CRE-2025-0180
Redis AOF File Corruption and Recovery FailureCriticalImpact: 10/10Mitigation: 6/10
Description
Detects Redis Append-Only File (AOF) corruption that prevents Redis from starting or causes data loss. AOF corruption typically occurs due to unexpected shutdowns, disk errors, or incomplete writes during crashes.\n
Mitigation
IMMEDIATE ACTIONS:\n- Check Redis logs: `tail -100 /var/log/redis/redis-server.log`\n- Verify AOF file integrity: `redis-check-aof /var/lib/redis/appendonly.aof`\n- Backup corrupted AOF before repair:\n `cp /var/lib/redis/appendonly.aof /var/lib/redis/appendonly.aof.backup`\n\nRECOVERY:\n- Option 1: Repair AOF file (may lose some data):\n ```\n redis-check-aof --fix /var/lib/redis/appendonly.aof\n systemctl start redis\n ```\n- Option 2: Truncate corrupted portion:\n ```\n # Find last valid command position\n redis-check-aof /var/lib/redis/appendonly.aof\n # Truncate at valid position\n truncate -s ‹valid_position› /var/lib/redis/appendonly.aof\n ```\n- Option 3: Start without AOF (data loss):\n ```\n mv /var/lib/redis/appendonly.aof /var/lib/redis/appendonly.aof.corrupt\n redis-server --appendonly no\n ```\n\nAOF VALIDATION:\n- Test AOF in safe environment:\n ```\n redis-server --appendonly yes --appendfilename test.aof --dir /tmp/\n ```\n- Verify data after recovery:\n `redis-cli DBSIZE`\n\nPREVENTION:\n- Enable AOF with RDB for redundancy:\n ```\n appendonly yes\n save 900 1\n save 300 10\n ```\n- Configure AOF fsync policy:\n `appendfsync everysec`\n- Regular AOF rewrites:\n `auto-aof-rewrite-percentage 100`\n- Monitor disk health regularly\n- Implement proper shutdown procedures\n- Use UPS to prevent power-related corruption\n- Regular backups and recovery testing\n