Prevention of outgoing file transfers?
hashproduct+rsync at gmail.com
Fri Apr 27 22:06:15 GMT 2007
On 4/27/07, Duncan Grove <duncan.grove at dsto.defence.gov.au> wrote:
> Does anyone know if it is possible to firewall and/or configure rsync
> via a web proxy using RSYNC_PROXY to prevent push mode file transfers
> yet still allow pull mode?
> I realise that data (hash values, etc) still goes from the intranet to
> internet for the pull case but don't really mind about that. What I am
> keen to guard against is the accidental use of rsync in push mode from
> mirroring an internal repository to the Internet.
RSYNC_PROXY affects connections directly to rsync daemons but not
connections over SSH. It would be possible (but would take a bit of
work) to implement a proxy that looks inside rsync daemon connections
and allows pulls while blocking pushes. An rsync connection is a pull
if and only if it includes the --sender option.
Since SSH connections are encrypted, an rsync push looks just like any
other SSH connection to a firewall; there's no way to block rsync
pushes without blocking all SSH traffic.
I think the most appropriate solution would be to install a wrapper
script around rsync that refuses to push to hosts outside a set you
specify. This won't prevent a user from compromising the data in the
repository if he/she really wants to, but it is likely to prevent most
The quick-and-dirty approach would be to refuse if the last argument
begins with HOST: , HOST:: , or rsync://HOST/ and HOST is not on the
safe list. However, this assumes that the last argument is the
destination; this won't be true if users pass additional options after
More information about the rsync