linux - rsync

If the host computer is not running SSH (or RSH), we can configure and run rsync as a daemon in this computer. This would have rsync listening to the port 873 for incoming connections from other computers utilizing rsync. While this is not recommended for the transfer of files across unsecured networks, such as the Internet, because the actual data transfer is not encrypted, we can use this to keep information synchronized between different computers in internal networks, as well as perform backups.

There are two different approaches to have rsync running as a daemon, one is to launch the program with the –daemon parameter, and the other is to have inetd or xinetd to launch rsync and have it running as the other services that inetd and xinetd handles. But first, we must configure the file /etc/rsyncd.conf and create a file named rsyncd.secrets in /etc with the different usernames and passwords that will be allowed to connect to the rsync daemon.

As an example I am going to make available a folder called Documents inside my home folder (/home/juan) and show how to use a command to copy a directory from a different computer. All the uses that were covered in the post Synchronizing folders with rsync can be done with the rsync daemon, the only thing that changes is the addressing of either the source folder or the destination folder, whichever is the one that resides remotely.

Configuring rsyncd.conf

This file is located in the directory /etc, if it doesn’t already exists, we need to create it there. We open the file in our preferred text editor, I am going to use gedit for the examples but we can use any editor such as kate in KDE, nano in a terminal, Vim, etc.

sudo gedit /etc/rsyncd.conf

In this file we add the following lines:

lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid

[documents]
    path = /home/juan/Documents
    comment = The documents folder of Juan
    uid = juan
    gid = juan
    read only = no
    list = yes
    auth users = rsyncclient
    secrets file = /etc/rsyncd.secrets
    hosts allow = 192.168.1.0/255.255.255.0

or

syslog facility = local5
pid file = /var/run/rsyncd.pid
log file = /var/log/rsyncd.log
lock file = /var/run/rsyncd.lock
use chroot = yes
uid = root
gid = root
max connections = 10240
timeout = 600
read only = no
hosts allow = 192.168.1.0/24
#hosts deny = *
ignore errors = yes

[files]
    path = /data1/files
[www]
    path = /data/www

We can divide this file in two sections, the global parameters and the modules section. The global parameters define the overall behavior of rsync. Besides the three parameters that I use here and which I explain below, we can also configure things such as the port rsync will listen too, but we are going to go with the default 873.

• lock file is the file that rsync uses to handle the maximum number of connections
• log file is where rsync will save any information about it’s activity; when it started running, when and from where does other computers connect, and any errors it encounters.
• pid file is where the rsync daemon will write the process id that has been assigned to it, this is useful because we can use this process id to stop the daemon.

After the global parameters, we have the modules section, every module is a folder that we share with rsync, the important parts here are:

• [name] is the name that we assign to the module. Each module exports a directory tree. The module name can not contain slashes or a closing square bracket.
• path is the path of the folder that we are making available with rsync
• comment is a comment that appears next to the module name when a client obtain the list of all available modules
• uid When the rsync daemon is run as root, we can specify which user owns the files that are transfer from and to.
• gid This allows us to set the group that own the files that are transferred if the daemon is run as root
• read only determines if the clients who connect to rsync can upload files or not, the default of this parameter is true for all modules.
• list allows the module to be listed when clients ask for a list of available modules, setting this to false hides the module from the listing.
• auth users is a list of users allowed to access the content of this module, the users are separated by comas. The users don’t need to exist in the system, they are defined by the secrets file.
• secrets file defines the file that contains the usernames and passwords of the valid users for rsync
• hosts allow are the addresses allowed to connect to the system. Without this parameter all hosts are allowed to connect.

Creating the secrets file

Once rsyncd.conf is properly set, we need to create the secrets file. This file contains all of the usernames and passwords that will be able to log in to the rsync daemon, this usernames and passwords are independent of the user that exist in the system, so we can create users whom already exist in the system without problems. As we specified the file /etc/rsyncd.secrets in rsyncd.conf, we will create and edit this file it in our favorite text editor:

sudo gedit /etc/rsyncd.secrets

In this file we add the usernames and the passwords, one per line, separated by a colon (I don’t actually use passwords that are this simple, and you shouldn’t either):

rsyncclient:passWord
juan:PassWord
backup:Password
user:password

Finally, change the permission of this file so it can’t be read or modified by other users, rsync will fail if the permissions of this file are not appropriately set:

sudo chmod 600 /etc/rsyncd.secrets

Launching rsync with the –daemon attribute

Once everything is set, one of the ways to use rsync as a daemon is launching it with the –daemon parameter, if you followed the previous instructions you can simply use this command:

sudo rsync --daemon

We can check if it is running by seeing the log file that we defined in rsyncd.conf, in our example this is located in /var/log/rsyncd.log. Additionally, if the daemon is running, the file /var/run/rsyncd.pid will contain the process ID of rsync.

If we launched rsync in this manner, we can stop it by killing its process. We can obtaining the process ID by reading the contents of the file /var/run/rsyncd.pid and then invoke kill with this process ID. We can pass it directly to kill using:

sudo kill `cat /var/run/rsyncd.pid`

Using inetd to handle the rsync daemon

inetd, the InterNET Daemon, can handle all the services associated with Internet, such as FTP, telnet, and e-mail. While inetd is still used, due to security concerns it is being replaced by other more modern alternatives, a very popular one is xinetd (eXtended InterNET Daemon). Since the rsync daemon works using an Internet connection, we can add it to inetd or xinetd and allow either of them to handle it.

To enable rsync in inetd, we need to open the file /etc/inetd.conf in our favorite text editor and add the following line to it, assuming rsync is in /usr/bin as it should be in Linux distributions:

sudo gedit /etc/inetd.conf

Then add the following line:

rsync stream tcp nowait root /usr/bin/rsync rsync --daemon

When using inetd we need to get sure that the port 873 is appropriately mapped to rsync in the file /etc/services, by default it must be, we can check using:

cat /etc/services | grep rsync

It should show us this:

rsync 873/tcp

If you don’t see this, then open the file /etc/services in a text editor and add that line.

Finally, restart the inetd daemon:

killall -1 inetd

Using xinetd to handle the rsync daemon

xinetd, the eXtended InterNET daemon, is a widely adopted replacement for inetd, as inetd doesn’t offer security mechanisms. The handling of services is different from inetd. xinetd may already have an entry for rsync that just needs to be enabled, the rsync configuration resides in the file /etc/xinetd.d/rsync, open this file in your text editor:

sudo gedit /etc/xinetd.d/rsync

and change the line disable = yes to disable = no.

If this file doesn’t already exist, you can create it and edit it:

sudo gedit /etc/xinetd.d/rsync

And add the following lines to it:

service rsync
{
    disable         = no
    socket_type     = stream
    port            = 873
    protocol        = tcp
    wait            = no
    user            = root
    server          = /usr/bin/rsync
    server_args     = --daemon
    log_on_failure  += USERID
}

Unlike inetd, xinetd doesn’t need to have an entry in /etc/services, it can handle the port/protocol by itself. If rsync is defined in /etc/services, the lines port and protocol can be omitted. And now restart the xinetd daemon:

killall -1 xinetd

Connecting to the rsync daemon

To connect to rsync when it is running as a Daemon, instead of use a colon as we do when using SSH, we need to use a double colon, followed by the module name, and the file or folder that we want to copy or synchronize, we can use:

rsync -rtv user@host::module/source/ destination/

Another way to access the file would be using rsync:// followed by the host’s address, the module, and finally the location of file or folder that we want to access:

rsync -rtv rsync://user@host/module/source/ destination/

For example, taking the parameters given in the example of rsyncd.conf that I posted, a way to transfer a folder called “source” inside the folder /home/juan/Documents of the host computer, would be using any of this two parameters, assuming the host is located at 192.168.1.100

rsync -rtv juan@192.168.1.100::documents/source/ destination/
rsync -rtv rsync://juan@192.168.1.100/documents/source/ destination/

Just remember that the user that appears there is one of the users that we defined in /etc/rsyncd.secrets and not a user of the host computer.

scan rsync

msf > use auxiliary/scanner/rsync/modules_list 
msf auxiliary(modules_list) > set RHOSTS 192.168.1.111
RHOSTS => 192.168.1.111
msf auxiliary(modules_list) > run

[+] 192.168.1.111:873 - rsync @RSYNCD: 30.0 found
[+] 192.168.1.111:873 - rsync listing found
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(modules_list) > notes 
[*] Time: 2015-04-22 03:24:48 UTC Note: host=192.168.1.111 service=rsync port=873 protocol=tcp type=rsync_version data="@RSYNCD: 30.0"
[*] Time: 2015-04-22 03:24:48 UTC Note: host=192.168.1.111 service=rsync port=873 protocol=tcp type=rsync_listing data="documents      \\x09The documents folder of Juan"

or we can do it with nmap.

[nixawk@core ~]$ nmap -v -n -Pn -p 873 --script rsync-list-modules 192.168.1.111

Starting Nmap 6.47 ( http://nmap.org ) at 2015-04-22 03:27 UTC
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating Connect Scan at 03:27
Scanning 192.168.1.111 [1 port]
Discovered open port 873/tcp on 192.168.1.111
Completed Connect Scan at 03:27, 0.00s elapsed (1 total ports)
NSE: Script scanning 192.168.1.111.
Initiating NSE at 03:27
Completed NSE at 03:27, 0.05s elapsed
Nmap scan report for 192.168.1.111
Host is up (0.00059s latency).
PORT    STATE SERVICE
873/tcp open  rsync
| rsync-list-modules: 
|_  documents       The documents folder of Juan

NSE: Script Post-scanning.
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.36 seconds

we can use rsync command also:

[nixawk@core ~]$ rsync 192.168.1.111::
documents       The documents folder of Juan

References

1. http://www.jveweb.net/en/archives/2011/01/running-rsync-as-a-daemon.html
2. http://www.cyberciti.biz/tips/linux-use-rsync-transfer-mirror-files-directories.html
3. http://bobao.360.cn/learning/detail/266.html