mskenderian
Contributor
- Joined
- May 24, 2013
- Messages
- 100
Iam trying to lock down my box while using rsync. Moving data from windows box to freenas. I am using DeltaCopy.
1) So making a new profile for the transfer, i notices, if anyone types in the boxes hostname, they can see all the rsync module i have created (i dont like this).
2) I setup user auth. works great. but i need to create a file on the local disk. with the username and passwords. and at restart, the files are gone. FreeNAS wiki says to look at additional parameters from rsyncd.conf(5). which states i need to add secrets file = /etc/rsyncd.secrets. so one issue is that on restart my newly created secrets file is gone. plus i dont even care for the auth rsync uses, because they state
4) Given the weak security of the user auth. I rather setup rsync via SSH. and only SSH. How can i set this up while blocking anyone trying to connect to rsync without ssh?
Summary of Issues:
1) anyone can see my module names from with in the network.
2) Rsync Auth doesnt work cuase the secrets file gets delete on restart
3) Hosts Deny keyword ALL does not work as stated in the tool tip windows in freenas (0.0.0.0/0 works)
4) how can i deny all access expect if they are connect via SSH
1) So making a new profile for the transfer, i notices, if anyone types in the boxes hostname, they can see all the rsync module i have created (i dont like this).
2) I setup user auth. works great. but i need to create a file on the local disk. with the username and passwords. and at restart, the files are gone. FreeNAS wiki says to look at additional parameters from rsyncd.conf(5). which states i need to add secrets file = /etc/rsyncd.secrets. so one issue is that on restart my newly created secrets file is gone. plus i dont even care for the auth rsync uses, because they state
3) Another Issues under the rsync module settings for Hosts Deny it says"The authentication protocol used in rsync is a 128 bit MD4 based challenge response system." rather do SSH.
The keyword ALL does not work. I dont know if its a bug, or a typo. but 0.0.0.0/0 does work."This option is a comma, space, or tab delimited set of host which are NOT permitted to access this module. Where the lists conflict, the allow list takes precedence. In the event that it is necessary to deny all by default, use the keyword ALL (or the netmask 0.0.0.0/0) and then explicitly specify to the hosts allow parameter those hosts that should be permitted access. Leave this field empty to use default settings"
4) Given the weak security of the user auth. I rather setup rsync via SSH. and only SSH. How can i set this up while blocking anyone trying to connect to rsync without ssh?
Summary of Issues:
1) anyone can see my module names from with in the network.
2) Rsync Auth doesnt work cuase the secrets file gets delete on restart
3) Hosts Deny keyword ALL does not work as stated in the tool tip windows in freenas (0.0.0.0/0 works)
4) how can i deny all access expect if they are connect via SSH