Prevention of outgoing file transfers?

[Duncan Grove]

Matt McCutchen wrote:
> On 4/27/07, Duncan Grove <duncan.grove at dsto.defence.gov.au> wrote:
>> Does anyone know if it is possible to firewall and/or configure rsync
>> via a web proxy using RSYNC_PROXY to prevent push mode file transfers
>> yet still allow pull mode?
>
>> I realise that data (hash values, etc) still goes from the intranet to
>> internet for the pull case but don't really mind about that. What I am
>> keen to guard against is the accidental use of rsync in push mode from
>> mirroring an internal repository to the Internet.
>
> RSYNC_PROXY affects connections directly to rsync daemons but not
> connections over SSH.  It would be possible (but would take a bit of
> work) to implement a proxy that looks inside rsync daemon connections
> and allows pulls while blocking pushes.  An rsync connection is a pull
> if and only if it includes the --sender option.
Righto, that's a possibility, thanks for the tip.

I haven't actually analysed the protocol on the wire yet but I see that 
in pull mode the --sender option is passed from client to server at 
http://samba.anu.edu.au/ftp/unpacked/rsync/options.c:server_options()... 
but as you say getting the proxy to correctly identify --sender in the 
protocol stream could be a fair bit of work...
> I think the most appropriate solution would be to install a wrapper
> script around rsync that refuses to push to hosts outside a set you
> specify.  This won't prevent a user from compromising the data in the
> repository if he/she really wants to, but it is likely to prevent most
> accidents.
Good idea. Thanks for you help.

Regards,
Duncan

IMPORTANT: This email remains the property of the Australian Defence Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT 1914.  If you have received this email in error, you are requested to contact the sender and delete the email.