rsync itself is transport-agnostic; security is determined by whether you use SSH or daemon mode and by include/exclude/delete policies.
- Use SSH transport instead of open rsync daemon where possible.
- Restrict backup account with forced command and no interactive shell.
- Use key-based auth with passphrase and restricted authorized_keys options.
- Disable password auth for backup users.
- Bind daemon to private interfaces only.
- Use module-level
hosts allow/deny, uid/gid, and read-only policies where appropriate.
- Set
use chroot = yes for constrained modules when compatible.
- Protect
secrets file permissions (0600).
- Use
--dry-run before enabling --delete in production.
- Restrict source paths and glob patterns.
- Log all sync operations and alert on high delete counts.
- Keep snapshots/versioned targets to recover accidental deletes.
¶ Verification commands
rsync --version
sudo ss -tulpn | grep -E ':873|:22'
grep -E "^use chroot|^auth users|^secrets file|^hosts allow|^hosts deny" /etc/rsyncd.conf 2>/dev/null
- rsync manpage security notes: https://download.samba.org/pub/rsync/rsync.1
- rsync daemon config manpage: https://download.samba.org/pub/rsync/rsyncd.conf.5
- Linux hardening references for SSH-restricted accounts: https://www.openssh.com/manual.html