Incoming Rsync Connection Attempts
Greetings –
In my logwatch report this morning I noticed reference to an attempt to connect to rsync from an external IP address. It doesn’t appear that the connection was successful based on correlating information between
/var/log/secure and /var/log/messages. But I am looking for some suggestions for implementing more preventative measures, if necessary.
The log information from the last few attempts are shown below.
/var/log/secure Oct 13 00:14:08 Bison xinetd[2232]: START: rsync pid306
from0.97.106.36
Oct 13 01:55:51 Bison xinetd[2232]: START: rsync pid343 from
4 thoughts on - Incoming Rsync Connection Attempts
Jeff Boyce писал 2015-10-14 21:13:
You can block access to tcp/udp port 873 from external addresses. You probably don’t need rsync server either and can just disable it.
2015-10-14 20:13 GMT+02:00 Jeff Boyce:
Why do you have rsyncd enabled if you don’t have rsyncd.conf ? If your pusing backups using rsync over ssh, you don’t need rsynd.
— Laurent.
You have a RHEL 3.9 box exposed to the Internet?
block all ports except what you need at your firewall.
suggestion, retire FTP, and use something like OwnCloud for customer file transfers, this is a dropbox style web based file service.