I'm just playing around setting up a cluster and noticed that rsync is spawned with no type of password authentication or ip limits to allow the sync:
# ps -fe | grep rsync
mysql 20370 1 0 19:29 ? 00:00:00 rsync --daemon --port 4444 --config /mysql/data//rsync_sst.conf
mysql 20393 20370 0 19:29 ? 00:00:00 rsync --daemon --port 4444 --config /mysql/data//rsync_sst.conf
mysql 20394 20393 21 19:29 ? 00:02:26 rsync --daemon --port 4444 --config /mysql/data//rsync_sst.conf
# cat /mysql/data//rsync_sst.conf
pid file = /mysql/data//rsync_sst.pid
use chroot = no
[rsync_sst]
path = /mysql/data/
read only = no
timeout = 300
uid = 110
gid = 113
#
On a totally unrelated node:
# rsync -L rsync://somenode:4444/rsync_sst
drwxr-xr-x 4096 2012/02/29 19:29:24 .
-rw-rw---- 6490 2012/02/29 19:30:37 somenode.err
-rw------- 134219048 2012/02/29 19:41:04 galera.cache
-rw-rw---- 115 2012/02/29 19:29:23 grastate.dat
-rw-rw---- 140 2012/02/29 19:29:23 rsync_sst.conf
-rw-rw---- 6 2012/02/29 19:29:23 rsync_sst.pid
-rw-rw---- 59 2012/02/29 19:29:23 sst.err
drwxr-xr-x 4096 2012/02/29 19:29:59 db0005
drwxr-xr-x 20480 2012/02/29 19:41:07 db0004
drwxr-xr-x 4096 2012/02/29 19:29:24 db0003
drwxr-xr-x 4096 2012/02/29 19:29:24 db0002
drwxr-xr-x 4096 2012/02/29 19:29:24 db0001
drwxr-xr-x 4096 2012/02/29 19:29:24 mysql
#
In the rsync conf file shouldn't the server be chrooted and also have it's access restricted to only allow connections from the donor?
No comments:
Post a Comment