Check Redis instance for security vulnerabilities.
Checks:
- AUTH is set.
- CONFIG has been renamed.
- Redis version is not vulnerable to CVE-2015-4335 (redis Lua sandbox escape and arbitrary code execution).
Flags:
- localhost - Verify that Redis is listening on the localhost interface ONLY, suppresses password check if so.
- host <FQDN / IP address> - Address of host running Redis. Default: 127.0.0.1
- port - Port Redis is listening on. Default 6379
- passfile - Password file used to authenticate to redis. Default: password.txt
- timeout - Duration in seconds when the initial connection or read attempt to the Redis instance times out.
- help - Short description of the flags listed above.
Copyright 2016, Yahoo Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.