Solved: Redis security requirepass

weicc84 · ‎01-29-2024

My company flagged redis being vulnerable to security because requirepass is not enabled. How do I enable it and give the password to the clients that connect to the redis?

PickleRick · ‎02-01-2024

No. Splunk distribution does not include redis. Just as it doesn't include Apache httpd. Just because there are several processes on your box running with the same user that is used to run Splunk doesn't necessarily mean they are one software package.

Your listing shows that indeed splunk user is used to run several pieces of software but they are independent of Splunk and you should rather ask the person who deployed your server what is going on there (typically you don't use other stuff as splun user so it's a relatively unusual situation).

View solution in original post

weicc84 · ‎02-01-2024

Thank you.

PickleRick · ‎02-01-2024

OK, and how is your question connected to Splunk?

weicc84 · ‎02-01-2024

I'm assuming the redis is packaged with your product. Here is the process we run. The splunk id could've been anything. However, the team that manages splunk platform in VZW also uses id splunk to identity original source software. I talked to the splunk team in VZW and he directed me to here.

1. Do you have redis included in one of the splunk products.

If yes, please show us how to set the password in one of the clients that connects to redis.

splunk    3839     1  0 Dec05 ?        00:31:12 splunkd -p 8089 start
splunk    3845  3839  0 Dec05 ?        00:00:00 [splunkd pid=3839] splunkd -p 8089 start [process-runner]
splunk   24625 24266  0 Dec06 pts/5    00:00:26 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf
splunk   24631 24266  0 Dec06 pts/5    00:08:20 php k2_serverDaemon.php
splunk   24637 24266  0 Dec06 pts/5    00:04:48 php k2_serverMonitor.php
splunk   24643 24266  0 Dec06 pts/5    00:28:43 redis-server *:6379
splunk   24666 24625  0 Dec06 pts/5    00:00:01 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf
splunk   24667 24625  0 Dec06 pts/5    00:00:02 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf
splunk   24668 24625  0 Dec06 pts/5    00:00:01 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf
splunk   24669 24625  0 Dec06 pts/5    00:00:01 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf
splunk   24670 24625  0 Dec06 pts/5    00:00:02 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf
splunk   26301 24625  0 Dec07 pts/5    00:00:01 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf
splunk   26825 24625  0 Dec07 pts/5    00:00:01 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf
splunk   46601 24625  0 Dec07 pts/5    00:00:02 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf
splunk   52124 24625  0 Dec07 pts/5    00:00:01 httpd -DFOREGROUND -f /etc/httpd/conf/httpd.conf

PickleRick · ‎02-01-2024

No. Splunk distribution does not include redis. Just as it doesn't include Apache httpd. Just because there are several processes on your box running with the same user that is used to run Splunk doesn't necessarily mean they are one software package.

Your listing shows that indeed splunk user is used to run several pieces of software but they are independent of Splunk and you should rather ask the person who deployed your server what is going on there (typically you don't use other stuff as splun user so it's a relatively unusual situation).

Redis security requirepass

authentication

encryption

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio