Configurer un serveur rSync

Introduction

Voici la méthode pour installer et configurer un serveur rSync simplement. Pour ce LAB, j’ai créé un utilisateur “rsync”.

Installation

Installation des composants rsync et xinetd :

yum install rsync xinetd

On active les services Xinetd et rsync puis on les exécute :

[root@localhost ~]# systemctl enable rsyncd
[root@localhost ~]# systemctl enable xinetd
[root@localhost ~]# systemctl start rsyncd
[root@localhost ~]# systemctl start xinetd.service

On peut modifier le fichier de configuration de rSync (/etc/rsyncd.conf) :

[root@localhost ~]# vim /etc/rsyncd.conf
# /etc/rsyncd: configuration file for rsync daemon mode
# See rsyncd.conf man page for more options.

# configuration example:

hosts allow = <Hosts>
uid = rsync
gid = rsync
use chroot = false
max connections = 1
# pid file = /var/run/rsyncd.pid
# exclude = lost+found/
# transfer logging = yes
timeout = 900
read only = false
# ignore nonreadable = yes
# dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
[datadir]
path = /data
# [ftp]
# path = /home/ftp
# comment = ftp export area

Après la modification du fichier de configuration, nous le redémarrons.

[root@localhost ~]# systemctl restart rsyncd.service

Nous pouvons ouvrir le port 873

[root@localhost ~]# firewall-cmd --permanent --zone=public --add-port=873/tcp

Création du fichier pour le service rSync

[root@localhost ~]# vim /etc/xinetd.d/rsync
# default: off
# description: The rsync server is a good addition to an ftp server, as it \
# allows crc checksumming etc.
service rsync
{
#disable= no
# change
flags= IPv4
socket_type= stream
wait= no
user= root
server= /usr/bin/rsync
server_args= --daemon
log_on_failure+= USERID
}

On redémarre le serveur

[root@localhost ~]# systemctl reboot

La configuration de SELinux est parfois trop restrictive pour cet exemple j’ai choisi de mettre le mode “Permissive”.
Si vous souhaitez plus d’information voir ce lien : https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/SELinux_Users_and_Administrators_Guide/

[root@localhost ~]# getenforce
Enforcing
[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce
Permissive

Pour le modifier de façon permanente, vous pouvez modifier le fichier /etc/selinux/config

[root@localhost ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.