RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

Redis (Remote dictionary server)

Product
Developers: Redis Ltd.
Date of the premiere of the system: 2009/05/10
Last Release Date: 2023/02/02
Technology: DBMS

Content

Main article: Database Management System (DMS)

Redis (from the English. Remote dictionary server) - a resident management system databases of NoSQL the class with an open one, source code working with data structures of the type "key - value." Used both for databases and for implementing caches, Redis message brokers[1]

2024: Cloud Availability T1 Cloud

T1 Cloud cloud services Three Managed Services (managed services) formats have become available to customers at once based on current versions, and database management systems PostgreSQL MongoDB Redis. T1 Cloud announced this on March 19, 2024. More. here

2023: Infection of about 1200 Redis servers with HeadCrab malware

On February 2, 2023, it became known that, malware designed to vulnerable servers track down Redis in, Internet infected more than a thousand of them, starting in September 2021. Researchers at the company who Aqua Security discovered the program gave it the name HeadCrab. According to them, so far malware it is impossible to detect traditional anti-virus solutions.

Illustration: YouTube
File:Aquote1.png
Not only the HeadCrab malware was detected, but also the method of determining its infection on Redis servers. This method identified about 1,200 infected servers,
stated the researchers.
File:Aquote2.png

The servers Malefactors behind the creation botnet took advantage of the Redis server vulnerability: they are not enabled by default. authentication However, they are intended for use on the organization's network and should not have Internet access at all.

Thus, the blame for the spread of the malware lies largely with the administrators serving the servers. Because if you accidentally or intentionally configure servers so that they are available for connection from the Internet, attackers can easily compromise and capture them using their malicious tools. ​Posle installing and running, HeadCrab provides attackers with all the capabilities necessary to gain full control over the target server and add it to their cryptomining botnet. HeadCrab also does everything possible to avoid detection.

File:Aquote1.png
The malware is based on Redis processes that are unlikely to be marked as malicious. The payload is loaded via memfd directly into the server's RAM, avoiding writing to disk,
researchers said.
File:Aquote2.png

Analyzing the malware, ON the researchers also found that attackers mostly use pools mining hosted on previously compromised servers to make attribution and detection more difficult.

In addition, according to statistics from the Monero crypto wallet associated with this botnet, attackers make an annual profit of about $4,500 per device, which is much higher than the usual $200 on ordinary computers.

To protect their Redis servers, administrators are advised to ensure that only clients within the network have access, disable the "slaveof" feature if not in use, and enable protected mode.[2]

2022: Redis 7.0

On April 28, 2022, it became known that the release of the Redis 7.0 DBMS belonging to the NoSQL system class was published. Redis provides functions for storing data in key/value format, extended support for structured data formats such as lists, hashes and sets, and the ability to execute Lua handler scripts on the server side . The project code is supplied under the BSD license. Additional modules that offer advanced enterprise user experiences such as RediSearch, RedisGraph, RedisJSON, RedisML, RedisBloom come with a proprietary RSAL license from 2019. The development of open versions of these modules under the AGPLv3 license tried to continue the GoodFORM project, which has recently been stagnating.

Redis

As reported, unlike in-memory storage systems such as Memcached, Redis provides permanent storage on disk and ensures that the database is safe in the event of an emergency shutdown. The project source code is distributed under the BSD license. Client libraries are available for most languages, including Perl, Python, PHP, Java, Ruby, and Tcl. Redis supports transactions that allow you to execute a group of commands in one step, ensuring consistency and consistency (commands from other requests cannot wedge in) of the execution of a given set of commands, and in case of problems, allowing you to roll back changes. All data is fully cached in RAM.

For data management, commands such as increment/decrement, standard operations on lists and sets (union, intersection), key renaming, multiple selections and sorting functions are provided. Two storage modes are supported: periodic synchronization of data to disk and maintenance of the change log on disk. In the second case, all changes are fully preserved. It is possible to organize master-slave replication of data to several servers, carried out in non-blocking mode. The "publish/subscribe" messaging mode is also available, in which a channel is created, messages from which are distributed to clients by subscription.

Key changes in Redis 7.0:

  • Added support for server-side functions. Unlike previously supported Lua scripts, the functions are not application-bound and target the implementation of additional logic that expands server capabilities. Functions are processed inextricably with data and in binding to the database, and not to the application, including replicated and stored in permanent storage.
  • The second version of the ACL is proposed, which allows controlling access to data based on keys and allows defining different sets of access rules to commands with the possibility of binding several selectors (permission sets) to each user. Each key can be identified with a certain authority, for example, you can restrict access to only reading or writing a certain subset of keys.
  • A cluster-based partitioned implementation of the Publish-Subscribe paradigm is provided, in which the message is sent to a specific node to which the message channel is bound, after which this message is redirected to the remaining nodes included in the section (shard). Clients can receive channel subscription messages both by connecting to the primary node and to the secondary nodes of the partition. Control is performed using the commands SSUBSCRIBE, SUNSUBSCRIBE and SPUBLISH.
  • Added support for sub-domain processing in most contexts.
  • Added commands:
    • ZMPOP, BZMPOP.
    • LMPOP, BLMPOP.
    • SINTERCARD, ZINTERCARD.
    • SPUBLISH, SSUBSCRIBE, SUNSUBSCRIBE, PUBSUB SHARDCHANNELS/SHARDNUMSUB.
    • EXPIRETIME, PEXPIRETIME.
    • EVAL_RO, EVALSHA_RO, SORT_RO.
    • FUNCTION, FCALL, FCALL_RO.
    • COMMAND DOCS, COMMAND LIST.
    • LATENCY HISTOGRAM.
    • CLUSTER SHARDS, CLUSTER LINKS, CLUSTER DELSLOTSRANGE, CLUSTER ADDSLOTSRANGE.
    • CLIENT NO-EVICT.
    • ACL DRYRUN.

  • It is possible to process several configurations at once in one CONFIG SET/GET call.
  • The options "--json," "-2," "--scan," "--functions-rdb" have been added to the redis-cli utility.
  • By default, clients are disabled access to settings and commands that affect security (for example, DEBUG and MODULE commands are disabled, configuration changes with the flag are prohibited PROTECTED_CONFIG). In redis-cli, output to a file with a history of commands containing confidential data is stopped.
  • Introduced a large portion of optimizations aimed at optimizing performance and reducing memory consumption. For example, reduced memory consumption when cluster mode is enabled, when performing copy-on-write operations, and when working with hashes and zset keys. Optimized logic of data reset to disk (fsync call). Reduced the number of network packets and system call calls when sending responses to the client. Optimized replication efficiency.
  • Fixed a CVE-2022-24735 vulnerability in the environment for executing Lua scripts, which allows you to substitute your Lua code and achieve its execution in the context of another user, including one with higher privileges. Additionally, we can note a vulnerability (CVE-2022-0543) in packages with Redis for Ubuntu and Debian (the problem is specific to individual assemblies and is not related to Redis itself), which allows you to execute arbitrary code in Lua on a remote server and bypass the sandbox-isolation mechanism of the environment to execute scripts in Redis.
  • Addressed a CVE-2022-24736 vulnerability that allows the redis-server process to crash due to null pointer exchange. The attack is carried out by downloading specially designed Lua scripts.

Notes