• 欢迎访问LLYCLOUD information technical share center (ITSC),Linux 安全,Linux 系统,推荐使用最新版火狐浏览器和Chrome浏览器访问本网站,欢迎加入LLYCLOUD QQ群
  • 如果您觉得本站非常有看点,那么赶紧使用Ctrl+D 收藏LLYCLOUD ITSC吧

13.rsync

Linux安全与高级应用 Akide_Liu 10个月前 (02-01) 226次浏览 0个评论

实验要求:

13.rsync

1.准备实验环境,配置ip地址,关闭iptables防火墙,关闭selinux,测试网络连通

 

13.rsync

13.rsync

2.在serverB上配置rsync源

<strong>[[email protected] Desktop]# vim /etc/rsync_userpasswd.txt 【创建登录用户认证文件】</strong>

<strong>qq:123456 【书写格式: 用户名:密码】</strong>

<strong>[[email protected] Desktop]# chmod 600 /etc/rsync_userpasswd.txt</strong>

<strong>[[email protected] Desktop]# vim /etc/rsyncd.conf 【创建主配置文件,需要手动添加!!!】</strong>

<strong>uid = nobody </strong>

<strong>gid = nobody</strong>

<strong>use chroot = yes</strong>

<strong>address = 192.168.4.200</strong>

<strong>port 873</strong>

<strong>log file = /var/log/rsyncd.log</strong>

<strong>pid file = /var/run/rsyncd.pid</strong>

<strong>hosts allow = 192.168.4.0/24</strong>

<strong>[wwwroot]</strong>

<strong> path = /usr/local/httpd/htdocs/ 【使用的是编译安装的Apache】</strong>

<strong> comment = Document Root of rsync.y2t21.com</strong>

<strong> read only = yes</strong>

<strong> dont compress = *.gz *.bz2 *.tgz *.zip *.rar *.z</strong>

<strong> auth users = qq</strong>

<strong>secrets file = /etc/rsync_userpasswd.txt</strong>

<strong>[[email protected] Desktop]# rsync –daemon 【开启rsync服务】</strong>

<strong>[[email protected] Desktop]# netstat -anpt | grep rsync</strong>

<strong>tcp 0 0 192.168.4.200:873 0.0.0.0:* LISTEN 3594/rsync </strong>

<strong>3.在serverA上尝试进行rsync连接</strong>

<strong>rsync命令的用法:</strong>

<strong>基本格式:rsync [选项] 原始位置 目标位置</strong>

<strong>常用选项:</strong>

<strong>-a:归档模式,递归并保留对象属性,等同于 -rlptgoD</strong>

<strong>-v:显示同步过程的详细(verbose)信息</strong>

<strong>-z:在传输文件时进行压缩(compress)</strong>

<strong>-H:保留硬连接文件</strong>

<strong>-A:保留ACL属性信息</strong>

<strong>--delete:删除目标位置有而原始位置没有的文件</strong>

<strong>--checksum:根据对象的校验和来决定是否跳过文件</strong>

<strong>常见参数是用avz --delete</strong>

<strong>配置源的两种表示方法</strong>

<strong>用户名@主机地址::共享模块名</strong>

<strong>rsync://用户名@主机地址/共享模块名</strong>

<strong>[[email protected] ~]# rsync -avz [email protected]::wwwroot /root</strong>

<strong>[[email protected] ~]# rsync -avz rsync://[email protected]/wwwroot /root</strong>

<strong>[[email protected] ~]# rsync -avz --delete [email protected]::wwwroot /root/</strong>

<strong>Password:123456 【输入密码】</strong>

<strong>./</strong>

<strong>index.html</strong>

<strong>sent 77 bytes received 196 bytes 78.00 bytes/sec</strong>

<strong>total size is 44 speedup is 0.16</strong>

<strong>测试成功</strong>

<strong>提示:免输入密码交换:--password-file= 密码文件</strong>

4.在serverA配置inotify-tools

inotify-tools 是为linux下inotify文件监控工具提供的一套c的开发接口库函数,同时还提供了一系列的命令行工具,这些工具可以用来监控文件系统的事件。 inotify-tools是用c编写的,除了要求内核支持inotify外,不依赖于其他。inotify-tools提供两种工具,一是 inotifywait,它是用来监控文件或目录的变化,二是inotifywatch,它是用来统计文件系统访问的次数。现在介绍一下它的使用方法。

[[email protected] ~]# tar -zxvf inotify-tools-3.14.tar.gz -C /usr/src/

[[email protected] ~]# cd /usr/src/inotify-tools-3.14/

[[email protected] inotify-tools-3.14]# ./configure && make && make install

5.对serverA的内核进行调整

[[email protected] ~]# vi /etc/sysctl.conf 【手动添加】

fs.inotify.max_queued_events = 16384

fs.inotify.max_user_instances = 1024

fs.inotify.max_user_watches = 1048576

查看

[[email protected] inotify-tools-3.14]# sysctl -p

net.ipv4.ip_forward = 0

net.ipv4.conf.default.rp_filter = 1

net.ipv4.conf.default.accept_source_route = 0

kernel.sysrq = 0

kernel.core_uses_pid = 1

net.ipv4.tcp_syncookies = 1

error: “net.bridge.bridge-nf-call-ip6tables” is an unknown key

error: “net.bridge.bridge-nf-call-iptables” is an unknown key

error: “net.bridge.bridge-nf-call-arptables” is an unknown key

kernel.msgmnb = 65536

kernel.msgmax = 65536

kernel.shmmax = 4294967295

kernel.shmall = 268435456

fs.inotify.max_queued_events = 16384

fs.inotify.max_user_instances = 1024

fs.inotify.max_user_watches = 1048576

6.配置inotify-tools进行监控

[[email protected] inotify-tools-3.14]# inotifywait -mrq -e modify,create,move,delete /usr/local/httpd/htdocs/

再开启一个终端,测试效果

bash-4.1# touch /usr/local/httpd/htdocs/1.html

[[email protected] inotify-tools-3.14]# inotifywait -mrq -e modify,create,move,delete /usr/local/httpd/htdocs/

/usr/local/httpd/htdocs/ CREATE 1.html 出现响应

参数解释:

-m,持续进行监控

-r,递归监控所有子对象

-q,简化输出信息

-e,指定要监控哪些事件类型

Modify修改

create创建

move移动

delete删除

7.配置ssh秘钥,避免交互认证

在serverB上创建qq用户并设置密码:

[[email protected] Desktop]# useradd qq

[[email protected] Desktop]# passwd qq

Changing password for user qq.

New password:

BAD PASSWORD: it is too simplistic/systematic

BAD PASSWORD: is too simple

Retype new password:

passwd: all authentication tokens updated successfully.

在serverA上使用root创建密钥对

13.rsync

上传公钥:

bash-4.1# scp /root/.ssh/id_rsa.pub [email protected]:/tmp

[email protected]’s password:

id_rsa.pub 100% 408 0.4KB/s 00:00

修改serversshd配置:

[[email protected] Desktop]# vim /etc/ssh/sshd_config

47 #RSAAuthentication yes

48 PubkeyAuthentication yes

49 AuthorizedKeysFile .ssh/authorized_keys

50 #AuthorizedKeysCommand non

将公钥导入公钥数据库

[[email protected] Desktop]# cat /tmp/id_rsa.pub >> /home/qq/.ssh/authorized_keys

[[email protected] Desktop]# cat /home/qq/.ssh/authorized_keys

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzdzNo5CHGMn47hKF5ZgiRuXVHh5tu2JC4vVTt3+L2hGoGe24x3kYtHtTG/6kKbCezJE8ABFfVVIDwH5hwe+ErV7NZJnq+MgFmy8gSGdDmnlqKLjU+ezmOCej4hUpbRy78nIwneCWaS0DKuf181uxXDlVdPQ1EjfHrkom9Zo03bAkrdQDkmNUWC57OLQbQsv2Z9y5iPNx6SCUJnTipV6CxCaqVk6qewDNBx4J+Y+i493KcifXED7OgWRKlSqdSjgFb5KBa3gh1VvQ0mtP/5Ez/YpZlwAzetZtbbqunk8BeJ9I6sNcHCILKo5iLNBlUxJZ5c7YC1sdAHIDBfmI6xbWUw== [email protected]

进行秘钥登录

13.rsync

[[email protected] ~]# chmod 777 /usr/local/httpd/htdocs/

[[email protected] ~]# chmod qq.qq /usr/local/httpd/htdocs/

编写脚本,进行自动化同步

[[email protected] ~]# vim rsync.sh

#!/bin/bash

INOTIFY_CMD=”inotifywait -mrq -e modify,create,attrib,move,delete /usr/local/httpd/htdocs “

RSYNC_CMD=”rsync -azH –delete /usr/local/httpd/htdocs [email protected]:/usr/local/httpd/htdoc

$INOTIFY_CMD | while read DIRECTORY EVENT FILE

do

if [ $(pgrep rsync | wc -l) -le 0 ] ; then

$RSYNC_CMD

fi

done

[[email protected] ~]# chmod +x rsync.sh 【添加执行权】

[[email protected] ~]# echo /root/rsync.sh >> /etc/profile 【设置开机启动】


Llycloud ITSC , 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权
转载请注明原文链接:13.rsync
喜欢 (1)
[]
分享 (0)
发表我的评论
取消评论

表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址