Shulou(Shulou.com)06/01 Report--

It is believed that many inexperienced people do not know what to do about how to build the client side of the Linux-Rsync server. Therefore, this paper summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.

I. demand

Collect the operation logs of each machine every night and synchronize them to the main server for log analysis.

Second, basic knowledge

Rsync is divided into server-side and client-side, and server-side construction is harder (and also very simple) than client-side construction.

The rsync server is a server that runs the rsync service in deamon mode, which needs to open rsync deamon and start the xinetd service. The default port is 873.

The rsync client is the server that initiates the rsync connection. Install rsync.

After the rsync client initiates the connection, the rsync server will check whether the user name and password built in the rsync server submitted by the rsync client are correct, and if it passes the authentication test, the file transfer will start. The process of transfer is to first compare the file size, attributes, permissions, MD5 value and other information as required. If the file information between the two ends is inconsistent, then synchronize the different blocks of the file as required.

III. Installation

Most Linux operating systems come with rsync services. If you want to upgrade, you can use yum, etc., or you can use the source package to install it yourself.

Wget https://download.samba.org/pub/rsync/rsync-3.1.2.tar.gz tar-xzf rsync-3.1.2.tar.gzcd rsync-3.1.2. / configure-- prefix=/usr/local/rsyncd make & & make install

IV. Server configuration

Sometimes the rsync configuration file does not exist after installation, so there is no need to panic. You can create it manually. Create the configuration file directory and files as follows:

| |-/ etc/rsyncd (folder) |

| |-rsyncd.conf (configuration file of rsync server) |

| |-rsyncd.secrets (user password file, which is accessed by the client using the account password, requires 600 permissions) |

| |-rsyncd.motd (customize the server information displayed after the user logs in, i.e. messageoftoday,) |

Mkdir / etc/rsyncd touch / etc/rsyncd/rsyncd.conf touch / etc/rsyncd/rsyncd.secrets touch / etc/rsyncd/rsyncd.motd chmod 600 / etc/rsyncd/rsyncd.secrets

/ etc/rsyncd/rsyncd.conf

Pid file = / var/run/rsyncd.pid # process pid file location port = 873 # specify listening port, default is 873, you can specify address = 192.168.1.171 # server listening IP address, you can omit the uid to which the uid = root # daemon belongs, the default is nobody, you may encounter file or directory permission problems, the lazy rootgid used here = root # daemon gid#chroot That is, to change the location of the root directory referenced when the program is executed, and the server daemon will chroot to the directory in the file system before transferring files. The advantage of this is that it is possible to protect the system from installation vulnerabilities. The disadvantage is that superuser privileges are required. In addition, symbolic link files will be excluded # that is, if you have a symbolic link on the rsync server, when you run the client's synchronization data on the backup server, you will only synchronize the symbolic link name, not the content of the symbolic link use chroot = yesread only = no # read-only selection, only let the client read the file write only = yes # write-only selection Only allow the client to write # allowed IP on the server, you can specify a single IP or the entire network segment, which can improve security. The format is between ip and ip, between ip and network segment, and between network segment and network segment with a space; hosts allow = 192.168.1.0 root 255.255.255.0 10.0.1.0 max connections = 255.255.255.0 maximum number of client connections # this information will be seen when the user logs in. For example, the log of motd file = / etc/rsyncd/rsyncd.motdlog file = / var/log/rsync.log # rsync server is displayed; transfer logging = yes # records the log of the transfer file log format =% t% a% m% f% b # log format syslog facility = local3 # log level # this option overrides the IP timeout specified by the customer. You can ensure that the rsync server does not wait forever for a crashed client. The timeout unit is seconds, and 0 indicates that there is no timeout definition, which is also the default value. For anonymous rsync servers, an ideal number is 600. Timeout = 300 # Module definition # mainly defines which directory of the server is to be synchronized. # each module should be in [name] form. This is the name you saw on the rsync client. # but the data that the server actually synchronizes is specified through path. You can create multiple modules in turn. # each module should specify authenticated users and password files, but exclusion is not necessary. [logs] # module name, the following configuration belongs to the location of the module path = / var/log # file directory list = no # when looking at which directories are provided on the server, no is more secure ignore errors # ignores the ignore errors O error # specifies a list of user names separated by spaces or commas, and only these users are allowed to connect to the module. The user here has nothing to do with the system user, it is the user name in rsyncd.secrets! # if "auth users" is set, the client's connection request for the module will be authenticated by the rsync request challenged later. # the challenge/response authentication protocol used here. # the user's name and password are stored in clear text in the file specified by the "secrets file" option. By default, modules can be connected without a password (that is, anonymously). Auth users = zhangzksecrets file = / etc/rsyncd/rsyncd.secrets # password file exclude = error_log httpd.pid # ignored files or directories comment this is my log # Notes for this module, optional

/ etc/rsyncd/rsyncd.secrets password file, user name and password are separated by colons, multiple usernames and passwords can be multiple lines

Zhangzk:239fjdalk@893246dasaATDFBSadzhangab:669fjbalk@8sadf$3246dasaATDFBSaf

/ etc/rsyncd/rsyncd.motd login announcement

+ + John ABC rsync 2008-2099 +

5. Start the server

There are two ways to start the server.

1. Use the-- daemon parameter directly

/ usr/local/rsync/bin/rsync-daemon-config=/etc/rsyncd/rsyncd.conf

2.xinet mode

1)。 Modify / etc/services and add the following. If you already have one, you can not add it. If you change the port, you need to change port 873 to the designated port.

Rsync 873/tcp # rsync rsync 873/udp # rsync

2)。 Modify / etc/xinetd.d/rsync, mainly to open the rsync daemon, once there is a rsync client to connect, xinetd will refer it to rsyncd (port 873).

Service rsync {disable = no socket_type = stream wait = no user = root server = / usr/bin/rsync server_args =-- daemon-- config=/etc/rsyncd/rsynd.conf log_on_failure + = USERID}

3)。 Restart xinetd

Service xinetd restart

VI. Client configuration

Create a password file, / etc/rsyncd/rsyncd.pass, and modify it to 600 permissions

Touch / etc/rsyncd/rsyncd.pass chmod 600 / etc/rsyncd/rsyncd.pass

The password in / etc/rsyncd/rsyncd.pass needs to be consistent with the password of the specified user in / etc/rsyncd/rsyncd.pass.

239fjdalk@893246dasaATDFBSad

7. The client transfers files to the server. If it is port 873, you can remove-- port.

Rsync-vzrtopg-delete-progress / var/log/access.log zhangzk@192.168.1.100::logs-password-file=/etc/rsyncd/rsyncd.pass-port=873

If necessary, you can also pull files from the server. You need to remove the write only = yes in the / etc/rsyncd/rsyncd.conf of the server.

# pull the entire directory rsync-vzrtopg-- delete-- progress-- password-file=/etc/rsyncd/rsyncd.pass-- port=873 zhangzk@192.168.1.100::logs/ var/log# pull a single file rsync-vzrtopg-- delete-- progress-- password-file=/etc/rsyncd/rsyncd.pass-- port=873 zhangzk@192.168.1.100::logs/a.log / var/log

VIII. Complimentary / etc/init.d/rsync

#! / bin/bash # chkconfig:-85 15 # description: rsyncstatus1=$ (ps-ef | egrep "rsync-- daemon.*rsyncd.conf" | grep-v 'grep') pidfile= "/ var/run/rsyncd.pid" start_rsync= "rsync-- daemon-- config=/etc/rsyncd/rsyncd.conf" function rsyncstart () {if ["${status1} X" = = "X"] Then rm-f $pidfile ${start_rsync} status2=$ (ps-ef | egrep "rsync-- daemon.*rsyncd.conf" | grep-v 'grep') if ["${status2} X"! = "X"]; then echo "rsync service start.OK" fi else echo "rsync service is running!" Fi} function rsyncstop () {if ["${status1} X"! = "X"]; then kill-9 $(cat $pidfile) status2=$ (ps-ef | egrep "rsync-- daemon.*rsyncd.conf" | grep-v 'grep') if ["${statusw2} X" = "X"]; then echo "rsync service stop.OK" fi else echo "rsync service is not running!" Fi} function rsyncstatus () {if ["${status1} X"! = "X"]; then echo "rsync service is running!" Else echo "rsync service is not running!" Fi} function rsyncrestart () {if ["${status1} X" = = "X"]; then echo "rsync service is not running..." Rsyncstart else rsyncstop rsyncstart fi} case $1 in "start") rsyncstart;; "stop") rsyncstop;; "status") rsyncstatus;; "restart") rsyncrestart;; *) echo echo "Usage: $0 start | stop | restart | status" echo esac

IX. Complimentary configuration parameters

Global parameter

All parameters before [module] in the file are global parameters, of course, module parameters can also be defined in the global parameters section, in which case the value of this parameter is the default value of all modules.

Port

Specifies the port number used by the daemon, which defaults to 873.

Motd file

The "motd file" parameter is used to specify a message file whose contents are displayed to the client when the client connects to the server. There is no motd file by default.

Log file

"log file" specifies the log file for rsync and does not send the log to syslog. For example, you can specify "/ var/log/rsyncd.log".

Pid file

Specifies the pid file for rsync, usually specified as "/ var/run/rsyncd.pid".

Syslog facility

Specifies the message level when rsync sends log messages to syslog. The common message levels are: uth, authpriv, cron, daemon, ftp, kern, lpr, mail, news, security, sys-log, user, uucp, local0, local1, local2, local3,local4, local5, local6 and local7. The default value is daemon.

Module parameters

The main purpose is to define which directory of the server will be synchronized. The format must be in the form of "[module]", which is the name you see on the rsync client, but is actually a bit like the share name provided by the Samba server. The data that the server actually synchronizes is specified through path. We can specify multiple modules according to our own needs, and the following parameters can be defined in the module:

Comment

Assign a description to the module, which, together with the module name, is displayed to the customer when the customer connection gets the module list. There is no description definition by default.

Path

Specify the directory tree path for the module to back up. This parameter must be specified.

Use chroot

If "use chroot" is specified as true, rsync first chroot to the directory specified by the path parameter before transferring the file. The reason for this is to implement additional security, but the drawback is that you need roots permissions, and you cannot back up the directory files pointed to by symbolic links that point to the outside. By default, the color value is true.

Uid

This option specifies the uid that the daemon should have when the module transfers files, and uses the gid option to determine which file permissions can be accessed and what. The default value is "nobody".

Gid

This option specifies the gid that the daemon should have when the module transfers files. The default is "nobody".

Max connections

Specify the maximum number of concurrent connections for the module to protect the server, and connection requests that exceed the limit will be told to try again later. The default value is 0, which means there is no limit.

List

This option sets whether the module should be listed when the customer requests a list of modules that can be used. If you set this option to false, you can create hidden modules. The default value is true.

Read only

This option sets whether customers are allowed to upload files. If it is true, then any upload request will fail, and if it is false and read and write permissions to the server directory are allowed, then upload is allowed. The default is true.

Exclude

Lets you specify multiple files or directories (relative paths) separated by spaces and add them to the exclude list. This is equivalent to using-- exclude in the client command to specify the mode, and a module can specify only one exclude option. It is important to note, however, that this option has some security issues, and customers are likely to bypass the exclude list, and if you want to ensure that specific files cannot be accessed, it is best to use it in conjunction with the uid/gid option.

Exclude from

Specify a file name that contains the definition of the exclude schema from which the server reads the exclude list definition.

Include

Used to specify files or directories that meet the requirements that are not excluded. This is equivalent to using-- include in client commands to specify patterns, and combining include and exclude can define complex exclude/include rules.

Include from

Specify a file name that contains the definition of the include schema from which the server reads the include list definition.

Auth users

This option specifies a list of user names separated by spaces or commas, and only these users are allowed to connect to the module. The users here have nothing to do with the users of the system. If "auth users" is set, the client's connection request for the module will later be authenticated by the rsync request challenged to authenticate the challenge/response authentication protocol used here. The user's name and password are stored in clear text in the file specified by the "secrets file" option. By default, modules can be connected without a password (that is, anonymously).

Secrets file

This option specifies a file that contains a user name: password pair that is defined. This file is useful only if "auth users" is defined. Each line of the file contains a username:passwd pair. Generally speaking, the password should not exceed 8 characters. There is no default secures file name, one needs to be specified in a limited format (for example: / etc/rsyncd.passwd). Note: the permissions of this file must be 600, otherwise the client will not be able to connect to the server.

Strict modes

This option specifies whether to monitor the permissions of the password file. If the option value is true, the password file can only be accessed by users who are running as the rsync server, and no other user can access the file. The default is true.

Hosts allow

This option specifies which IP customers are allowed to connect to the module. The customer schema definition can be in the following form:

A single IP address, for example: 192.167.0.1

The entire network segment, for example: 192.168.0.0amp 24, can also be 192.168.0.0amp 255.255.255.0

Multiple IP or network segments need to be separated by spaces, "*" means all, and all hosts are allowed to connect by default.

Hosts deny

Specify machines that are not allowed to connect to the rsync server, which can be defined using the definition of hosts allow. There is no hosts deny definition by default.

Ignore errors

Specifies that rsyncd ignores IO errors on server when determining whether to run delete operations on transport. Generally speaking, rsync will skip the-- delete operation when an IO error occurs to prevent serious problems caused by temporary insufficient resources or other IO errors.

Ignore nonreadable

Specifies that the rysnc server completely ignores files that the user does not have access to. This makes sense when there are some files in the directory that need to be backed up that should not be available to the backup person.

Lock file

Specifies the lock file that supports the max connections parameter, and the default value is / var/run/rsyncd.lock.

Transfer logging

Have the rsync server use files in ftp format to record downloads and uploads in its own separate log.

Log format

With this option, users can customize the fields of the log file when using transfer logging. The format is a string that contains format definers, and the format definers you can use are as follows:

H remote hostname

A remote IP address

L file length characters

% p process id of this rsync session

% o Action type: "send" or "recv"

% f file name

% P module path

% m module name

T current time

% u authenticated user name (null when anonymous)

% b actual number of bytes transferred

C when a file is sent, this field records the check code of the file

The default log format is:% o% h [% a]% m (% u)% f% l ", generally speaking,"% t [% p] "is added to the header of each line. A perl script called rsyncstats is also released in the source code to count log files in this format.

Timeout

This option allows you to override the IP timeout specified by the customer. This option ensures that the rsync server does not wait forever for a crashed client. The timeout unit is seconds, and 0 indicates that there is no timeout definition, which is also the default value. For anonymous rsync servers, an ideal number is 600.

Refuse options

This option allows you to define a list of command parameters that customers are not allowed to use on this module. The full name of the command must be used here, not the abbreviation. However, when a command is rejected, the server reports an error message and exits. If you want to prevent the use of compression, it should be: "dont compress = *".

Dont compress

Used to specify files that are not compressed and retransferred. The default value is * .gz * .tgz * .zip * .z * .rpm * .deb * .iso * .bz2 * .tbz

10. Rsync order is attached.

-v,-- verbose detailed mode output-Q,-- quiet compact output mode-c,-- checksum turns on the check switch to force the file transfer to be checked-a,-archive archive mode, indicating that the file is transferred recursively and all file attributes are maintained. Equal to-rlptgoD-r,-- recursive processes subdirectories in recursive mode-R,-- relative uses relative path information-b,-- backup to create a backup, that is, rename the old file to ~ filename if the same file name already exists for the destination. You can use the-- suffix option to specify different backup file prefixes. -- backup-dir stores backup files (such as ~ filename) in a directory. -suffix=SUFFIX defines the backup file prefix-u,-update only to update, that is, to skip all files that already exist in DST and whose file time is later than that to be backed up. (do not overwrite updated files)-l,-- links retains soft links-- copy-links treats soft links like regular files-- copy-unsafe-links only copies links that point outside the SRC path directory tree-- safe-links ignores links outside the SRC path directory tree-H,-- hard-links retains hard links-- perms maintains file permissions-o -- owner keeps file ownership information-- g,-- group keeps file group information-- D,-- devices keeps device file information-- t,-- times keeps file time information-sparse performs special handling of sparse files to save DST space-- n,-- dry-run reality which files will be transferred-W,-- whole-file copy files. No incremental detection-x,-one-file-system do not cross file system boundaries-B,-block-size=SIZE check algorithm uses block size, default is 700byte-e,-rsh=COMMAND specifies data synchronization using rsh, ssh mode-rsync-path=PATH specifies the path information of rsync commands on the remote server-C,-cvs-exclude automatically ignores files in the same way as CVS Used to exclude files that you do not want to transfer-existing updates only those files that already exist in DST Without backing up those newly created files-- delete deletes those files that are not available in SRC in DST-- delete-excluded also deletes those files that are excluded by this option specified by this option-- delete after the delete-after transfer ends-- ignore-errors deletes even if there is an IO error-- max-delete=NUM deletes up to NUM files-- partial retains those files that have not been fully transferred for some reason. So speed up subsequent transfers-- force forcibly delete directories, even if not empty-- numeric-ids does not match numeric user and group ID to user and group names-- timeout=TIME IP timeout, in seconds-I,-- ignore-times does not skip files of the same time and length-- size-only when deciding whether to back up files Only look at the file size without considering the file time-- the timestamp window used by modify-window=NUM to determine whether the file is at the same time The default is 0-T-- temp-dir=DIR creates temporary files in DIR-- compare-dest=DIR also compares files in DIR to determine whether a backup is needed-P equals-- partial-- progress shows the backup process-z -- compress compresses backup files during transfer-- exclude=PATTERN specifies to exclude files that do not need to be transferred-- include=PATTERN specifies files that do not exclude but need to be transferred-- exclude-from=FILE excludes files in the specified mode in FILE-- include-from=FILE does not exclude files that match the specified pattern in FILE-- version print version information-- address binds to a specific address-- config=FILE specifies other configuration files. Do not use default rsyncd.conf file-port=PORT specifies other rsync service port-blocking-io uses blocking IO-stats for remote shell to give the transfer status of certain files-progress actual transfer process during transfer-log-format=formAT specifies log file format-password-file=FILE gets password from FILE-bwlimit=KBPS limits FILE O bandwidth, KBytes per second-h,-- help displays help information to finish reading the above Have you mastered how the Linux-Rsync server builds the client? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.