The company has internal and external networks, and currently wants to allow free transfer of external files to the internal network, but not allow free transfer of internal files to the external network, so I want to build a file server for external transfer, so I found some articles on the Internet and combined Some records of the actual process.
1. Prerequisites and precautions:
1. Pay attention to the firewall to allow services such as rsyncd, samba, etc., if there are unknown errors in the middle, you can try setenforce 0.
2. Two linux servers, one internal network and one external network. I use two centos7.9 virtual machines
. 3. Note that the network must be tested first. When I did this, the setting of the gatekeeper was wrong. As a result, a lot of time was wasted. First verify whether the network can be connected through telnet port 873, as long as the external server can telnet to port 873 of the internal server.
4. The source end does not need to run the rsyncd listener, but the inotify.sh script needs to be executed, and the destination end needs to open the rsyncd listener, without running the script.
Second, the installation and configuration process
-
Intranet server
1. Install the software yum install -y rsync inotify-tools
2. Edit rsyncd.conf, as follows:
[wzn] This name is very important, and it is used when the source transmits data. Pay attention to the dst
#外at the script The network is automatically transferred to the intranet. The file
uid = root must be root here, not the same as auth users
gid = root must be root
path=/data/wznfile The directory can be defined by yourself
comment = wzn file
#ignore errors
read only = no
write only = no
hosts allow = * You can not restrict it at the
beginning #list = false
auth users = wzn user name set your own
secrets file =/etc/rsync.pass password file location3.创建目录 mkdir -p /data/wznfile 4.创建用户名密码文件,内网侧也即rsync服务端需要同时有用户名和密码 echo “wzn:123456” > /etc/rsync.password chmod -R 600 /etc/rsync.password #必须设置为600,否则会报错 5.启动服务 rsync --daemon systemctl start rsyncd systemctl enable rsyncd.service
-
The installation process of the external network server
1. Install the software yum install -y rsync inotify-tools
2. Create the directory mkdir -p /data/wznfile
3. Create a password file, the external network side that is the local file transfer to the rsync server only need to have The password can be
echo "123456"> /etc/rsync.password
chmod -R 600 /etc/rsync.password must be set to 600, otherwise an error will be reported
5. Write the inotify monitoring script
vim inotify.sh
#!/bin/bash
ip= 192.168.1.21
src=/data/wwfile/ #The last / symbol means to transfer the files in this folder to the opposite end, otherwise the entire folder is transferred
dst=wzn #Not the path, but the configuration in the intranet server rsyncd.conf The module name is the name in []
user=wzn
/usr/bin/inotifywait -mrq --timefmt'%d/%m/%y %H:%M' --format'%T %w%f' -e modify,delete,create,attrib ${src} | while read file
do
rsync -vzrtopg --delete --progress $src $user@$ip::$dst --password-file=/etc/rsync.password> /dev/null && echo "$src was rsyncd" # Can be used during debugging >/del/null is deleted to show the error log
done检查脚本 bash -x /scripts/inotify.sh 6.创建目录 mkdir -p /data/wwfile 7.执行脚本,在对应文件夹写入文件,查看内网服务器上是否有文件,查看日志信息。
-
On the source side, the virtual machine setting script starts automatically after booting. The
/etc/rc.d/rc.local file will be run after all services of the Linux system are started. So if you want your script to be run after booting, you can add your script path to the file.
chmod +x /etc/rc.d/rc.local adds executable permissions to this fileecho 'nohup /bin/bash /scripts/inotify.sh' >> /etc/rc.d/rc.local 执行脚本的命令追加到这个文件 重启执行命令查询有没有运行脚本,注意不是查询rsyncd ps -ef | grep inotify
-
Install and configure samba at the source and destination at the same time
1. Install yum install -y samba2.配置 vi /etc/samba/smb.conf 增加以下内容 [hzh-ww-file] path=/data/wznfile browseable = yes writable = yes valid user = hzh 3.添加用户 useradd -s /sbin/nologin hzh 必须先创建系统层面的hzh账号 pdbedit -a -u hzh 设置hzh用户的smaba密码 4.设置开机启动 systemctl enable samba
-
Add the allowed service port of the
firewall firewall-cmd --add-service samba --permanent
firewall-cmd --reloadClose selinux, the next restart will remain closed
vim /etc/sysconfig/selinux This is a soft link, link to /etc/selinux/configSELINUX=disabled
The following commands are the same as above, just press one of them to do
vim /etc/selinux/config #permanently close selinuxset SELINUX=disabled #SELINUX=enforcing改为SELINUX=disabled
Reference document:
samba https://www.cnblogs.com/kevingrace/p/8550810.html