Linux: Install and Secure Memcached Server

osetc @ September 25, 2018 CENTOS LINUX, REDHAT LINUX, UBUNTU LINUX

This post will guide you how to install and secure memcached on CentOS/RHEL/Ubuntu/Debian Linux. How do I secure memcached services in Linux. How to secure a server with a memcached service on Linux system. How to secure memcached server to avoid DDoS amplification on Linux Machine.

What is Memcached

Free & open source, high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Memcached is an in-memory key-value store for small chunks of arbitrary data (strings, objects) from results of database calls, API calls, or page rendering.

Install Memcached Server

You need to install memcached package firstly on Linux system.

For CentOS/RHEL Linux:

Type the following command:

# yum install memcached

Outputs:

[root@devops ~]# yum install memcached
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.ustc.edu.cn
* extras: mirrors.huaweicloud.com
* updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package memcached.x86_64 0:1.4.15-10.el7_3.1 will be installed
--> Processing Dependency: perl(strict) for package: memcached-1.4.15-10.el7_3.1.x86_64
--> Processing Dependency: perl(IO::Socket::INET) for package: memcached-1.4.15-10.el7_3.1.x86_64
--> Processing Dependency: /usr/bin/perl for package: memcached-1.4.15-10.el7_3.1.x86_64
--> Processing Dependency: libevent-2.0.so.5()(64bit) for package: memcached-1.4.15-10.el7_3.1.x86_ 64
--> Running transaction check
---> Package libevent.x86_64 0:2.0.21-4.el7 will be installed
---> Package perl.x86_64 4:5.16.3-292.el7 will be installed
--> Processing Dependency: perl-libs = 4:5.16.3-292.el7 for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Socket) >= 1.3 for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Scalar::Util) >= 1.10 for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl-macros for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl-libs for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(threads::shared) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(threads) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(constant) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Time::Local) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Time::HiRes) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Storable) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Socket) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Scalar::Util) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Pod::Simple::XHTML) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Pod::Simple::Search) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Getopt::Long) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Filter::Util::Call) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(File::Temp) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(File::Spec::Unix) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(File::Spec::Functions) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(File::Spec) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(File::Path) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Exporter) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Cwd) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Carp) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: libperl.so()(64bit) for package: 4:perl-5.16.3-292.el7.x86_64
--> Running transaction check
---> Package perl-Carp.noarch 0:1.26-244.el7 will be installed
---> Package perl-Exporter.noarch 0:5.68-3.el7 will be installed
---> Package perl-File-Path.noarch 0:2.09-2.el7 will be installed
---> Package perl-File-Temp.noarch 0:0.23.01-3.el7 will be installed
---> Package perl-Filter.x86_64 0:1.49-3.el7 will be installed
---> Package perl-Getopt-Long.noarch 0:2.40-3.el7 will be installed
--> Processing Dependency: perl(Pod::Usage) >= 1.14 for package: perl-Getopt-Long-2.40-3.el7.noarch
--> Processing Dependency: perl(Text::ParseWords) for package: perl-Getopt-Long-2.40-3.el7.noarch
---> Package perl-PathTools.x86_64 0:3.40-5.el7 will be installed
---> Package perl-Pod-Simple.noarch 1:3.28-4.el7 will be installed
--> Processing Dependency: perl(Pod::Escapes) >= 1.04 for package: 1:perl-Pod-Simple-3.28-4.el7.noa rch
--> Processing Dependency: perl(Encode) for package: 1:perl-Pod-Simple-3.28-4.el7.noarch
---> Package perl-Scalar-List-Utils.x86_64 0:1.27-248.el7 will be installed
---> Package perl-Socket.x86_64 0:2.010-4.el7 will be installed
---> Package perl-Storable.x86_64 0:2.45-3.el7 will be installed
---> Package perl-Time-HiRes.x86_64 4:1.9725-3.el7 will be installed
---> Package perl-Time-Local.noarch 0:1.2300-2.el7 will be installed
---> Package perl-constant.noarch 0:1.27-2.el7 will be installed
---> Package perl-libs.x86_64 4:5.16.3-292.el7 will be installed
---> Package perl-macros.x86_64 4:5.16.3-292.el7 will be installed
---> Package perl-threads.x86_64 0:1.87-4.el7 will be installed
---> Package perl-threads-shared.x86_64 0:1.43-6.el7 will be installed
--> Running transaction check
---> Package perl-Encode.x86_64 0:2.51-7.el7 will be installed
---> Package perl-Pod-Escapes.noarch 1:1.04-292.el7 will be installed
---> Package perl-Pod-Usage.noarch 0:1.63-3.el7 will be installed
--> Processing Dependency: perl(Pod::Text) >= 3.15 for package: perl-Pod-Usage-1.63-3.el7.noarch
--> Processing Dependency: perl-Pod-Perldoc for package: perl-Pod-Usage-1.63-3.el7.noarch
---> Package perl-Text-ParseWords.noarch 0:3.29-4.el7 will be installed
--> Running transaction check
---> Package perl-Pod-Perldoc.noarch 0:3.20-4.el7 will be installed
--> Processing Dependency: perl(parent) for package: perl-Pod-Perldoc-3.20-4.el7.noarch
--> Processing Dependency: perl(HTTP::Tiny) for package: perl-Pod-Perldoc-3.20-4.el7.noarch
---> Package perl-podlators.noarch 0:2.5.1-3.el7 will be installed
--> Running transaction check
---> Package perl-HTTP-Tiny.noarch 0:0.033-3.el7 will be installed
---> Package perl-parent.noarch 1:0.225-244.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================
Package Arch Version Repository Size
===================================================================================================
Installing:
memcached x86_64 1.4.15-10.el7_3.1 base 85 k
Installing for dependencies:
libevent x86_64 2.0.21-4.el7 base 214 k
perl x86_64 4:5.16.3-292.el7 base 8.0 M
perl-Carp noarch 1.26-244.el7 base 19 k
perl-Encode x86_64 2.51-7.el7 base 1.5 M
perl-Exporter noarch 5.68-3.el7 base 28 k
perl-File-Path noarch 2.09-2.el7 base 26 k
perl-File-Temp noarch 0.23.01-3.el7 base 56 k
perl-Filter x86_64 1.49-3.el7 base 76 k
perl-Getopt-Long noarch 2.40-3.el7 base 56 k
perl-HTTP-Tiny noarch 0.033-3.el7 base 38 k
perl-PathTools x86_64 3.40-5.el7 base 82 k
perl-Pod-Escapes noarch 1:1.04-292.el7 base 51 k
perl-Pod-Perldoc noarch 3.20-4.el7 base 87 k
perl-Pod-Simple noarch 1:3.28-4.el7 base 216 k
perl-Pod-Usage noarch 1.63-3.el7 base 27 k
perl-Scalar-List-Utils x86_64 1.27-248.el7 base 36 k
perl-Socket x86_64 2.010-4.el7 base 49 k
perl-Storable x86_64 2.45-3.el7 base 77 k
perl-Text-ParseWords noarch 3.29-4.el7 base 14 k
perl-Time-HiRes x86_64 4:1.9725-3.el7 base 45 k
perl-Time-Local noarch 1.2300-2.el7 base 24 k
perl-constant noarch 1.27-2.el7 base 19 k
perl-libs x86_64 4:5.16.3-292.el7 base 688 k
perl-macros x86_64 4:5.16.3-292.el7 base 43 k
perl-parent noarch 1:0.225-244.el7 base 12 k
perl-podlators noarch 2.5.1-3.el7 base 112 k
perl-threads x86_64 1.87-4.el7 base 49 k
perl-threads-shared x86_64 1.43-6.el7 base 39 k

Transaction Summary
===================================================================================================
Install 1 Package (+28 Dependent packages)

Total download size: 12 M
Installed size: 37 M
Is this ok [y/d/N]:y
….

(29/29): perl-Encode-2.51-7.el7.x86_64.rpm | 1.5 MB 00:00:02
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 4.0 MB/s | 12 MB 00:00:02
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 1:perl-parent-0.225-244.el7.noarch 1/29
Installing : perl-HTTP-Tiny-0.033-3.el7.noarch 2/29
Installing : perl-podlators-2.5.1-3.el7.noarch 3/29
Installing : perl-Pod-Perldoc-3.20-4.el7.noarch 4/29
Installing : 1:perl-Pod-Escapes-1.04-292.el7.noarch 5/29
Installing : perl-Text-ParseWords-3.29-4.el7.noarch 6/29
Installing : perl-Encode-2.51-7.el7.x86_64 7/29
Installing : perl-Pod-Usage-1.63-3.el7.noarch 8/29
Installing : 4:perl-macros-5.16.3-292.el7.x86_64 9/29
Installing : 4:perl-libs-5.16.3-292.el7.x86_64 10/29
Installing : perl-Storable-2.45-3.el7.x86_64 11/29
Installing : perl-Exporter-5.68-3.el7.noarch 12/29
Installing : perl-constant-1.27-2.el7.noarch 13/29
Installing : perl-Time-Local-1.2300-2.el7.noarch 14/29
Installing : perl-Socket-2.010-4.el7.x86_64 15/29
Installing : perl-Carp-1.26-244.el7.noarch 16/29
Installing : 4:perl-Time-HiRes-1.9725-3.el7.x86_64 17/29
Installing : perl-PathTools-3.40-5.el7.x86_64 18/29
Installing : perl-Scalar-List-Utils-1.27-248.el7.x86_64 19/29
Installing : perl-File-Temp-0.23.01-3.el7.noarch 20/29
Installing : perl-File-Path-2.09-2.el7.noarch 21/29
Installing : perl-threads-shared-1.43-6.el7.x86_64 22/29
Installing : perl-threads-1.87-4.el7.x86_64 23/29
Installing : perl-Filter-1.49-3.el7.x86_64 24/29
Installing : 1:perl-Pod-Simple-3.28-4.el7.noarch 25/29
Installing : perl-Getopt-Long-2.40-3.el7.noarch 26/29
Installing : 4:perl-5.16.3-292.el7.x86_64 27/29
Installing : libevent-2.0.21-4.el7.x86_64 28/29
Installing : memcached-1.4.15-10.el7_3.1.x86_64 29/29
Verifying : perl-HTTP-Tiny-0.033-3.el7.noarch 1/29
Verifying : perl-threads-shared-1.43-6.el7.x86_64 2/29
Verifying : perl-Storable-2.45-3.el7.x86_64 3/29
Verifying : perl-Exporter-5.68-3.el7.noarch 4/29
Verifying : perl-constant-1.27-2.el7.noarch 5/29
Verifying : perl-PathTools-3.40-5.el7.x86_64 6/29
Verifying : 4:perl-macros-5.16.3-292.el7.x86_64 7/29
Verifying : 1:perl-parent-0.225-244.el7.noarch 8/29
Verifying : 4:perl-5.16.3-292.el7.x86_64 9/29
Verifying : memcached-1.4.15-10.el7_3.1.x86_64 10/29
Verifying : perl-File-Temp-0.23.01-3.el7.noarch 11/29
Verifying : 1:perl-Pod-Simple-3.28-4.el7.noarch 12/29
Verifying : perl-Time-Local-1.2300-2.el7.noarch 13/29
Verifying : 4:perl-libs-5.16.3-292.el7.x86_64 14/29
Verifying : perl-Socket-2.010-4.el7.x86_64 15/29
Verifying : perl-Carp-1.26-244.el7.noarch 16/29
Verifying : libevent-2.0.21-4.el7.x86_64 17/29
Verifying : 4:perl-Time-HiRes-1.9725-3.el7.x86_64 18/29
Verifying : perl-Scalar-List-Utils-1.27-248.el7.x86_64 19/29
Verifying : 1:perl-Pod-Escapes-1.04-292.el7.noarch 20/29
Verifying : perl-Pod-Usage-1.63-3.el7.noarch 21/29
Verifying : perl-Encode-2.51-7.el7.x86_64 22/29
Verifying : perl-Pod-Perldoc-3.20-4.el7.noarch 23/29
Verifying : perl-podlators-2.5.1-3.el7.noarch 24/29
Verifying : perl-File-Path-2.09-2.el7.noarch 25/29
Verifying : perl-threads-1.87-4.el7.x86_64 26/29
Verifying : perl-Filter-1.49-3.el7.x86_64 27/29
Verifying : perl-Getopt-Long-2.40-3.el7.noarch 28/29
Verifying : perl-Text-ParseWords-3.29-4.el7.noarch 29/29

Installed:
memcached.x86_64 0:1.4.15-10.el7_3.1

Dependency Installed:
libevent.x86_64 0:2.0.21-4.el7 perl.x86_64 4:5.16.3-292.el7 perl-Carp.noarch 0:1.26-244.el7 perl-Encode.x86_64 0:2.51-7.el7
perl-Exporter.noarch 0:5.68-3.el7 perl-File-Path.noarch 0:2.09-2.el7 perl-File-Temp.noarch 0:0.23.01-3.el7 perl-Filter.x86_64 0:1.49-3.el7
perl-Getopt-Long.noarch 0:2.40-3.el7 perl-HTTP-Tiny.noarch 0:0.033-3.el7 perl-PathTools.x86_64 0:3.40-5.el7 perl-Pod-Escapes.noarch 1:1.04-292.el7
perl-Pod-Perldoc.noarch 0:3.20-4.el7 perl-Pod-Simple.noarch 1:3.28-4.el7 perl-Pod-Usage.noarch 0:1.63-3.el7 perl-Scalar-List-Utils.x86_64 0:1.27-248.el7
perl-Socket.x86_64 0:2.010-4.el7 perl-Storable.x86_64 0:2.45-3.el7 perl-Text-ParseWords.noarch 0:3.29-4.el7 perl-Time-HiRes.x86_64 4:1.9725-3.el7
perl-Time-Local.noarch 0:1.2300-2.el7 perl-constant.noarch 0:1.27-2.el7 perl-libs.x86_64 4:5.16.3-292.el7 perl-macros.x86_64 4:5.16.3-292.el7
perl-parent.noarch 1:0.225-244.el7 perl-podlators.noarch 0:2.5.1-3.el7 perl-threads.x86_64 0:1.87-4.el7 perl-threads-shared.x86_64 0:1.43-6.el7

Complete!
[root@devops ~]#

For Ubuntu/Debian Linux:

Type the following command:

# apt-get install memcached

For Fedora Linux:

Type the following command:

# dnf install memcached

Configure Memcached Server

For CentOS/RHEL Linux:

You need to update the /etc/sysconfig/memcached file, and update it as the below lines:

PORT="11211"
USER="memcached"
MAXCONN="2048"
CACHESIZE="2048"
OPTIONS="-l 127.0.0.1"

Save and close the file.

The above setting will configure the memcached server using 2GB of memory and to listen on only loopback ip 127.0.0.1, and set its default prot as 11211.
Then you need to enable and start memcached service, type:

#systemctl enable memcached
#systemctl start memcached.service

For Ubuntu/Debian Linux:

You need to update the /etc/memcached.conf configuration file, and update it to set a memory limites and set an ip address to listenon. Like below:

-m 2028
-l 127.0.0.1

Save and close the file.

Then start the memcached service, type:

# systemctl start memcached

Secure Memcached Server

To secure the memcache server, you need to configure a firewall to add some policy.

For example, you want to restrict all traffic from 11211 port between public ip (192.1.2.1) to private ip address(192.168.2.2). You need to add the below firewall policy.

For CentOS/RHEL 6.x Linux:

You need to edit the iptables file to added the below INPUT policy:

# vi /etc/sysconfig/iptables

Adding the below line into the file:

-A INPUT –m state –state NEW –m tcp –p tcp –dport 11211 –s 192.1.2.1 –d 192.168.2.2 –j ACCEPT

Save and close the file. And then you need to restart the iptables service, type:

#/etc/init.d/inptables restart

For CentOS/RHEL 7.x Linux

You can use the firewall-cmd command to add new policy, type:

$ sudo firewall-cmd --permanent --new-zone=memcached
$ sudo firewall-cmd --permanent --zone=memcached --add-port=11211/tcp
$ sudo firewall-cmd --permanent --zone=memcached --add-source=192.168.2.2

Then you need to reload the firewall,type:

#firewall-cmd –reload

Outputs:

[root@devops ~]# firewall-cmd --reload
Success

For Ubuntu/ Debian Linux:

You need to use ufw tool to add a new firewall policy, type:

$ sudo ufw allow from 192.168.2.2/32 to any port 11211 proto tcp

See Also: memchaced

OSETC TECH

Linux: Install and Secure Memcached Server

What is Memcached

Install Memcached Server

Configure Memcached Server

Secure Memcached Server

You might also like: