Linux Security---rsync

1.rsync Synchronous Backup

1) Understanding Rsync

Rsync is an open source quick Backup tool

Function:

can mirror the entire directory tree between different hosts

Support for incremental backups

Maintain permissions, links, support transfer compression

More suitable for offsite backup, mirror server

2) rsync role:

Initiator: Responsible for initiating RYSNC synchronous operation client

Backup Source: The server responsible for responding to RYSNC requests

Direction of synchronization:

Upstream synchronization (upload): The backup source provides the target location of the document (data at the initiator), and the initiator uses the user must

The directory has Write permissions

Downstream synchronization (Download): The backup source is responsible for providing the original location of the document (data in the backup source), the initiator used by the user only

Need to have read access to data

3) Type of backup source: RYSNC source, SSH source

4) Basic usage of rsync:

Local

Rsync-av--delete data//tmp # #data是空目录,--delete quick Delete/tmp directory

rsync-av/etc/tmp/# #复制整个etc目录

rsync-av/etc//tmp # #f复制etc目录的内容

Remote Synchronous Backup: SSH

Grammar:

Downlink synchronization:

Rsync-avzh User @ip:data Local Directory

Upstream synchronization:

Rsync-avzh data User @ip:/remote host directory

Case: Download

Backup source operation:

Mkdir/opt/data

Touch/opt/data/{1..9}.txt

Useradd R_get

echo 123123 |passwd--stdin R_get

Rpm-qa rsync # #确认已经安装rsync软件

Netstat-uptln |grep 22

Confirm R_get User has read access to/opt/data

Initiator actions:

Rsync-avzh [Email protected]:/opt/data//tmp # #下载

Rsync-avzh [email protected]:/opt/data/tmp # #对比差异

Rsync-avzh [email protected]:/opt/data//tmp--delete # #保证数据一致, downlink

Synchronization is based on synchronization source

Case: Uploading

Backup source operation:

Mkdir/opt/data_bak

Useradd R_put

echo 123123 |passwd--stdin r_put

Setfacl-m U:r_put:rwx/opt/data_bak # #确保用户对目标目录有写入权限

Getfacl/opt/data_bak

Ensure that rsync and sshd are normal

Initiator actions:

Mkdir/data

Touch/data/{1..9}.avi

rsync-avzh/data [Email Protected]:/opt/data_bak

rsync-avzh/data/[Email Protected]:/opt/data_bak

rsync-avzh/data/[Email Protected]:/opt/data_bak--delete

Verify the results on the backup source.

Case: SSH key pair authentication after rsync synchronization

SSH-KEYGEN-T RSA

Ssh-copy-id [email protected] # #给下载用户上传公钥匙

Ssh-copy-id [Email protected]2.168.100.151

SSH [email protected] # #登录验证, R_put

Perform rssync synchronization validation:

vi/root/bin/rsync.sh

#!/bin/bash

rsync-avzh/data/[Email Protected]:/opt/data_bak--delete

Rsync-avzh [email protected]:/opt/data//tmp--delete

grep rsync/var/spool/cron/root

If [$?-ne 0];then

echo "0 * * 6/root/bin/rsync.sh &>/var/log/rsync.log" >/var/spool/cron/root

: Wq

chmod +x/root/bin/rsync.sh

2.inotify+rsync Real-time synchronization: Upstream synchronization

1) Install Inotify-tools

Tar zxvf inotify-tools-*.tar.gz-c/usr/src/

cd/usr/src/inotify-tools-*/

./configure &&make &&amake Install

ls/usr/local/bin/inotify*

2) Use of inotify:

Vi/etc/sysctl.conf

Fs.inotify.max_queued_envents = 16384

Fs.inotify.max_user_instances = 1024

Fs.inotify.max_user_watches = 1048576

: Wq

Sysctl-p

INOTIFYWAIT-MRQ-E modify,create,attrib,move,delete/root/data ##-m Continuous monitoring, R recursion

Directory, q simplifies output,-e Specifies monitoring events: Modify modification, create creation, attrib permission modification, move move,

Delete Deletes; manipulate files at other terminals to view changes

vi rsync_inotify.sh # #实时同步脚本

#!/bin/bash

rsync= "rsync-avzh/root/data/[email protected]:/opt/data_bak/--delete"

int_cmd= "Inotifywait-mrq-e modify,create,move,delete,attrib/root/data/"

$INT _cmd |while Read Direcotry EVENT file;do

$RSYNC

Done

: Wq

chmod +x rsync_inotify.sh

Rsync_inotify.sh & # #启动脚本

Test validation.

This article is from the "Lp-linux" blog, make sure to keep this source http://linuxlp.blog.51cto.com/11463376/1773921

Linux Security---rsync