默认端口及扫描：

# nmap -p 873 --script rsync-list-modules <ip>
# nmap -p 873 --script rsync-brute --script-args 'rsync-brute.module=www' <ip>

• https://nmap.org/nsedoc/scripts/rsync-list-modules.html
• https://nmap.org/nsedoc/scripts/rsync-brute.html

WooYun上的相关案例：

• http://www.wooyun.org/searchbug.php?q=cnN5bmM%3D&showall=1
• 58同城某站点未授权访问泄露少量数据库及脚本信息可上传文件 | WooYun-2015-98831
• 道有道某服务器未授权访问可上传文件 | WooYun-2015-107720
• http://www.wooyun.org/bugs/wooyun-2013-017131  #评论

配置：

• http://linux.die.net/man/5/rsyncd.conf
• http://everythinglinux.org/rsync/

搜索关键字：

• rsync 未授权
• Linux rsync how to set access control
• Linux rsync config with password

参考链接1：

• http://www.webtrafficexchange.com/how-make-backups-linux-and-rsync
• http://transamrit.net/docs/rsync/
• http://stackoverflow.com/questions/3299951/how-to-pass-password-for-rsync-ssh-command
• http://unix.stackexchange.com/questions/111526/rsync-without-prompt-for-password
• Linux下rsync同步服务的配置

参考链接2：

• http://linux.die.net/man/1/rsync
• http://www.thegeekstuff.com/2010/09/rsync-command-examples/
• https://www.digitalocean.com/community/tutorials/how-to-use-rsync-to-sync-local-and-remote-directories-on-a-vps
• http://www.techrepublic.com/blog/it-security/use-rsync-for-filesystem-integrity-auditing/

更多参考链接：

• http://serverfault.com/questions/211005/rsync-difference-between-checksum-and-ignore-times-options
• http://unix.stackexchange.com/questions/30970/does-rsync-verify-files-copied-between-two-local-drives

==

四点设置：降权(uid/gid)，密码设置(auth users)，模块枚举(list=no)，访问白名单(hosts allow/deny)