Shulou(Shulou.com)06/02 Report--

Rsync is a tool for efficiently transferring and synchronizing files across computer systems by checking their timestamp and size.

Typically, the hypervisor runs the transfer task directly after starting the Rsync service. If the Rsync service is not secured, it is easy to have unauthorized access and other security issues; the direct consequence is that the transmitted data is exposed on the Internet and can be accessed by anyone, bringing serious data leakage risks.

When using the Rsync server, it is recommended that you refer to this article to strengthen the security of the Rsync service to ensure data security.

reinforcement scheme

Hidden module information

Modify the configuration file to read as follows:

list = false

use control

Set modules that do not require write permissions to read-only:

read only = true

restrict network access

Use security group policies or whitelists to restrict the IP addresses allowed to access hosts.

hosts allow = 123.123.123.123

Enable account authentication

Only specified users are allowed to invoke the Rsync service with specified passwords.

server-side configuration

auth users = ottocho

secrets file = /etc/rsyncd.secrets

Write the password of the account used in the file/etc/rsyncd.secrets. The format is username:password, and multiple lines are supported.

Note: The password must meet the strong password policy and must be a string of more than 8 characters, including upper and lower case letters, numbers and special characters. The password here is in plain text.

client configuration

On the client side, use the--password-file=/etc/rsyncd.secrets parameter to write the password in/etc/rsyncd.secrets.

Rsync -av --password-file=/etc/rsyncd.secrets test.host.com::files /des/path

In the/etc/rsyncd.secrets password file above, the user or user group must be consistent with the actual user and the permissions must be 600.

data encryption transmission

Rsync does not support encrypted transmission by default. If you need to use Rsync to transmit important data, you can use SSH mode.

Rsync supports two synchronization modes:

Rsync uses SSH when the host name of the source or destination path contains a colon delimiter after it.

Rsync uses TCP to connect directly to the Rsync daemon when the host name of the source or destination path contains two colons, or when Rsync://URL is used.

After SSH is configured, it is recommended to use it as follows:

Rsync -av test.host.com:/path/to/files /des/path

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.