I am using Spring Jedis Client to use Redis in my application. I want to rename the commands so that no one else can fire the same just in case they are able to connect to my server.
Can anyone give an example of how to use rename command from Jedis and then how to fire subsequent commands using the the modified one ?
You can't rename a Redis command yet w/o changing the config file issue #640.
Even if you add the rename-command config file directive and restart your Redis, Jedis doesn't seem to allow sending arbitrary commands easily or to provide a trivial (i.e. no code changes) way to rename them.
What you could do, however, if you're really insistent on renaming a command and then calling it from Jedis is EVAL it. This will probably go in my pantheon of ugly hacks (:)) but after adding rename-command get foo to my /etc/redis/redis.conf and doing service redis-server restart look what I can do:
$ redis-cli
redis 127.0.0.1:6379> set bar baz
OK
redis 127.0.0.1:6379> get bar
(error) ERR unknown command 'get'
redis 127.0.0.1:6379> foo bar
"baz"
redis 127.0.0.1:6379> eval "return(redis.call('get', KEYS[1]))" 1 bar
(error) ERR Error running script (call to f_db0e060e4f58231d51f21685b20ff847de8ab9e1): Unknown Redis command called from Lua script
redis 127.0.0.1:6379> eval "return(redis.call('foo', KEYS[1]))" 1 bar
"baz"
redis 127.0.0.1:6379>
Of course, if you take this route your code can get pretty messy in no time at all so be careful where you tread... Good luck!
If a malicious user connects directly to Redis, then one can access all opcodes.
There is no feature in the Redis library to rename commands. Even if you expose access to a custom API that renames commands, you cannot change the inner opcodes of Redis itself.
Edit:
You're right, it is possible to rename commands by changing the config file indeed!
After you set the new command names, you have to recompile Jedis.
First rename the enum on src/main/java/redis/clients/jedis/Protocol.java, line 203.
Now find the corresponding enum usage on src/main/java/redis/clients/jedis/BinaryClient.java and change it also.
It may be sufficient: everywhere you still keep the old command java interfaces (e.g. zadd etc.), and inside Jedis it will talk to Redis calling the renamed command.
Is that your intention ?
Related
On ubuntu 16.04. Interacting with a local redis instance via redis-cli. Working with a node hubot script which uses redis as its primary data store.
when I type keys * I get a single key hubot:storage
so I FLUSHALL and get an ok response. But if the Hubot is running or else as soon as it turns on, it restores the value of that key immediately so I can never delete it.
I'v used the info command to try to see if it is persisting on some other redis instance and I've cleared all backup files from /var/redis. Basically I can't figure out where this data is being stored to keep getting restored from.
Any advice regarding how I could clear this out or where Hubot may be caching this?
It seems to be related to this code: https://github.com/hubotio/hubot-redis-brain/blob/master/src/redis-brain.js specifically the chunk at line 49 is what gets called before each restore.
Steps
Stop hubot
Flush redis (important that this is done while hubot is NOT running)
Start hubot
The reasoning is that hubot has an in-memory representation of the brain and will write it out to redis at intervals. Perhaps a nicer solution to this which would help during script development would be a command that can empty the brain and save that, but I can't see an obvious API for that in either robot.brain or hubot-redis-brain
We have a redis database running on our server, but for some reason, I cannot see any keys in our database. I'm just wondering if redis stores an activity log, where I can trace if and when the keys were deleted?
I have the usual log file for redis, at /var/log/redis.log but that doesn't have the information I am looking for.
I think there is no straight forward way to log everything but here is a hack.
$ redis-cli monitor >> ~/my_redis_commands.log 2>&1
Here >> tells OS that the output stream has been changed from monitor to a file and 2>&1 tells to redirect STDERR to STDOUT.
n>&m Merge output from stream n with stream m.
Note that file descriptor 0 is normally standard input (STDIN), 1 is standard output (STDOUT), and 2 is standard error output (STDERR).
Go and see the content of file in some SSH session for debugging.
$ tail -f ~/my_redis_commands.log
or you can use grep to find "DEL" instead. You can see the list of commands supported by Redis and try grep queries like SET, GET, etc.
$ grep '"DEL"' ~/my_redis_commands.log
Cons of this idea are:
You need to run a separate process to do this
It's memory and CPU consuming
single MONITOR client can reduce the throughput by more than 50%. Running more MONITOR clients will reduce throughput even more.
For security concerns, certain special administration commands like CONFIG are not logged into the MONITOR output
See this for more info https://redis.io/commands/monitor
The INFO command can be used to glean some forensic info when used with the all or cmdstats switch - you'll be able to see counts of all commands including offensive ones.
Keep in mind that this could be the result of an unauthorized intrusion and that your server may have been compromised.
I'm using the :client API to connect to an external node and use code there remotely, the thing though is that I'm using Dokku for deployment and it would be really nice if I could specify a ssh key at runtime.
Right now my code looks something like this:
def start(host) do
allow_boot to_char_list(host)
{:ok, slave} = :slave.start(to_char_list(host), :slave, inet_loader_args)
load_paths(slave)
{:ok, slave}
end
inet_loader_args == ' -rsh ssh -loader inet -hosts #{master_node_ip} -setcookie #{:erlang.get_cookie}'
I've tried something like setting the -rsh argument to be "-rsh ssh -i /path/to/id_rsh" but it seems to ignore this entirely, I'm not exactly sure how it's implemented and the Erlang docs for :client are a little hard to understand for me (I can see it uses :ssh underneath somewhere, and that can take a "user_dir" argument which can contain a key file, but I'm not sure how to set that from :client)
Any ideas?
The -rsh option is intended to point to a different executable:
%% Alternative, if the master was started as
%% 'erl -sname xxx -rsh my_rsh...', then 'my_rsh' will be used instead
%% of 'rsh' (this is useful for systems where the rsh program is named
%% 'remsh').
These days people use ssh instead of rsh. (About 10 years ago the security team on a previous job required ssh even when both machines are on the same isolated network.) Since the command line interface is compatible, just pointing to a new executable generally works once you have the keys set up properly. So it makes sense to use the -rsh option to point to ssh instead.
It also seem logical that the argument could be used to pass other parameters to the ssh command as you attempted. However, the code assumes the string passed is the name of an executable in your PATH. It uses os:find_executable to look for an executable and ssh -i /path/to/id_rsh probably doesn't exist.
However, you can take advantage of this feature to point to any executable including a shell script. For instance, you could write a ssh-wrapper that looks something like:
#!/usr/bin/env ksh
exec ssh -i /path/to/id_rsh $#
Then use -rsh /path/to/my/ssh-wrapper so that :slave.start uses your wrapper with the proper ssh options specified. I've found the wrapper technique also makes future maintenance easier as the connection logic stays in one place.
Hat tip to this comment from Martin S.
Currently i have plan a process of using a script to add key values into redis using rpush.
I am currently using bin/sh to launch redis.
But what is the syntax to rpush my keyvalue into redis server.
#!/bin/sh
redis-cli -h 172.16.114.54
rpush stlfile "fad.stl" // how to rpush in with the correct syntax?
What kind of language is more suitable for redis so maybe i could change now to ease my future processes
Seems like using python would be easier to code Redis
from this post i found here i can easily install python.
ImportError: No module named redis
i managed to create a python script with this
import redis
r = redis.StrictRedis(host='172.16.114.54', port=6379, db=0)
r.lpush ('stlfile', 'variable.stl')
r.lrange ('stlfile', 0, -1)
when checked with another client i managed to see variable.stl went in :D
My question builds off this one: Temporary queue made in Celery
My application needs to retrieve results, as it uploads them to an S3 file. however, the number of temporary queues being made is causing my broker to crash (machine doesn't have enough memory). I want to delete the temporary queue once the corresponding result as been retrieved. In my celery client script, I am iterating through a list of of results (where each result is from function.delay() ):
for result in result_list:
while True:
if result.ready():
#do something with result
#I WANT TO DELETE TEMPORARY QUEUE HERE
Is there any way I can achieve the above -- deleting the temporary queue once the result has been retrieved?
I would have used CELERY_TASK_RESULT_EXPIRES option in my celeryconfig , but I don't know when I can safely clean up the temporary queue, as the result may not have been retrieved. Is there anyway I can delete specific queues in this script (note that I have the queue Id from the result).
ADDITIONAL NOTE:
I am running all rabbitmq servers in a cluster with HA enabled.
The way I did this was to use the rabbitmqadmin from rabbitmq. I downloaded it via
wget localhost:15672/cli/rabbitmqadmin
after installing the management plugin
rabbitmq-plugins enable rabbitmq_management
Make sure your user has the administrator tag for rabbitmq, or you will not be able to perform commands. I then deleted the queue in my script using python subprocess import and rabbitmqadmin delete queue name='' . Keep in mind that the queue name is the same as the corresponding result id, except without the hyphens.
Also make sure you add the params -v myvhost -u myusername -p mypassword in rabbitmqadmin commands, default vhost is /.
I believe this will delete queues across all nodes in a cluster, though I am not completely sure of this.