Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
Does rsync create a security risk?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Does rsync create a security risk? (Read 4416 times)
ams123
Newbie
Posts: 4
Karma: 0
Does rsync create a security risk?
«
on:
October 27, 2018, 11:19:36 pm »
Was thinking of installing rsync on my opnsense install for backup of my configuration. Does that create any external WAN security risk? I assume it only opens a port on the LAN side but wanted to get some input before installing.
Logged
Evil_Sense
Full Member
Posts: 112
Karma: 15
Re: Does rsync create a security risk?
«
Reply #1 on:
October 27, 2018, 11:23:14 pm »
Well rsync is just like scp a tool (& protocol) to transmit data (securely) it doesn't open any ports, there's rsyncd which is a deamon that listens for incoming connections ..
Logged
franco
Administrator
Hero Member
Posts: 17672
Karma: 1612
Re: Does rsync create a security risk?
«
Reply #2 on:
October 29, 2018, 08:20:15 am »
The answer is yes, but then again any client exfiltrating data or server that lets users exfiltrate data is a potential security disaster waiting to happen if misconfigured / vulnerable. You can even think MITM for innocent clients dropping your private data somewhere they shouldn't.
That being said, you'll be fine, because a potential risk is inherent with what you are trying to achieve.
Don't open ports to WAN, trust your LAN clients / network / administrator and you'll be fine.
Cheers,
Franco
«
Last Edit: October 29, 2018, 08:37:23 pm by franco
»
Logged
schnipp
Sr. Member
Posts: 374
Karma: 19
Re: Does rsync create a security risk?
«
Reply #3 on:
October 29, 2018, 07:23:29 pm »
Yes it does. Rsync does not provide any security for data in transit. So, direct use over networks could be dangerous. You need to encapsulate data transfer into an encrypted channel for confidentiality and integrity (e.g. ssh or stunnel). Furthermore, keep proper authentication in mind.
Logged
OPNsense 24.7.9_1-amd64
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Does rsync create a security risk?
«
Reply #4 on:
October 29, 2018, 07:59:19 pm »
What may work is that you can use the nginx plugin version 1.4 in the future to encrypt the connection using TLS. Since rsync is not aware of it, you will have to do it on both sides. Another option is tunnelling over SSH.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
Does rsync create a security risk?