Posts Tagged ‘Short’

Short history on how 8 of March Woman International Day (IWD) made up feast replaced the Real Woman Day celebrated on the Christian feast of Annunciation

Wednesday, March 8th, 2023

International Woman's day short history - 8 of march beautiful flowers - Triumph of Woman
International Woman's Day was first observed in 1911, by more than a million people around the world.
​Today is therefore the centennial observance, which is being celebrated with events in more than 100 countries, including Israel.

The International Woman Day (IWD) or the Triumph of Women has been growing as a great day to celebrate the achievemts of woman in history and their significance but most people know little or near nothing regarding that feast, that was disguised by the free world as it was connected to Communist countries of the United States of Soviet Republic (USSR) and today's People's Republic of China and Vietnam and only in 1975 accepted to be the International Woman Day be the United Nations.

Origin of 8 of March Woman's day

The earliest reported Women's Day observance, called "National Woman's Day", was held on February 28, 1909, in New York City, organized by the Socialist Party of America[14] at the suggestion of activist Theresa Malkiel.There have been claims that the day was commemorating a protest by women garment workers in New York on March 8, 1857, but researchers have alleged this to be a myth intended to detach International Women's Day from its socialist origin.

In August 1910, an International Socialist Women's Conference was organized ahead of the general meeting of the Socialist Second International in Copenhagen, Denmark. However, what made history for the modern celebration of International Women's Day, according to the ILO, was the fire at the Triangle Shirtwaist factory in New York City on March 25, 1911, which killed 146 young workers, most of whom were immigrants.
Inspired in part by the American socialists, German delegates Clara Zetkin, Käte Duncker, Paula Thiede, and others proposed the establishment of an annual "Women's Day", although no date was specified. The 100 delegates, representing 17 countries, agreed with the idea as a strategy to promote equal rights, including women's suffrage.
 
The following year, on March 19, 1911, the first International Women's Day was marked by over a million people in Austria, Denmark, Germany, and Switzerland. In Austria-Hungary alone, there were 300 demonstrations,with women parading on the Ringstrasse in Vienna, carrying banners honoring the martyrs of the Paris Commune. Across Europe, women demanded the right to vote and to hold public office, and protested against employment sex discrimination.
IWD initially had no set date, though it was generally celebrated in late February or early March. Americans continued to observe "National Women's Day" on the last Sunday in February, while Russia observed International Women's Day for the first time in 1913, on the last Saturday in February (albeit based on the Julian calendar, as in the Gregorian calendar, the date was March 8).

In 1914, International Women's Day was held on March 8 for the first time in Germany, possibly because that date was a Sunday. As elsewhere, Germany's observance was dedicated to women's right to vote, which German women did not win until 1918. Concurrently, there was a march in London in support of women's suffrage, during which Sylvia Pankhurst was arrested in front of Charing Cross station on her way to speak in Trafalgar Square.

8 of March in Modern Times the socialist faux for Annunciation

However as the Soviet system of USSR collapsed in the 1992, the feast started to take heet among other Western countries quickly, now to the point that even some country regions in Western europe do celebrate 8 of March in some kind of a form, today it is under some form celebrated or marked to more than 100+ countries.

The feast started originally in America (United States) on 27 February 1909 in New Year and has walked its way until it become official with many turmoils, public strikes of woman and woman rage. A key

What has to be said is 8 of March has been a Public feast of Great importance among all the countries from Soviet Russia (USSR) and its satellites for many years now. 

In ex-USSR not venerating the woman nearby by at least flower giving is near a crime deed, and even for a traditionally Orthodox Christian countries, where there is already a feast of triumph and Veneration of woman the day of Annunciation, 8 of March is continuously celebrated even though nowadays the original meaning of the feast as a riot of woman against unequality in socity has nearly turn to a cult towards the woman for a day.

Every year, thousands of inhabitants of the planet will celebrate a world holiday – International Women's Day, which is celebrated on March 8.

But we as Christians who live in the Church should celebrate the feast of the saint commemorated respectively and not the public holiday, which of this year is Saint Teophilakt (Bishop of Necomedia).

Many of the Christian women will accept flowers from their husbands and children, many of them especially from ex-Soviet space will celebrate women's day and even require, their portion of flowers or feel ignored if they don't.

We will celebrate it too, wishfully or not almost forced  … forgetting that the real day of the Mother and the woman is on March 25 on the Great and Beautiful feast of Annunciation, the date on which the Holy Theotokos (Virgin Mary) has received the Angel with the good news that she is about to become a Mother of The Lord Jesus Christ.

For the historical reference it is worthy to make a short historic review of the International Woman Day, for those who still value the feast as a feast that fits well together with the Christian doctrines.

March 8 – Women's Day, this holiday was first celebrated on February 28, 1909 in the USA at the initiative of the American Socialist Party and later become one of the leverages for Communist party worldwide to put attractiveness to their agendas.

The idea of creating an international women's day appeared after the rapid industrialization and economic expansion of the early 20th century, which gave rise to woman protests for the improvement of working conditions.

Historic time of the day is associated with the first mass demonstration of women workers, which took place on March 8, 1857 in New York.

Women from sewing and textile enterprises come out to protest against poor working conditions and low wages, which had a good point as America was a country which still tolerated even Black slavery of the time.

The female workers protesters were attacked and dispersed by the police, as this was seen as a social misconduct dangerous for society by the police officers back then.

Two years later, on the same month, these women formed their first trade union.

In the following years, other protests followed, the most famous of which was in 1908, when women organized a march through New York with demands for a shorter working day, better payment fees and the right to vote.

In 1965, March 8 was officially announced as a non-working day and women's holiday in the USSR. And even today the day is non-working in Russia and other countries of the former Soviet Union – Belarus, Moldova, Kazakhstan, Kyrgyzstan, Tajikistan, Ukraine, as well as in Macedonia and Mongolia etc as well as in Communist China and Vietnam.

In my homeland country Bulgaria (the history of the feast is entangled with the history of socialist oriented parties in it).
March 8 was initially "celebrated" with orgnized public talks in a narrow circle of socialists in 1911, in 1915 was the first public celebration, but the kingship and government back of the day did not look well towards this trend, even though tolerated it.

As a general standard Bulgarian holiday, March 8 began to be celebrated after September 9, 1944 with the raise of communism (and the communist revolution – that was very much externally imported by the USSR sent agents) at the finalizing days of World War II.

At first, following the trend of the newly installed pro-bolshevik governments, different meetings were held in various nationalized enterprises, factories, and institutions, where the contribution of women in production, culture, science, and public life was taken into account and praised.

After 1960, the celebration took on particularly wide proportions and became a favorite holiday of women and men of all ages, especially in government offices, perhaps also as an attempts for communist to show the betternes of the socialist regime installed in the country. To reinburse the feeling of the importance of the feast the day was made official non-working day, together with other partheon of imaginative feasts without much meaning, like is for example 1st of March, The day of Labor, the day of the Shepherd and other artificial communist party members made up ones.

The day since then has become a public holiday in Albania, Armenia, Azerbaijan, Belarus, Bosnia and Herzegovina, Cameroon, Kazakhstan, China, Kyrgyzstan, Cuba, Macedonia, Moldova, Mongolia, Poland, Russia, Serbia, Tajikistan, Ukraine, Uzbekistan, Montenegro and Vietnam.

As the Communist led countries parties did not have a good set of traditions, they had to set new ones and started the trend to celebrate the feast through men giving flowers to the women around them – mothers, wives, girlfriends, colleagues. As the times of Communist isolation and dictatorship in this countries was harsh time for the people, any kind of feast that can give some freshness to the gray daily routine of the working class was well and quickly accepted by society.

Gifting a flower was also advantegous for many people, as this was another way to sell flowers and make some extra cash for the poor 🙂

Internetioanl Woman Day in some of the mentioned countries including Bulgaria in the past was celebrated as the equivalent of Mother's Day, where children give small gifts to their mothers and grandmothers.

And I remember when I was still in the kindergarden, we had a task to prepare special post-cards for mom with a photo of ourselves and a written text like “Mother I love you”.

After reading this short story, it will not become clear, but for the elder people it was that the holiday was not really of a big importance and was one of the many inventions of the party to build the new communist man “homo sovieticus”.

Why 8 of March was not a considered big deal in the past?

Because in 1944, the socialist party changed a traditional holiday in Bulgaria, Mother's Day, and instead of the Annunciation, that was already a public holiday dedicated to the mother / women on 25 of March, the date was moved to March 8.

A proof to that is in history, here is what was said in a message to Radio Sofia in year 1943.
– "On the Annunciation., His Eminence Metropolitan Stefan will celebrate in the metropolitan church "Saint Sophia", a temple holiday of the same, the bishop's Holy Liturgy, and the day before – a great bishop's vespers with Pentecost at 6 p.m. In 4:30 p.m. on the occasion of Mother's Day, on behalf of the church and the women's committee from the brotherhood, our famous writer and public figure Konstantin Petkanov will speak in the "Saint Sophia" church, on the topic: The Christian heart of the Bulgarian woman ". Before and after the story, the church choir will perform appropriate chants.”

This is how our ancestors celebrated mother's day, on the day of the Mother of God, when the archangel announced the great joy that the Messiah would come to redeem the world from sin. And about whether the Christian woman is equal to the man, that should be clear, for anything who has a head. By simple physiologyand psycho-somatism, woman and man are different, however in spiritual sense in the eyes of God both male and female are equal and wonderfully made by the Good god.
A proof for the spiritual equality of man and woman are the words of Saint Apostle Paul, who says:

"There is neither Jew nor Greek; there is neither slave nor free; there is neither male nor female; for you are all one in Christ Jesus." (Gal. 3:28).

In the Church, this is also the interesting and captivating thing, that everyone has their place there where he is set on, their work, their home, everyone is given his own talent to develop.

Eight of March Epitaph

Showing respect and appreciation for a woman by bying her a flower on 8th of March is a good thing, but then again this can be done any other day and each of us man who love and venerate our mothers and wifes do it every now and then.
There is also little known facts, that one who digs deeper in history of 8 of March will certainly found, which can stun him and not everything around the feast is so white and shiny as most people thing nowadays. 
But of course it is rather better to make the flower gift on the true feast when the Church and the elements and universe together with it celebartes it, and on the date when our ancestors venerated their woman too for hundreds of years before us on the Annunciation.

Monitoring Linux hardware Hard Drives / Temperature and Disk with lm_sensors / smartd / hddtemp and Zabbix Userparameter lm_sensors report script

Thursday, April 30th, 2020

monitoring-linux-hardware-with-software-temperature-disk-cpu-health-zabbix-userparameter-script

I'm part of a  SysAdmin Team that is partially doing some minor Zabbix imrovements on a custom corporate installed Zabbix in an ongoing project to substitute the previous HP OpenView monitoring for a bunch of Legacy Linux hosts.
As one of the necessery checks to have is regarding system Hardware, the task was to invent some simplistic way to monitor hardware with the Zabbix Monitoring tool.  Monitoring Bare Metal servers hardware of HP / Dell / Fujituse etc. servers  in Linux usually is done with a third party software provided by the Hardware vendor. But as this requires an additional services to run and sometimes is not desired. It was interesting to find out some alternative Linux native ways to do the System hardware monitoring.
Monitoring statistics from the system hardware components can be obtained directly from the server components with ipmi / ipmitool (for more info on it check my previous article Reset and Manage intelligent  Platform Management remote board article).
With ipmi
 hardware health info could be received straight from the ILO / IDRAC / HPMI of the server. However as often the Admin-Lan of the server is in a seperate DMZ secured network and available via only a certain set of routed IPs, ipmitool can't be used.

So what are the other options to use to implement Linux Server Hardware Monitoring?

The tools to use are perhaps many but I know of two which gives you most of the information you ever need to have a prelimitary hardware damage warning system before the crash, these are:
 

1. smartmontools (smartd)

Smartd is part of smartmontools package which contains two utility programs (smartctl and smartd) to control and monitor storage systems using the Self-Monitoring, Analysis and Reporting Technology system (SMART) built into most modern ATA/SATA, SCSI/SAS and NVMe disks

Disk monitoring is handled by a special service the package provides called smartd that does query the Hard Drives periodically aiming to find a warning signs of hardware failures.
The downside of smartd use is that it implies a little bit of extra load on Hard Drive read / writes and if misconfigured could reduce the the Hard disk life time.

 

linux:~#  /usr/sbin/smartctl -a /dev/sdb2
smartctl 6.6 2017-11-05 r4594 [x86_64-linux-4.19.0-5-amd64] (local build)
Copyright (C) 2002-17, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Device Model:     KINGSTON SA400S37240G
Serial Number:    50026B768340AA31
LU WWN Device Id: 5 0026b7 68340aa31
Firmware Version: S1Z40102
User Capacity:    240,057,409,536 bytes [240 GB]
Sector Size:      512 bytes logical/physical
Rotation Rate:    Solid State Device
Device is:        Not in smartctl database [for details use: -P showall]
ATA Version is:   ACS-3 T13/2161-D revision 4
SATA Version is:  SATA 3.2, 6.0 Gb/s (current: 3.0 Gb/s)
Local Time is:    Thu Apr 30 14:05:01 2020 EEST
SMART support is: Available – device has SMART capability.
SMART support is: Enabled

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

General SMART Values:
Offline data collection status:  (0x00) Offline data collection activity
                                        was never started.
                                        Auto Offline Data Collection: Disabled.
Self-test execution status:      (   0) The previous self-test routine completed
                                        without error or no self-test has ever
                                        been run.
Total time to complete Offline
data collection:                (  120) seconds.
Offline data collection
capabilities:                    (0x11) SMART execute Offline immediate.
                                        No Auto Offline data collection support.
                                        Suspend Offline collection upon new
                                        command.
                                        No Offline surface scan supported.
                                        Self-test supported.
                                        No Conveyance Self-test supported.
                                        No Selective Self-test supported.
SMART capabilities:            (0x0002) Does not save SMART data before
                                        entering power-saving mode.
                                        Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
                                        General Purpose Logging supported.
Short self-test routine
recommended polling time:        (   2) minutes.
Extended self-test routine
recommended polling time:        (  10) minutes.

SMART Attributes Data Structure revision number: 1
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x0032   100   100   000    Old_age   Always       –       100
  9 Power_On_Hours          0x0032   100   100   000    Old_age   Always       –       2820
 12 Power_Cycle_Count       0x0032   100   100   000    Old_age   Always       –       21
148 Unknown_Attribute       0x0000   100   100   000    Old_age   Offline      –       0
149 Unknown_Attribute       0x0000   100   100   000    Old_age   Offline      –       0
167 Unknown_Attribute       0x0000   100   100   000    Old_age   Offline      –       0
168 Unknown_Attribute       0x0012   100   100   000    Old_age   Always       –       0
169 Unknown_Attribute       0x0000   100   100   000    Old_age   Offline      –       0
170 Unknown_Attribute       0x0000   100   100   010    Old_age   Offline      –       0
172 Unknown_Attribute       0x0032   100   100   000    Old_age   Always       –       0
173 Unknown_Attribute       0x0000   100   100   000    Old_age   Offline      –       0
181 Program_Fail_Cnt_Total  0x0032   100   100   000    Old_age   Always       –       0
182 Erase_Fail_Count_Total  0x0000   100   100   000    Old_age   Offline      –       0
187 Reported_Uncorrect      0x0032   100   100   000    Old_age   Always       –       0
192 Power-Off_Retract_Count 0x0012   100   100   000    Old_age   Always       –       16
194 Temperature_Celsius     0x0022   034   052   000    Old_age   Always       –       34 (Min/Max 19/52)
196 Reallocated_Event_Count 0x0032   100   100   000    Old_age   Always       –       0
199 UDMA_CRC_Error_Count    0x0032   100   100   000    Old_age   Always       –       0
218 Unknown_Attribute       0x0032   100   100   000    Old_age   Always       –       0
231 Temperature_Celsius     0x0000   097   097   000    Old_age   Offline      –       97
233 Media_Wearout_Indicator 0x0032   100   100   000    Old_age   Always       –       2104
241 Total_LBAs_Written      0x0032   100   100   000    Old_age   Always       –       1857
242 Total_LBAs_Read         0x0032   100   100   000    Old_age   Always       –       1141
244 Unknown_Attribute       0x0000   100   100   000    Old_age   Offline      –       32
245 Unknown_Attribute       0x0000   100   100   000    Old_age   Offline      –       107
246 Unknown_Attribute       0x0000   100   100   000    Old_age   Offline      –       15940

SMART Error Log Version: 1
No Errors Logged

SMART Self-test log structure revision number 1
No self-tests have been logged.  [To run self-tests, use: smartctl -t]

Selective Self-tests/Logging not supported

 

2. hddtemp

 

Usually if smartd is used it is useful to also use hddtemp which relies on smartd data.
 The hddtemp program monitors and reports the temperature of PATA, SATA
 or SCSI hard drives by reading Self-Monitoring Analysis and Reporting
 Technology (S.M.A.R.T.)
information on drives that support this feature.
 

linux:~# /usr/sbin/hddtemp /dev/sda1
/dev/sda1: Hitachi HDS721050CLA360: 31°C
linux:~# /usr/sbin/hddtemp /dev/sdc6
/dev/sdc6: KINGSTON SV300S37A120G: 25°C
linux:~# /usr/sbin/hddtemp /dev/sdb2
/dev/sdb2: KINGSTON SA400S37240G: 34°C
linux:~# /usr/sbin/hddtemp /dev/sdd1
/dev/sdd1: WD Elements 10B8: S.M.A.R.T. not available

 

 

3. lm-sensors / i2c-tools 

 Lm-sensors is a hardware health monitoring package for Linux. It allows you
 to access information from temperature, voltage, and fan speed sensors.
i2c-tools
was historically bundled in the same package as lm_sensors but has been seperated cause not all hardware monitoring chips are I2C devices, and not all I2C devices are hardware monitoring chips.

The most basic use of lm-sensors is with the sensors command

 

linux:~# sensors
i350bb-pci-0600
Adapter: PCI adapter
loc1:         +55.0 C  (high = +120.0 C, crit = +110.0 C)

 

coretemp-isa-0000
Adapter: ISA adapter
Physical id 0:  +28.0 C  (high = +78.0 C, crit = +88.0 C)
Core 0:         +26.0 C  (high = +78.0 C, crit = +88.0 C)
Core 1:         +28.0 C  (high = +78.0 C, crit = +88.0 C)
Core 2:         +28.0 C  (high = +78.0 C, crit = +88.0 C)
Core 3:         +28.0 C  (high = +78.0 C, crit = +88.0 C)

 


On CentOS Linux useful tool is also  lm_sensors-sensord.x86_64 – A Daemon that periodically logs sensor readings to syslog or a round-robin database, and warns of sensor alarms.

In Debian Linux there is also the psensors-server (an HTTP server providing JSON Web service which can be used by GTK+ Application to remotely monitor sensors) useful for developers
psesors-server

psensor-linux-graphical-tool-to-check-cpu-hard-disk-temperature-unix

If you have a Xserver installed on the Server accessed with Xclient or via VNC though quite rare,
You can use xsensors or Psensora GTK+ (Widget Toolkit for creating Graphical User Interface) application software.

With this 3 tools it is pretty easy to script one liners and use the Zabbix UserParameters functionality to send hardware report data to a Company's Zabbix Sserver, though Zabbix has already some templates to do so in my case, I couldn't import this templates cause I don't have Zabbix Super-Admin credentials, thus to work around that a sample work around is use script to monitor for higher and critical considered temperature.
Here is a tiny sample script I came up in 1 min time it can be used to used as 1 liner UserParameter and built upon something more complex.

SENSORS_HIGH=`sensors | awk '{ print $6 }'| grep '^+' | uniq`;
SENSORS_CRIT=`sensors | awk '{ print $9 }'| grep '^+' | uniq`; ;SENSORS_STAT=`sensors|grep -E 'Core\s' | awk '{ print $1" "$2" "$3 }' | grep "$SENSORS_HIGH|$SENSORS_CRIT"`;
if [ ! -z $SENSORS_STAT ]; then
echo 'Temperature HIGH';
else 
echo 'Sensors OK';
fi 

Of course there is much more sophisticated stuff to use for monitoring out there


Below script can be easily adapted and use on other Monitoring Platforms such as Nagios / Munin / Cacti / Icinga and there are plenty of paid solutions, but for anyone that wants to develop something from scratch just like me I hope this
article will be a good short introduction.
If you know some other Linux hardware monitoring tools, please share.

Rsync copy files with root privileges between servers with root superuser account disabled

Tuesday, December 3rd, 2019

 

rsync-copy-files-between-two-servers-with-root-privileges-with-root-superuser-account-disabled

Sometimes on servers that follow high security standards in companies following PCI Security (Payment Card Data Security) standards it is necessery to have a very weird configurations on servers,to be able to do trivial things such as syncing files between servers with root privileges in a weird manners.This is the case for example if due to security policies you have disabled root user logins via ssh server and you still need to synchronize files in directories such as lets say /etc , /usr/local/etc/ /var/ with root:root user and group belongings.

Disabling root user logins in sshd is controlled by a variable in /etc/ssh/sshd_config that on most default Linux OS
installations is switched on, e.g. 

grep -i permitrootlogin /etc/ssh/sshd_config
PermitRootLogin yes


Many corporations use Vulnerability Scanners such as Qualys are always having in their list of remote server scan for SSH Port 22 to turn have the PermitRootLogin stopped with:

 

PermitRootLogin no


In this article, I'll explain a scenario where we have synchronization between 2 or more servers Server A / Server B, whatever number of servers that have already turned off this value, but still need to
synchronize traditionally owned and allowed to write directories only by root superuser, here is 4 easy steps to acheive it.

 

1. Add rsyncuser to Source Server (Server A) and Destination (Server B)


a. Execute on Src Host:

 

groupadd rsyncuser
useradd -g 1000 -c 'Rsync user to sync files as root src_host' -d /home/rsyncuser -m rsyncuser

 

b. Execute on Dst Host:

 

groupadd rsyncuser
useradd -g 1000 -c 'Rsync user to sync files dst_host' -d /home/rsyncuser -m rsyncuser

 

2. Generate RSA SSH Key pair to be used for passwordless authentication


a. On Src Host
 

su – rsyncuser

ssh-keygen -t rsa -b 4096

 

b. Check .ssh/ generated key pairs and make sure the directory content look like.

 

[rsyncuser@src-host .ssh]$ cd ~/.ssh/;  ls -1

id_rsa
id_rsa.pub
known_hosts


 

3. Copy id_rsa.pub to Destination host server under authorized_keys

 

scp ~/.ssh/id_rsa.pub  rsyncuser@dst-host:~/.ssh/authorized_keys

 

Next fix permissions of authorized_keys file for rsyncuser as anyone who have access to that file (that exists as a user account) on the system
could steal the key and use it to run rsync commands and overwrite remotely files, like overwrite /etc/passwd /etc/shadow files with his custom crafted credentials
and hence hack you 🙂
 

Hence, On Destionation Host Server B fix permissions with:
 

su – rsyncuser; chmod 0600 ~/.ssh/authorized_keys
[rsyncuser@dst-host ~]$


An alternative way for the lazy sysadmins is to use the ssh-copy-id command

 

$ ssh-copy-id rsyncuser@192.168.0.180
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys
root@192.168.0.180's password: 
 

 

For improved security here to restrict rsyncuser to be able to run only specific command such as very specific script instead of being able to run any command it is good to use little known command= option
once creating the authorized_keys

 

4. Test ssh passwordless authentication works correctly


For that Run as a normal ssh from rsyncuser

On Src Host

 

[rsyncuser@src-host ~]$ ssh rsyncuser@dst-host


Perhaps here is time that for those who, think enabling a passwordless authentication is not enough secure and prefer to authorize rsyncuser via a password red from a secured file take a look in my prior article how to login to remote server with password provided from command line as a script argument / Running same commands on many servers 

5. Enable rsync in sudoers to be able to execute as root superuser (copy files as root)

 


For this step you will need to have sudo package installed on the Linux server.

Then, Execute once logged in as root on Destionation Server (Server B)

 

[root@dst-host ~]# grep 'rsyncuser ALL' /etc/sudoers|wc -l || echo ‘rsyncuser ALL=NOPASSWD:/usr/bin/rsync’ >> /etc/sudoers
 

 

Note that using rsync with a ALL=NOPASSWD in /etc/sudoers could pose a high security risk for the system as anyone authorized to run as rsyncuser is able to overwrite and
respectivle nullify important files on Destionation Host Server B and hence easily mess the system, even shell script bugs could produce a mess, thus perhaps a better solution to the problem
to copy files with root privileges with the root account disabled is to rsync as normal user somewhere on Dst_host and use some kind of additional script running on Dst_host via lets say cron job and
will copy gently files on selective basis.

Perhaps, even a better solution would be if instead of granting ALL=NOPASSWD:/usr/bin/rsync in /etc/sudoers is to do ALL=NOPASSWD:/usr/local/bin/some_copy_script.sh
that will get triggered, once the files are copied with a regular rsyncuser acct.

 

6. Test rsync passwordless authentication copy with superuser works


Do some simple copy, lets say copy files on Encrypted tunnel configurations located under some directory in /etc/stunnel on Server A to /etc/stunnel on Server B

The general command to test is like so:
 

rsync -aPz -e 'ssh' '–rsync-path=sudo rsync' /var/log rsyncuser@$dst_host:/root/tmp/


This will copy /var/log files to /root/tmp, you will get a success messages for the copy and the files will be at destination folder if succesful.

 

On Src_Host run:

 

[rsyncuser@src-host ~]$ dst=FQDN-DST-HOST; user=rsyncuser; src_dir=/etc/stunnel; dst_dir=/root/tmp;  rsync -aP -e 'ssh' '–rsync-path=sudo rsync' $src_dir  $rsyncuser@$dst:$dst_dir;

 

7. Copying files with root credentials via script


The simlest file to use to copy a bunch of predefined files  is best to be handled by some shell script, the most simple version of it, could look something like this.
 

#!/bin/bash
# On server1 use something like this
# On server2 dst server
# add in /etc/sudoers
# rsyncuser ALL=NOPASSWD:/usr/bin/rsync

user='rsyncuser';

dst_dir="/root/tmp";
dst_host='$dst_host';
src[1]="/etc/hosts.deny";
src[2]="/etc/sysctl.conf";
src[3]="/etc/samhainrc";
src[4]="/etc/pki/tls/";
src[5]="/usr/local/bin/";

 

for i in $(echo ${src[@]}); do
rsync -aPvz –delete –dry-run -e 'ssh' '–rsync-path=sudo rsync' "$i" $rsyncuser@$dst_host:$dst_dir"$i";
done


In above script as you can see, we define a bunch of files that will be copied in bash array and then run a loop to take each of them and copy to testination dir.
A very sample version of the script rsync_with_superuser-while-root_account_prohibited.sh 
 

Conclusion


Lets do short overview on what we have done here. First Created rsyncuser on SRC Server A and DST Server B, set up the key pair on both copied the keys to make passwordless login possible,
set-up rsync to be able to write as root on Dst_Host / testing all the setup and pinpointing a small script that can be used as a backbone to develop something more complex
to sync backups or keep system configurations identicatial – for example if you have doubts that some user might by mistake change a config etc.
In short it was pointed the security downsides of using rsync NOPASSWD via /etc/sudoers and few ideas given that could be used to work on if you target even higher
PCI standards.