cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openbsd-ports/databases/redis/patches/patch-redis_conf
dcoppa c1a6e94726 Remove dofile() from Redis Lua scripting, because it allows an 
attacker to enumerate filesystem contents. See:
http://blog.liftsecurity.io/post/35714931664/filesystem-enumeration-using-redis-and-lua

While here, fix a pasto in redis.conf: "syslog-enabled no" where
"syslog-enabled yes" was intended.
2012-11-26 15:24:13 +00:00

72 lines
2.6 KiB
Plaintext
Raw Blame History

$OpenBSD: patch-redis_conf,v 1.6 2012/11/26 15:24:13 dcoppa Exp $
--- redis.conf.orig Mon Oct 22 23:27:18 2012
+++ redis.conf Tue Oct 23 10:44:49 2012
@@ -13,12 +13,13 @@
# units are case insensitive so 1GB 1Gb 1gB are all the same.
# By default Redis does not run as a daemon. Use 'yes' if you need it.
-# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
-daemonize no
+# Note that Redis will write a pid file in ${DBDIR}/redis.pid
+# when daemonized.
+daemonize yes
-# When running daemonized, Redis writes a pid file in /var/run/redis.pid by
-# default. You can specify a custom pid file location here.
-pidfile /var/run/redis.pid
+# When running daemonized, Redis writes a pid file in ${DBDIR}/redis.pid
+# by default. You can specify a custom pid file location here.
+pidfile ${DBDIR}/redis.pid
# Accept connections on the specified port, default is 6379.
# If port 0 is specified Redis will not listen on a TCP socket.
@@ -27,7 +28,7 @@ port 6379
# If you want you can bind a single interface, if the bind option is not
# specified all the interfaces will listen for incoming connections.
#
-# bind 127.0.0.1
+bind 127.0.0.1
# Specify the path for the unix socket that will be used to listen for
# incoming connections. There is no default, so Redis will not listen
@@ -50,17 +51,17 @@ loglevel notice
# Specify the log file name. Also 'stdout' can be used to force
# Redis to log on the standard output. Note that if you use standard
# output for logging but daemonize, logs will be sent to /dev/null
-logfile stdout
+# logfile stdout
# To enable logging to the system logger, just set 'syslog-enabled' to yes,
# and optionally update the other syslog parameters to suit your needs.
-# syslog-enabled no
+syslog-enabled yes
# Specify the syslog identity.
-# syslog-ident redis
+syslog-ident redis
# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7.
-# syslog-facility local0
+syslog-facility user
# Set the number of databases. The default database is DB 0, you can select
# a different one on a per-connection basis using SELECT <dbid> where
@@ -134,7 +135,7 @@ dbfilename dump.rdb
# Also the Append Only File will be created inside this directory.
#
# Note that you must specify a directory here, not a file name.
-dir ./
+dir ${DBDIR}
################################# REPLICATION #################################
@@ -224,7 +225,7 @@ slave-priority 100
# 150k passwords per second against a good box. This means that you should
# use a very strong password otherwise it will be very easy to break.
#
-# requirepass foobared
+# requirepass very-strong-password
# Command renaming.
#
Reference in New Issue View Git Blame Copy Permalink