{"id":3348,"date":"2018-12-01T19:49:59","date_gmt":"2018-12-01T19:49:59","guid":{"rendered":"https:\/\/tst-amo.net.ua\/blog\/?p=3348"},"modified":"2018-12-01T20:31:09","modified_gmt":"2018-12-01T20:31:09","slug":"rsyncd","status":"publish","type":"post","link":"https:\/\/tst-amo.net.ua\/blog\/?p=3348","title":{"rendered":"rsyncd"},"content":{"rendered":"

\u041d\u0430 \u043c\u0430\u0448\u0438\u043d\u0435 \u0441 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043d\u0443\u0436\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0431\u0435\u043a\u0430\u043f (server).<\/h4>\n
$ sudo yum install -y rsync<\/pre>\n
$ sudo vim \/etc\/rsyncd.conf<\/pre>\n
# \/etc\/rsyncd: configuration file for rsync daemon mode\r\n# See rsyncd.conf man page for more options.\r\n# configuration example:\r\n\r\nuid = nobody\r\ngid = nobody\r\nuse chroot = no\r\nmax connections = 4\r\npid file = \/var\/run\/rsyncd.pid\r\nexclude = lost+found\/\r\ntransfer logging = yes\r\n# timeout = 900\r\n# ignore nonreadable = yes\r\ndont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2\r\n\r\n[sdata]\r\n   path = \/home\/lora\/_backup\/SDATA\/\r\n   comment = SDATA imp\r\n   hosts allow = xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy\r\n   secrets file = \/etc\/rsync.d\/rsyncd.secrets<\/pre>\n
$ sudo mkdir -p \/etc\/rsync.d<\/pre>\n
$ sudo cat \/etc\/rsync.d\/rsyncd.secrets\r\nlora:password<\/pre>\n
\u041d\u0430 \u043c\u0430\u0448\u0438\u043d\u0435 \u0441 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0431\u0443\u0434\u0435\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u044c\u0441\u044f \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u044f (\u043a\u043b\u0438\u0435\u043d\u0442)<\/h4>\n
$ sudo yum install -y rsync\r\n\r\n$ sudo vim \/etc\/rsyncd.conf\r\n# Set this if you want to stop rsync daemon with rc.d scripts\r\npid file = \/var\/run\/rsyncd.pid\r\nmotd file = \/etc\/rsync.d\/new_motd\r\nexclude = lost+found\/\r\ntransfer logging = yes\r\nlog file = \/var\/log\/rsyncd.log\r\n\r\n# Edit this file before running rsync daemon!!\r\n\r\nuid = nobody\r\ngid = nobody\r\nuse chroot = no\r\nmax connections = 4\r\n\r\ndont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2\r\n\r\n[sdata]\r\n\u00a0 \u00a0 path = \/home\/lora\/_backup\/SDATA\/\r\n\u00a0 \u00a0 comment = SDATA \r\n\u00a0 \u00a0 auth users = lora\r\n\u00a0 \u00a0 secrets file = \/etc\/rsync.d\/rsyncd.secrets<\/pre>\n
Firewalld<\/h4>\n
\u041d\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u0435 \u0438 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u043c \u043f\u043e\u0440\u0442 (873<\/span>) \u0438\u043b\u0438 \u0440\u0430\u0437\u0440\u0435\u0448\u0430\u0435\u043c \u0441\u0435\u0440\u0432\u0438\u0441<\/p>\n
$ sudo firewall-cmd --get-active-zones\r\n$ sudo firewall-cmd --zone=public --list-all\r\n$ sudo firewall-cmd --permanent --zone=public --add-service=http\r\n$ sudo firewall-cmd --reload\r\n$ sudo firewall-cmd --list-all\r\npublic (active)\r\n   target: default\r\n   icmp-block-inversion: no\r\n   interfaces: enp64s0\r\n   sources:\r\n   services: ssh samba rsyncd<\/span>\r\n   ports: 5001\/tcp\r\n   protocols:\r\n   masquerade: no\r\n   forward-ports:\r\n   source-ports:\r\n   icmp-blocks:\r\n   rich rules:<\/pre>\n
\u0412\u043a\u043b\u044e\u0447\u0430\u0435\u043c \u0441\u0435\u0440\u0432\u0438\u0441 \u0438 \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0432 \u0430\u0432\u0442\u043e\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443<\/p>\n
$ sudo systemctl start rsyncd\r\n$\u00a0sudo systemctl status rsyncd\r\n$ sudo systemctl enable rsyncd<\/pre>\n
\u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u0441\u043b\u0443\u0448\u0430\u0435\u0442\u0441\u044f \u043b\u0438 \u043f\u043e\u0440\u0442<\/p>\n
$ ss -tul | grep rsync\r\ntcp    LISTEN   0   5    *:rsync     *:* \r\ntcp    LISTEN   0   5   :::rsync    :::*<\/pre>\n
\u043d\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u0435 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c \u0441\u043a\u0440\u0438\u043f\u0442 \u0432\u0438\u0434\u0430<\/h4>\n
$ vim rsync_backup_sdata.sh\r\n\r\n#!\/bin\/sh\r\n#\r\nrsync -urlogt --password-file=\/etc\/rsync.d\/rsyncd.secrets lora<\/span>@192.168.0.19::sdata \/home\/lora\/_backup\/SDATA\/\r\n\r\n$ chmod +x rsync_backup_sdata.sh<\/pre>\n
\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 SELinux<\/h4>\n
\u041f\u0440\u0438 \u043f\u043e\u043f\u044b\u0442\u043a\u0435 \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432 \u043b\u043e\u0433\u0430\u0445 \u043f\u043e\u044f\u0432\u0438\u043b\u043e\u0441\u044c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435 \u0432\u0438\u0434\u0430:<\/p>\n
avc: denied { search } for pid=26577 comm=\"rsync\" name=\"lora\" dev=\"md124\" ino=99 scontext=system_u:system_r:rsync_t:s0 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir<\/pre>\n
\u0417\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c \u0438 \u0441\u043b\u0435\u0434\u0443\u0435\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u043c<\/p>\n
# sealert -a \/var\/log\/audit\/audit.log\u00a0\u00a0\r\n\r\n# semanage fcontext -a -t rsync_data_t \"\/home\/lora(\/.*)?\"\r\n# restorecon -Rv \/home\/lora\/<\/pre>\n
\u0422\u0435\u043f\u0435\u0440\u044c:<\/p>\n
$ ls -Zd\r\ndrwx------. lora lora unconfined_u:object_r:rsync_data_t:s0<\/pre>\n
\u041f\u0440\u043e\u0431\u0443\u0435\u043c \u0441\u043e\u0435\u0434\u0438\u043d\u0438\u0442\u044c\u0441\u044f. \u0415\u0441\u043b\u0438 \u0432\u0441\u0435 \u043d\u043e\u0440\u043c\u0430\u043b\u044c\u043d\u043e \u0441\u0442\u0430\u0432\u0438\u043c \u043d\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u0435 \u0437\u0430\u0434\u0430\u043d\u0438\u0435 \u0432 \u043a\u0440\u043e\u043d:<\/p>\n
$ sudo crontab -e<\/pre>\n
45 2 * * * \/home\/lora\/bin\/rsync_backup_sdata.sh<\/pre>\n
 <\/p>\n
\"image_pdf\"<\/a>\"image_print\"<\/a><\/div>","protected":false},"excerpt":{"rendered":"
\u041d\u0430 \u043c\u0430\u0448\u0438\u043d\u0435 \u0441 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043d\u0443\u0436\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0431\u0435\u043a\u0430\u043f (server). $ sudo yum install -y rsync $ sudo vim \/etc\/rsyncd.conf # \/etc\/rsyncd: configuration file for rsync daemon mode # See rsyncd.conf man page for more options. # configuration example: uid = nobody gid = nobody use chroot = no max connections = 4 pid file = \/var\/run\/rsyncd.pid …<\/p>\n
Continue reading ‘rsyncd’ »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[47,195],"tags":[],"class_list":["post-3348","post","type-post","status-publish","format-standard","hentry","category-linux","category-rsync"],"_links":{"self":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3348"}],"collection":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3348"}],"version-history":[{"count":9,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3348\/revisions"}],"predecessor-version":[{"id":3358,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3348\/revisions\/3358"}],"wp:attachment":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}