默认端口及扫描:
# nmap -p 873 --script rsync-list-modules <ip> # nmap -p 873 --script rsync-brute --script-args 'rsync-brute.module=www' <ip>
- https://nmap.org/nsedoc/scripts/rsync-list-modules.html
- https://nmap.org/nsedoc/scripts/rsync-brute.html
WooYun上的相关案例:
- http://www.wooyun.org/searchbug.php?q=cnN5bmM%3D&showall=1
- 58同城某站点未授权访问泄露少量数据库及脚本信息可上传文件 | WooYun-2015-98831
- 道有道某服务器未授权访问可上传文件 | WooYun-2015-107720
- http://www.wooyun.org/bugs/wooyun-2013-017131 #评论
配置:
搜索关键字:
- rsync 未授权
- Linux rsync how to set access control
- Linux rsync config with password
参考链接1:
- http://www.webtrafficexchange.com/how-make-backups-linux-and-rsync
- http://transamrit.net/docs/rsync/
- http://stackoverflow.com/questions/3299951/how-to-pass-password-for-rsync-ssh-command
- http://unix.stackexchange.com/questions/111526/rsync-without-prompt-for-password
- Linux下rsync同步服务的配置
参考链接2:
- http://linux.die.net/man/1/rsync
- http://www.thegeekstuff.com/2010/09/rsync-command-examples/
- https://www.digitalocean.com/community/tutorials/how-to-use-rsync-to-sync-local-and-remote-directories-on-a-vps
- http://www.techrepublic.com/blog/it-security/use-rsync-for-filesystem-integrity-auditing/
更多参考链接:
- http://serverfault.com/questions/211005/rsync-difference-between-checksum-and-ignore-times-options
- http://unix.stackexchange.com/questions/30970/does-rsync-verify-files-copied-between-two-local-drives
==
四点设置:降权(uid/gid),密码设置(auth users),模块枚举(list=no),访问白名单(hosts allow/deny)
《 “Rsync的配置学习” 》 有 2 条评论
未授权访问的tips
https://xz.aliyun.com/t/2320
https://github.com/se55i0n/DBScanner
`
a) Redis未授权访问
b) Jenkins未授权访问
c) MongoDB未授权访问
d) ZooKeeper未授权访问
e) Elasticsearch未授权访问
f) Memcache未授权访问
g) Hadoop未授权访问
h) CouchDB未授权访问
i) Docker未授权访问
`
如何保护 Rsync
https://www.upguard.com/blog/secure-rsync
`
Modern enterprise data centers are a complex mix of different technologies geared towards accomplishing business goals. Some of these technologies are pricy, big-name business solutions, but some are simple tools and utilities, facilitating processes. Linux sysadmins have been using rsync (remote synchronization) to move and mirror files for two decades, though versions of it now run on nearly every platform. Its lightweight build, small footprint, and usability make it a good choice for simple file copy operations. But this same asset is also a liability for many utilities: designed purely for functionality, they may not automatically account for potential risks to enterprise data. To successfully use rsync in the enterprise means protecting the data being transferred through it from accidental exposure.
现代企业数据中心是不同技术的复杂组合,旨在实现业务目标。其中一些技术是价格昂贵的大牌业务解决方案,而另一些则是简单的工具和实用程序,用于简化流程。二十年来,Linux 系统管理员一直在使用 rsync(远程同步)来移动和镜像文件,尽管它的版本现在几乎可以在所有平台上运行。rsync 的轻量级构建、占用空间小和易用性使其成为简单文件复制操作的上佳选择。但同样的优势也是许多实用工具的不足之处:纯粹为功能而设计的实用工具可能不会自动考虑企业数据的潜在风险。要在企业中成功使用 rsync,就意味着要保护通过它传输的数据不被意外暴露。
# 关于 Rsync
One of the great advantages of rsync over other similar utilities is that it is able to easily transfer only the delta between systems. For example, if you set up rsync on a file server and connect a backup server as the mirror, the initial sync will move every file in the specified path. After that first sync, rsync will only move the changes, keeping the mirror identical to the primary server and minimizing network traffic. This type of file copy procedure is extremely common for most organizations, and without process guidelines, techniques and utilities vary widely among individual admins.
与其他类似工具相比,rsync 的一大优势在于它能在系统间轻松地只传输 delta。例如,如果在文件服务器上设置 rsync,并连接备份服务器作为镜像,初始同步将移动指定路径中的所有文件。第一次同步后,rsync 将只移动更改,保持镜像与主服务器一致,最大限度地减少网络流量。这种类型的文件复制程序在大多数组织中都非常常见,但由于没有流程指南,不同管理员使用的技术和实用程序也大相径庭。
Despite its compact build, rsync does have security options that can protect the data it transfers. But like many pared-down tools, it does not invoke them by default, and the burden therefore rests on the person setting it up to configure it securely.
尽管 rsync 结构紧凑,但它的安全选项可以保护传输的数据。但与许多简洁的工具一样,它默认情况下并不调用这些选项,因此设置者有责任对其进行安全配置。
# 重要配置
在我们深入了解配置本身之前,有必要指出使用 rsync 有两种不同的方法。一种是命令行实用程序,所有细节都作为参数变量传递,这就是 rsync。rsync 的守护进程版本称为 rsyncd,它作为一项服务监听指定端口。Rsyncd 依靠 rsyncd.conf 进行配置,每个同步路径都有自己的选项块。Rsyncd 是涉及 rsync 的数据暴露媒介,因为匿名第三方可以在没有适当保护的情况下打开 Rsyncd。我们将重点关注 rsyncd,因为它是大规模使用 rsync 的最常见方式。
rsyncd.conf
List
Hosts Allow/Deny
Auth Users and the Secrets File
Strict Modes
Encryption
Open Port
为企业运行建立安全的 rsync 设置需要应用多层保护,每层保护都有助于最大限度地减少守护进程的表面积,并限制允许访问的远程连接。
1. 只允许必要的远程主机和用户账户(Only allow necessary remote hosts and user accounts)
2. 执行严格模式以验证机密文件访问权限(Enforce strict modes to validate secrets file access)
3. 通过隧道对所有 rsync 传输进行加密,或将其限制在内部网范围内(Encrypt all rsync transmissions through a tunnel or limit them to an intranet)
`