16:17:22.800 * DB saved on disk
25865:C 21 May 16:17:22.803 * RDB: 3 MB of memory used by copy-on-write
3204:M 21 May 16:17:22.891 * Background saving terminated with success
3204:M 21 May 16:17:43.669 # Failed opening the RDB file root (in server root dir /var/spool/cron) for saving: Read-only file system
3204:M 21 May 16:17:45.320 # Failed opening the RDB file ntp (in server root dir /etc/cron.d) for saving: Read-only file system
3204:M 21 May 16:22:23.086 * 10 changes in 300 seconds. Saving...
3204:M 21 May 16:22:23.092 * Background saving started by pid 26264
26264:C 21 May 16:22:23.093 # Failed opening the RDB file ntp (in server root dir /etc/cron.d) for saving: Read-only file system
3204:M 21 May 16:22:23.194 # Background saving error
3204:M 21 May 16:22:29.104 * 10 changes in 300 seconds. Saving...
3204:M 21 May 16:22:29.109 * Background saving started by pid 26265
26265:C 21 May 16:22:29.109 # Failed opening the RDB file ntp (in server root dir /etc/cron.d) for saving: Read-only file system
3204:M 21 May 16:22:29.209 # Background saving error
3204:M 21 May 16:22:35.016 * 10 changes in 300 seconds. Saving...

Answer 1

您的服务器可以通过互联网公开访问吗？

最可能的解释是有人正在连接到 redis 并发送命令以远程重新配置它，试图控制服务器。

有些机器人每天 24/7 扫描互联网，寻找暴露的软件和已知的漏洞。快速的经验法则是，上线的新服务将在 5 分钟内被发现并受到攻击。（尝试运行未打补丁的 Windows XP 服务器，您会惊奇地发现它的持续时间如此之短）。

考虑到 redis 以及整个服务器可能都受到了威胁。我希望您这个 redis 中没有敏感信息，否则就是数据泄露。

阻止公共访问、停用虚拟机、从头开始设置新虚拟机。

相关redis票证：https://github.com/antirez/redis/issues/3594