id: detect-rsyncd

info:
  name: Detect rsyncd
  author: vsh00t,geeknik
  severity: info
  description: |
    Rsync is a fast and extraordinarily versatile file copying tool. It can copy locally, to/from another host over any remote shell, or to/from a remote rsync daemon.
  reference:
    - https://linux.die.net/man/1/rsync
  tags: network,rsyncd

network:
  - inputs:
      - data: "?\r\n"

    host:
      - "{{Hostname}}"
      - "{{Host}}:873"

    matchers:
      - type: word
        words:
          - "RSYNCD: "
          - "ERROR: protocol startup error"
        condition: and

    extractors:
      - type: regex
        regex:
          - 'RSYNCD: \d\d.\d'