Introduction
Voici la méthode pour installer et configurer un serveur rSync simplement. Pour ce LAB, j’ai créé un utilisateur “rsync”.
Installation
Installation des composants rsync et xinetd :
yum install rsync xinetd
On active les services Xinetd et rsync puis on les exécute :
[root@localhost ~]# systemctl enable rsyncd [root@localhost ~]# systemctl enable xinetd [root@localhost ~]# systemctl start rsyncd [root@localhost ~]# systemctl start xinetd.service
On peut modifier le fichier de configuration de rSync (/etc/rsyncd.conf) :
[root@localhost ~]# vim /etc/rsyncd.conf # /etc/rsyncd: configuration file for rsync daemon mode # See rsyncd.conf man page for more options. # configuration example: hosts allow = <Hosts> uid = rsync gid = rsync use chroot = false max connections = 1 # pid file = /var/run/rsyncd.pid # exclude = lost+found/ # transfer logging = yes timeout = 900 read only = false # ignore nonreadable = yes # dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2 [datadir] path = /data # [ftp] # path = /home/ftp # comment = ftp export area
Après la modification du fichier de configuration, nous le redémarrons.
[root@localhost ~]# systemctl restart rsyncd.service
Nous pouvons ouvrir le port 873
[root@localhost ~]# firewall-cmd --permanent --zone=public --add-port=873/tcp
Création du fichier pour le service rSync
[root@localhost ~]# vim /etc/xinetd.d/rsync # default: off # description: The rsync server is a good addition to an ftp server, as it \ # allows crc checksumming etc. service rsync { #disable= no # change flags= IPv4 socket_type= stream wait= no user= root server= /usr/bin/rsync server_args= --daemon log_on_failure+= USERID }
On redémarre le serveur
[root@localhost ~]# systemctl reboot
La configuration de SELinux est parfois trop restrictive pour cet exemple j’ai choisi de mettre le mode “Permissive”.
Si vous souhaitez plus d’information voir ce lien : https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/SELinux_Users_and_Administrators_Guide/
[root@localhost ~]# getenforce Enforcing [root@localhost ~]# setenforce 0 [root@localhost ~]# getenforce Permissive
Pour le modifier de façon permanente, vous pouvez modifier le fichier /etc/selinux/config
[root@localhost ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=permissive # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted