# yum install memcached# rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
# yum install memcached
$ sudo /etc/init.d/memcached start
Distributed memory caching (memcached) を起動中: [ OK ]
$ telnet localhost 11211
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
stats
STAT pid 16368
STAT uptime 15
STAT time 1297830691
STAT version 1.4.5
STAT pointer_size 64
STAT rusage_user 0.000000
STAT rusage_system 0.002999
STAT curr_connections 10
STAT total_connections 11
STAT connection_structures 11
STAT cmd_get 0
STAT cmd_set 0
STAT cmd_flush 0
STAT get_hits 0
STAT get_misses 0
STAT delete_misses 0
STAT delete_hits 0
STAT incr_misses 0
STAT incr_hits 0
STAT decr_misses 0
STAT decr_hits 0
STAT cas_misses 0
STAT cas_hits 0
STAT cas_badval 0
STAT auth_cmds 0
STAT auth_errors 0
STAT bytes_read 7
STAT bytes_written 0
STAT limit_maxbytes 67108864
STAT accepting_conns 1
STAT listen_disabled_num 0
STAT threads 4
STAT conn_yields 0
STAT bytes 0
STAT curr_items 0
STAT total_items 0
STAT evictions 0
STAT reclaimed 0
END
memcachedのセキュリティと脆弱性を読むと、特定のIPアドレスだけしかListenしない方が安全とのことで、localhostからのみアクセスできるように設定する。Portも変更してみる。
初めの状態は下記の通り。
# netstat -nlp | grep memcached
tcp 0 0 0.0.0.0:11211 0.0.0.0:* LISTEN 16368/memcached
tcp 0 0 :::11211 :::* LISTEN 16368/memcached
udp 0 0 0.0.0.0:11211 0.0.0.0:* 16368/memcached
udp 0 0 :::11211 :::* 16368/memcached
# vi /etc/sysconfig/memcached
PORT="11311"
OPTIONS="-l 127.0.0.1"
# /etc/init.d/memcached restart
Distributed memory caching (memcached) を停止中: [ OK ]
Distributed memory caching (memcached) を起動中: [ OK ]
# netstat -nlp | grep memcached
tcp 0 0 127.0.0.1:11311 0.0.0.0:* LISTEN 17035/memcached
udp 0 0 127.0.0.1:11311 0.0.0.0:* 17035/memcached
$ telnet 192.168.86.128 11311
Trying 192.168.86.128...
telnet: Unable to connect to remote host: Connection refused
このアクセス制御で少しでも安全にはmemcachedを使用できるようになる。あとは、パスワードなどの機密情報はmemcached上には格納させない。システムを設計する上で、これは最低限必要。
