Handy bit of Information: Memcached Exposure

Recently i noticed a bit of extra failed connections in my router logs. Seems i had made a misstep when configuring kaltura, and it could be a potential security risk for the system.

The mistake i made was exposing memcached to the outside world, rather than keeping it internally bound..

Different OS's may vary, I'm going to cover some linux commons though:

This was performed on CentOS 5.7, and KalturaCE 5. There may be differences if running a different version of Kaltura, or a different OS, this is not a step-by-step tutorial, but rather a general information howto document..

Once your memcached is installed, you'll need to configure it. The default port for memcached is 11211, this can be changed, and i would advise people to do so. This is a small step for security by obfuscation.

Secondly, You'll need to make sure your memcaced is bound locally, or only on internal IP addresses. This will keep memcached from gloming onto the nearest external IP by accident. There are several methods to doing this, the fastest is with the command:

In this instance, i used the internal loopback IP for localhost.. 127.0.0.1, i also left the port as default for demonstration purposes.

Next you'll want to make sure your bound to an internal IP in the sysconfig file as well if your distro uses such a thing (centOS does)

easymode:

add or edit the following line:

And finally we'll need to make sure kaltura doesn't try to access memcached on an external server IP via DNS resolution, so we'll edit the memcached settings in kConfigLocal.php

edit the following two lines to reflect your IP address, and memcached port:

Once again, i've used the internal localhost loopback IP, and default memcached port

(you may be able to substitute 127.0.0.1 with the word " localhost ")

I hope you find this information useful, and helpful. Thanks for reading, and may you have many happy Kaltura adventures!

:)