If the client is allowed there, the hosts deny directive is then read. If a client matches there, they are denied access-- even if specified in the allow list.
IP and hostname restrictions narrow the attack surface by device, but any user on those allowed devices will be able to access the rsync module. The auth users directive narrows the attack surface by user, limiting access to only specified accounts, regardless of device. When auth users is enabled and given a list of usernames, only those users can connect to the rsync daemon. This file contains the username and password combinations for rsync accounts.
This means the file should be heavily restricted. If the auth users directive is absent, the default is to allow all users. And just like that, if your rsync server is available from the internet, you have a data leak. The most important takeaway to remember when building a secure rsync setup is that by default, anyone can access the path. Anybody who finds the rsync server can pull the contents anonymously, without needing a password.
Incidentally, finding internet exposed rsync hosts is trivial when the default port is being used. It is always recommended to limit access to rsync by user and device. Every layer reduces the risk of data exposure. This illustrates the risks of using rsync in the enterprise, one which companies must be willing to take in order to employ its functionality.
However, there is another directive, called strict modes, that can offset the risk of the secrets file being compromised to some degree. Strict modes checks that the secrets file can only be accessed by the account under which the rsync daemon is running. For instance, if rsyncd is running under our dedicated rsync user as it should, with minimal privileges then only the rsync user should have access to read the secrets file.
The daemon checks the file permissions and will not run unless they are correct. That said, most enterprise class technology would never store passwords unencrypted in a text file. This is a qualitative difference between tools geared towards maximum functionality and platforms designed with business risks in mind.
However, with the proper care, even rsync can be fairly well protected against accidental and malicious access. Encryption is one area where rsync and rsyncd differ greatly. When rsync is used on the command line, a separate protocol, usually SSH, must be specified for the transfer. However, the rsync daemon does not encrypt traffic. This means that an rsync process can potentially be sniffed in transit by a third party, granting them access to whatever information is being transferred.
Therefore, rsync operations happening openly across the internet are extremely vulnerable to data exposure. All rsyncd traffic should occur within a protected intranet or inside of an encrypted tunnel or VPN.
At the enterprise level, there is no excuse for passing unencrypted data across the net. If rsync is open to the net, anyone who scans the server will find an open port. Changing the port from in the rsyncd. Like any enterprise service, access to the rsync port should be limited in scope.
Firewall ACLs can block unauthorized source IPs, much like the hosts allow and hosts deny directives in rsync itself. Consider the operations being carried out by rsync.
Is the data being copied important? If so, internet facing rsync is a massive vector of risk, and even with careful configuration can prove dangerous over time. Building a secure rsync setup for enterprise operations requires applying multiple layers of protection, each helping to minimize the surface area of the daemon and limit the remote connections that will be allowed access.
By following these three rules on every rsync module, you can reduce the chances of rsync-based data exposure significantly, allowing you to take advantage of the functionality of rsync without succumbing to its risks.
People make mistakes all the time, and without the right process controls, those mistakes can come back around as a data breach or major outage.
Get the complete guide on how to prioritize and remediate cyber risks. UpGuard BreachSight Monitor your business for data breaches and protect your customers' trust.
UpGuard Vendor Risk Control third-party vendor risk and improve your cyber security posture. UpGuard CyberResearch new. Always improving. Risk remediation requests now include both web and questionnaire risks. What's new in UpGuard December Release notes. Financial Services How UpGuard helps financial services companies secure customer data. Technology How UpGuard helps tech companies scale securely. Healthcare How UpGuard helps healthcare industry with security best practices.
Featured reads. Prevent Data Breaches Protect your sensitive data from breaches. Attack Surface Management What is attack surface management?
Vendor Risk Management What is vendor risk management? Blog Learn about the latest issues in cybersecurity and how they affect you. Breaches Stay up to date with security research and global news about data breaches.
Latest blog posts. How they Differ from IOCs. What is LDAP? But I don't want my friend or anyone who accesses my friend's server to be able to read whats on the external hdd. What is the best approach to this? Can you use rsync to send data to an encrypted hdd drive and somehow pass a passphrase along with the data that it uses to write it once it reaches the server?
I would take a look at Duplicity. It is free and easy to use. Warning There are some security concerns regarding encfs raised by this security review. Cryfs or ecryptfs should be considered instead sync local unencrypted data to remote encrypted backups via rsync..
It allows you to leverage rsync's delta-copy algorithm while encrypting your data locally and storing the encrypted blobs remotely. Here is my backup script based on Thor's answer still valid several years later! It adds copying of file. In my case, I am setting up a daily backup of my laptop and small servers to a external USB drive connected locally. I want to encrypt the backup just in case the drive disappears one day, together with some sensitive data.
A solution like the one you describe above requires sending your encryption key to your friend's machine. If we consider your friend an "untrusted site" you've just blown your security he can capture the key and read your data. If you want to be sure your friend can't read your backups you must encrypt the files before you send them e.
Note that doing this negates the delta benefits bandwidth savings of using rsync: The encrypted file will change substantially each time you make a backup, so you'll probably be copying the whole thing every time.
Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Learn more. Encrypted Remote Backups via Rsync? Ask Question. Asked 11 years, 6 months ago.
Active 9 months ago. Viewed 22k times. Improve this question. Now rsync throws errors for filenames that are longer than , which is expected due to the way filenames are encrypted on the target.
I thought about running a find for files with names longer than characters, writing to a temporary file and then using that as the --exclude-file for rsync. But is there a more elegant and reliable way to do this I'm missing? I don't want the cronjob to skip more files than strictly necessary, but I also need it to run without errors to not trigger a monitoring alert.
Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Learn more. Asked today. Active today.
0コメント