Recommended settings and Security

2 posts / 0 new
Last post
openmind
Offline
Last seen: 9 years 3 months ago
Joined: 29.02.2012 - 10:59
Recommended settings and Security

Hi,

I've manage to get cwRsync up and running and successfully ran a sync from one of my Linux Servers to my Windows box but I have a couple of questions...

1) We are going to be using rsync on a number of servers, some are connected to our backup box by an internal vLAN and some are not so I just need to check if we have taken enough security precuations to prevent unauthorised access. This is what we've done so far:

a) On the Linux server to be backed up we have opened port 873 for rsync

b) We have opened the same port on the Windows server but only allowed access to the IP address of the Linux box that is connecting.

c) Within our rsyncd.conf file I have the following:

use chroot = true
strict modes = false
hosts allow = x.x.x.x (this is the IP of the connecting server)
hosts deny = *
log file = rsyncd.log
uid = 0
gid = 0
read only = false

# Module definitions
# Remember cygwin naming conventions : c:\work becomes /cygwin/c/work
#
#
#path = /cygdrive/c/work
#read only = false
#transfer logging = yes


path = /cygdrive/E/LinuxBackupSets/VirtualServers/vm140

d) We have created a Windows user with full control rights ONLY on the folder that is being used for the backup

Is this enough or is there anything else we are missing?

2) We would like to run the backups at scheduled times which we can do with a cron, the command we are using is "rsync -av /backup/cpbackup/* x.x.x.x::vm140backup". This has copied up all the files we need and is only copying changed and new files which is great. We would also like though to remove any files on the backup server that are no longer on the source server. Do we simply add the --delete flag so our command becomes "rsync -av --delete /backup/cpbackup/* x.x.x.x::vm140backup" ?

Many thanks in advance, looks like this is money well spent as we have been looking around for a while for a system such as yours!

Regards,

Phil Williams

itefix
Offline
Last seen: 21 min 9 sec ago
Joined: 01.05.2008 - 21:33
1. No need to open port 873

1. No need to open port 873 on your Linux server as it is a client in your scenario. An extra Windows user is not required either. Rsync services service account need to have change permissions on the target directory. You can use Prepare a directory for upload wizard from Start menu.

2. Yes --delete switch will do the job.