CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

SOC files for Redis

Browse Source
This commit is contained in:
Mike Reeves
2022-12-20 11:09:49 -05:00
parent aea91cc776
commit c0c2d28d19
2 changed files with 289 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/redis/defaults.yaml
View File

@@ -17,9 +17,9 @@ redis:
tls-ciphers: 'DEFAULT:!MEDIUM' tls-ciphers: 'DEFAULT:!MEDIUM'
tls-ciphersuites: 'TLS_CHACHA20_POLY1305_SHA256' tls-ciphersuites: 'TLS_CHACHA20_POLY1305_SHA256'
tls-prefer-server-ciphers: 'yes' tls-prefer-server-ciphers: 'yes'
tls-session-caching: 'no' tls-session-caching: 'yes'
tls-session-cache-size: 5000 tls-session-cache-size: 20480
tls-session-cache-timeout: 60 tls-session-cache-timeout: 300
daemonize: 'no' daemonize: 'no'
supervised: 'no' supervised: 'no'
pidfile: '/var/run/redis_6379.pid' pidfile: '/var/run/redis_6379.pid'
@@ -32,7 +32,7 @@ redis:
always-show-logo: 'yes' always-show-logo: 'yes'
save: save:
900: 1 900: 1
300: 1 300: 10
60: 1000 60: 1000
stop-writes-on-bgsave-error: 'yes' stop-writes-on-bgsave-error: 'yes'
rdbcompression: 'yes' rdbcompression: 'yes'

285
salt/redis/soc_redis.yaml Normal file
View File

@@ -0,0 +1,285 @@
redis:
config:
bind:
description: The IP address to bind to.
global: True
advanced: True
helpLink: redis.html
protected-mode:
description: Force authentication to access redis.
global: True
advanced: True
helpLink: redis.html
tls-cert-file:
description: TLS cert file location.
global: True
advanced: True
helpLink: redis.html
tls-key-file:
description: TLS key file location.
global: True
advanced: True
helpLink: redis.html
tls-ca-cert-file:
description: TLS CA file location.
global: True
advanced: True
helpLink: redis.html
tls-port:
description: Port to use TLS encryption on.
global: True
advanced: True
helpLink: redis.html
tls-auth-clients:
description: Force TLS authentication.
global: True
advanced: True
helpLink: redis.html
port:
description: Non TLS port for Redis access.
global: True
advanced: True
helpLink: redis.html
tcp-backlog:
description: Set the TCP backlog value. This is normally increasd in high request environments.
global: True
advanced: True
helpLink: redis.html
timeout:
description: Time in seconds to close an idle connection. 0 to disable.
global: True
helpLink: redis.html
tcp-keepalive:
description: Time in seconds to send a keepalive.
global: True
helpLink: redis.html
tls-replication:
description: Enable TLS replication links.
global: True
advanced: True
helpLink: redis.html
tls-protocols:
description: List of acceptable TLS protocols separated by spaces.
global: True
advanced: True
helpLink: redis.html
tls-ciphers:
description: Allowed ciphers.
global: True
advanced: True
helpLink: redis.html
tls-ciphersuites:
description: Acceptable cipher suites.
global: True
advanced: True
helpLink: redis.html
tls-prefer-server-ciphers:
description: Prefer the server side ciphers.
global: True
advanced: True
helpLink: redis.html
tls-session-caching:
description: Enable TLS session caching.
global: True
helpLink: redis.html
tls-session-cache-size:
description: The number of TLS sessions to cache.
global: True
advanced: True
helpLink: redis.html
tls-session-cache-timeout:
description: Timeout in seconds to cache TLS sessions.
global: True
advanced: True
helpLink: redis.html
loglevel:
description: Log verbosity level.
global: True
helpLink: redis.html
logfile:
description: Log file name.
global: True
advanced: True
helpLink: redis.html
syslog-enabled:
description: Enable syslog output.
global: True
advanced: True
helpLink: redis.html
syslog-ident:
description: Set the syslog identity.
global: True
advanced: True
helpLink: redis.html
syslog-facility:
description: Set the syslog facility.
global: True
advanced: True
helpLink: redis.html
databases:
description: Total amount of databases.
global: True
advanced: True
helpLink: redis.html
always-show-logo:
description: The amount of time that a write will wait before fsyncing.
global: True
advanced: True
helpLink: redis.html
save:
900:
description: Set the amount of keys that need to change to save after 15 minutes.
global: True
helpLink: redis.html
300:
description: Set the amount of keys that need to change to save after 5 minutes.
global: True
helpLink: redis.html
60:
description: Set the amount of keys that need to change to save after 1 minute
global: True
helpLink: redis.html
stop-writes-on-bgsave-error:
description: Stop writes to redis is there is an error with the save.
global: True
advanced: True
helpLink: redis.html
rdbcompression:
description: Compress string objects with LZF.
global: True
advanced: True
helpLink: redis.html
rdbchecksum:
description: Enable checksum of rdb files.
global: True
advanced: True
helpLink: redis.html
dbfilename:
description: Filename of the rdb saves.
global: True
advanced: True
helpLink: redis.html
acllog-max-len:
description: Maximum length of the ACL log.
global: True
advanced: True
helpLink: redis.html
maxmemory:
description: Maximum memory for storing redis objects.
global: True
helpLink: redis.html
maxmemory-policy:
description: The policy to use when maxmemory is reached.
global: True
helpLink: redis.html
maxmemory-samples:
description: maxmemory sample size.
global: True
advanced: True
helpLink: redis.html
lua-time-limit:
description: Maximum execution time of LUA scripts.
global: True
advanced: True
helpLink: redis.html
slowlog-log-slower-than:
description: Time in microseconds to write to the slow log.
global: True
advanced: True
helpLink: redis.html
slowlog-max-len:
description: Maximum size of the slow log.
global: True
advanced: True
helpLink: redis.html
hash-max-ziplist-entries:
description: Used for advanced performance tuning of Redis.
global: True
advanced: True
helpLink: redis.html
hash-max-ziplist-value:
description: Used for advanced performance tuning of Redis.
global: True
advanced: True
helpLink: redis.html
list-max-ziplist-size:
description: Used for advanced performance tuning of Redis.
global: True
advanced: True
helpLink: redis.html
list-compress-depth:
description: Depth for list compression.
global: True
advanced: True
helpLink: redis.html
set-max-intset-entries:
description: Sets the limit on the size of the set in order to use the special memory saving encoding.
global: True
advanced: True
helpLink: redis.html
zset-max-ziplist-entries:
description: Used for advanced performance tuning of Redis.
global: True
advanced: True
helpLink: redis.html
zset-max-ziplist-value:
description: Used for advanced performance tuning of Redis.
global: True
advanced: True
helpLink: redis.html
hll-sparse-max-bytes:
description: Used for advanced performance tuning of Redis.
global: True
advanced: True
helpLink: redis.html
stream-node-max-bytes:
description: Used for advanced performance tuning of Redis.
global: True
advanced: True
helpLink: redis.html
stream-node-max-entries:
description: Used for advanced performance tuning of Redis.
global: True
advanced: True
helpLink: redis.html
activerehashing: 'yes'
description: Used for advanced performance tuning of Redis.
global: True
advanced: True
helpLink: redis.html
client-output-buffer-limit:
normal:
description: Used for advanced performance tuning of Redis.
global: True
advanced: True
helpLink: redis.html
replica:
description: Used for advanced performance tuning of Redis.
global: True
advanced: True
helpLink: redis.html
pubsub:
description: Used for advanced performance tuning of Redis.
global: True
advanced: True
helpLink: redis.html
hz:
description: Used for advanced performance tuning of Redis.
global: True
advanced: True
helpLink: redis.html
dynamic-hz:
description: Used for advanced performance tuning of Redis.
global: True
advanced: True
helpLink: redis.html
rdb-save-incremental-fsync:
description: fsync redis data.
global: True
advanced: True
helpLink: redis.html
jemalloc-bg-thread:
description: Jemalloc background thread for purging.
global: True
advanced: True
helpLink: redis.html