Posted in Red Hat/Centos 7

Configurer un serveur rSync

Configurer un serveur rSync Posted on 23/08/2016Leave a comment

Introduction

Voici la méthode pour installer et configurer un serveur rSync simplement. Pour ce LAB, j’ai créé un utilisateur “rsync”.

Installation

Installation des composants rsync et xinetd :

yum install rsync xinetd

On active les services Xinetd et rsync puis on les exécute :

[root@localhost ~]# systemctl enable rsyncd
[root@localhost ~]# systemctl enable xinetd
[root@localhost ~]# systemctl start rsyncd
[root@localhost ~]# systemctl start xinetd.service

On peut modifier le fichier de configuration de rSync (/etc/rsyncd.conf) :

[root@localhost ~]# vim /etc/rsyncd.conf
# /etc/rsyncd: configuration file for rsync daemon mode
# See rsyncd.conf man page for more options.

# configuration example:

hosts allow = <Hosts>
uid = rsync
gid = rsync
use chroot = false
max connections = 1
# pid file = /var/run/rsyncd.pid
# exclude = lost+found/
# transfer logging = yes
timeout = 900
read only = false
# ignore nonreadable = yes
# dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
[datadir]
path = /data
# [ftp]
# path = /home/ftp
# comment = ftp export area

Après la modification du fichier de configuration, nous le redémarrons.

[root@localhost ~]# systemctl restart rsyncd.service

Nous pouvons ouvrir le port 873

[root@localhost ~]# firewall-cmd --permanent --zone=public --add-port=873/tcp

Création du fichier pour le service rSync

[root@localhost ~]# vim /etc/xinetd.d/rsync
# default: off
# description: The rsync server is a good addition to an ftp server, as it \
# allows crc checksumming etc.
service rsync
{
#disable= no
# change
flags= IPv4
socket_type= stream
wait= no
user= root
server= /usr/bin/rsync
server_args= --daemon
log_on_failure+= USERID
}

On redémarre le serveur

[root@localhost ~]# systemctl reboot

La configuration de SELinux est parfois trop restrictive pour cet exemple j’ai choisi de mettre le mode “Permissive”.
Si vous souhaitez plus d’information voir ce lien : https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/SELinux_Users_and_Administrators_Guide/

[root@localhost ~]# getenforce
Enforcing
[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce
Permissive

Pour le modifier de façon permanente, vous pouvez modifier le fichier /etc/selinux/config

[root@localhost ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.