Jeff Boyce писал 2015-10-14 21:13:
Greetings -
In my logwatch report this morning I noticed reference to an attempt
to connect to rsync from an external IP address. It doesn't appear
that the connection was successful based on correlating information
between /var/log/secure and /var/log/messages. But I am looking for
some suggestions for implementing more preventative measures, if
necessary. The log information from the last few attempts are shown
below.
/var/log/secure
Oct 13 00:14:08 Bison xinetd[2232]: START: rsync pid=15306
from=180.97.106.36
Oct 13 01:55:51 Bison xinetd[2232]: START: rsync pid=15343
from=85.25.43.94
Oct 13 23:25:35 Bison xinetd[2232]: START: rsync pid=16548
from=114.119.37.86
/var/log/messages
Oct 13 00:14:08 Bison rsyncd[15306]: rsync: unable to open
configuration file "/etc/rsyncd.conf": No such file or directory (2)
Oct 13 00:14:08 Bison rsyncd[15306]: rsync error: syntax or usage
error (code 1) at clientserver.c(923) [receiver=3.0.5]
Oct 13 01:55:51 Bison rsyncd[15343]: rsync: unable to open
configuration file "/etc/rsyncd.conf": No such file or directory (2)
Oct 13 01:55:51 Bison rsyncd[15343]: rsync error: syntax or usage
error (code 1) at clientserver.c(923) [receiver=3.0.5]
Oct 13 23:25:35 Bison rsyncd[16548]: rsync: unable to open
configuration file "/etc/rsyncd.conf": No such file or directory (2)
Oct 13 23:25:35 Bison rsyncd[16548]: rsync error: syntax or usage
error (code 1) at clientserver.c(923) [receiver=3.0.5]
There is no /etc/rsyncd.conf file present on the system, so I can see
why the connection wasn't successful. Our backups get pushed to this
one from other servers using rsync.
You can block access to tcp/udp port 873 from external addresses.
You probably don't need rsync server either and can just disable it.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
