• Auto secure Memcached


 #1669  by vpssim82
 16 Aug 2018 01:25
Hi vpssim,

can you please auto edit the memcached to make it more secure. I just got email from hetzner that said, memcached is being used back hacker to attack server.

I google about it and found a simple solution, it will be nice if when we enable memcached the memcached config already edit to secure the server.

====================

To ensure that our Memcached instance is listening on the local interface 127.0.0.1, we will modify the OPTIONS variable in the configuration file located at /etc/sysconfig/memcached. We will also disable the UDP listener. Both of these actions will protect our server from denial of service attacks.

You can open /etc/sysconfig/memcached with vi:

sudo vi /etc/sysconfig/memcached

Locate the OPTIONS variable, which will initially look like this:
/etc/sysconfig/memcached

. . .
OPTIONS=""

Binding to our local network interface will restrict traffic to clients on the same machine. We will do this by adding -l 127.0.0.1 to our OPTIONS variable. This may be too restrictive for certain environments, but it can make a good starting point as a security measure.

Because UDP protocol is much more effective for denial of service attacks than TCP, we can also disable the UDP listener. To do this, we will add the -U 0 parameter to our OPTIONS variable. The file in full should look like this:
/etc/sysconfig/memcached

PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1 -U 0"

Save and close the file when you are done.

Restart your Memcached service to apply your changes:

sudo systemctl restart memcached

Verify that Memcached is currently bound to the local interface and listening only for TCP connections by typing:

sudo netstat -plunt

You should see the following output:

Output
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
. . .
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 2383/memcached
. . .

This confirms that memcached is bound to the 127.0.0.1 address using only TCP.
nguyenoanh liked this
Get 25 USD Free To USE VPSSIM
Get 25 USD Free To USE VPSSIM