redis requirepass

Discussion in 'ISPConfig 3 Priority Support' started by atle, Sep 26, 2021.

  1. atle

    atle Member HowtoForge Supporter

    I noticed redis is open for all on all my ispconfig servers. Users with hosting accounts are able to read redis data, and I assume change it as well.
    There is no `requirepass` set in redis.conf. Is this by design by ispconfig, or is there something I have missed? I have used the auto install script for all servers.
    To set `requirepass`, do I only need to add the pw to rspamd? Or are there any other programs that are using redis as well? Should I edit "/etc/rspamd/local.d/redis.conf" directly, or is there a better way (like if it is overwritten at updates).

    Debian 10 :: ISPConfgi 3.2.6
     
  2. atle

    atle Member HowtoForge Supporter

    When I add redis pw in ispconfig, /etc/rspamd/local.d/redis.conf is updated, but still redis/redis.conf does not have `requirepass` set.

    upload_2021-9-26_20-38-32.png
     

    Attached Files:

  3. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    I believe you have to configure redis yourself, ispconfig only configures rspamd.
     
  4. concept21

    concept21 Active Member HowtoForge Supporter

    Mr. Jess, what is redis used for? :rolleyes:
     
  5. atle

    atle Member HowtoForge Supporter

    Its used by rspamd on ispconfig servers.
    Try
    Code:
    redis-cli keys '*'
    and you will se all content, as well will your users, if not pw protected.
     
    concept21 and Jesse Norell like this.
  6. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Rspamd will function without redis, but not as well; it uses it to store quite a few things (eg. Bayes data, reputation data, and the like).
     
    concept21 likes this.

Share This Page