How to secure Memcached and ensure its security

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

To allow only the IP addresses that you know to connect to Memcached service, create the iptable rules like these and save it:

iptables -I INPUT -p tcp --dport 11211 -s IPADDRESS -j ACCEPT
iptables -I INPUT -p tcp --dport 11211 -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 11211 -j DROP
iptables-save

You can test it by running telnet from other servers to see if it is activated:
for example

telnet IPADDRESS 11211

To check status and then quit:

stats
quit

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Make sure you configure MemCached to listen to the IP address of the server it is on, for example:
In Debian:

/etc/memcached.conf

or in CentOS:

/etc/sysconfig/memcached

You will find the line like this:

-l 0.0.0.0

0.0.0.0 means it listens to any ip address on the server.
Change it to 127.0.0.1 if you only wants connections from the local server itself.

Read More

Monitoring memcached and Restart it if it is stopped or terminated unexpectedly.

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

If you are experiencing memcache process went down unexpectedly. You can create a script like this

#!/bin/bash
if ps -u memcached |grep -E 'memcached$' > /dev/null
then
  echo "memcached is running."
else
  echo "starging memcache."
  /etc/init.d/memcached restart
fi

ps -u memcached, here you can change memcached to the user account which is used for starting memcache depends on your operating system settings. For example, ps -u root if you are on root.

Name the script xxxx.sh, change the permission make it available for execution. Then create a job in crontab to run the script periodically.

*/5 * * * * /scripts/memcached_check.sh &> /dev/null

Read More