Skip to content
This repository has been archived by the owner on May 1, 2020. It is now read-only.
/ redischeck Public archive

Check Redis instance for security vulnerabilities.

License

Notifications You must be signed in to change notification settings

yahoo/redischeck

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

redischeck

Check Redis instance for security vulnerabilities.

Checks:

  • AUTH is set.
  • CONFIG has been renamed.
  • Redis version is not vulnerable to CVE-2015-4335 (redis Lua sandbox escape and arbitrary code execution).

Flags:

  • localhost - Verify that Redis is listening on the localhost interface ONLY, suppresses password check if so.
  • host <FQDN / IP address> - Address of host running Redis. Default: 127.0.0.1
  • port - Port Redis is listening on. Default 6379
  • passfile - Password file used to authenticate to redis. Default: password.txt
  • timeout - Duration in seconds when the initial connection or read attempt to the Redis instance times out.
  • help - Short description of the flags listed above.

Copyright 2016, Yahoo Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

About

Check Redis instance for security vulnerabilities.

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages