I'm thinking about security, I've done a specific setup to run rsync over internet and was thinking about security, this is the setup:
Destination server has a ssh jail user only with bash and rsync with a folder called files mounted containing files, nothing more.
Source server runs: rsync [params] /source -e "ssh -p [port]" destjaileduser@destinationserver:/files/
If someone discover the password of jailed user, he can only run rsync, nothing else(rsync is needed for remote sync, can't remove).
Question is: It's possible for this jailed user to made his way out of the jail and access the system by any way, since he is limited? If yes, what can be done to prevent it?
The only thing I thought he could do, is place some program in rsync source and run rsync to send to server, but he could do anything, since he is jailed and can't see the real system, right? The files, if affected by ransomware or wiped out, no problem, they have cryptography and is copied to another place the jailed user can't see.
Am I doing things right?
Your defensive approach should focus on remote access to the server
Required daemon programs should be up to date
Not-required ones should not be installed
You could secure ssh with
iptables, authentication keys and why not 2FA authentication. See this article : https://devops.ionos.com/tutorials/secure-the-ssh-server-on-ubuntu/You may also implement the
fail2banprogram which is an efficient way to dynamically feed theiptablesnetwork filter from login attemps. https://help.ubuntu.com/community/Fail2ban