Incoming rsync connection attempts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Greetings -
In my logwatch report this morning I noticed reference to an attempt to connect to rsync from an external IP address. It doesn't appear that the connection was successful based on correlating information between /var/log/secure and /var/log/messages. But I am looking for some suggestions for implementing more preventative measures, if necessary. The log information from the last few attempts are shown below. 

/var/log/secure
Oct 13 00:14:08 Bison xinetd[2232]: START: rsync pid=15306 from=180.97.106.36 
Oct 13 01:55:51 Bison xinetd[2232]: START: rsync pid=15343 from=85.25.43.94
Oct 13 23:25:35 Bison xinetd[2232]: START: rsync pid=16548 from=114.119.37.86 

/var/log/messages
Oct 13 00:14:08 Bison rsyncd[15306]: rsync: unable to open configuration file "/etc/rsyncd.conf": No such file or directory (2) Oct 13 00:14:08 Bison rsyncd[15306]: rsync error: syntax or usage error (code 1) at clientserver.c(923) [receiver=3.0.5] Oct 13 01:55:51 Bison rsyncd[15343]: rsync: unable to open configuration file "/etc/rsyncd.conf": No such file or directory (2) Oct 13 01:55:51 Bison rsyncd[15343]: rsync error: syntax or usage error (code 1) at clientserver.c(923) [receiver=3.0.5] Oct 13 23:25:35 Bison rsyncd[16548]: rsync: unable to open configuration file "/etc/rsyncd.conf": No such file or directory (2) Oct 13 23:25:35 Bison rsyncd[16548]: rsync error: syntax or usage error (code 1) at clientserver.c(923) [receiver=3.0.5]
There is no /etc/rsyncd.conf file present on the system, so I can see why the connection wasn't successful. Our backups get pushed to this one from other servers using rsync.
This is on a RHEL 3.9 box (Dell PE2600, year 2004) that is primarily used as backup storage within our LAN. I will retire it when it dies, until then it runs fairly maintenance free. I do have a public IP address assigned to the WAN because we have a vsftp server running on it for transferring files back and forth to a few clients, and I occasionally access the server remotely. I am wondering if there is anything relatively simple that I can do to address these attempted connections, until I have time to move our vsftp server from it and remove the public IP address from the WAN? Thanks. 

Jeff

--

Jeff Boyce
Meridian Environmental


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux