Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

security

Western Digital Drives - The Preferred Drives of FreeNAS and TrueNAS CORE
  1. S

    How to manually install Nextcloud on FreeNAS in an iocage jail with hardened security v2.0.1

    The Guide: https://www.samueldowling.com/2020/...n-FreeNAS-iocage-jail-with-hardened-security/ This guide will show you how to manually set up and configure a Nextcloud server in an iocage jail, as well as how to harden your security to make sure your information is safe. Specifically, this...
  2. K

    Cannot find exact location of any and all SSH host key files.

    Hello. I am trying to verify my sever's SSH fingerprint so i don't get MITM'd. Every guide i find on google tells me that the host keys are stored in /etc/ssh/ , however, my /etc/ssh folder only contains the config files and a moduli file. I have searched the forum here for a solution but have...
  3. M

    Is my Freenas been hacked?

    Hi all, I've got this messages today. Nov 3 00:16:37 MVfreenas sshd[47927]: error: maximum authentication attempts exceeded for root from 5.189.164.178 port 46035 ssh2 [preauth] Nov 3 13:27:34 MVfreenas sshd[20613]: fatal: userauth_pubkey: incomplete message [preauth] Nov 3 13:27:35...
  4. vermaden

    FreeNAS 11.2-U3 Vulnerabilities

    Hi, a buddy of mine scanned FreeNAS 11.2-U3 for possible security holes - below are his results. Do you have any estimate when these holes will be fixed (or packages in FreeNAS updated)? Vulnerability Severity FreeBSD: (Multiple Advisories) (CVE-2016-9063): python 2.7 -- multiple...
  5. D

    Assigning Roles to Interfaces/Creating a Dedicated Management Interface?

    I have a FreeNAS box configured in a dual 1g LACP to my switch, switch side the LACP group is set as a trunk, and FreeNAS side, two virtual interfaces exist, one on the "Data" network, the other on the "Management" Network. In essence, what I want to do, is make it so that no management (SSH...
  6. S

    Correct/expected procedure for keeping FreeNAS up-to-date?

    I've been experimenting with FreeNAS and am pretty happy. I'm using 11.2rc2, which is of course close to bleeding edge. I just discovered the FreeBSD "pkg audit -F" command and was surprised/disappointed to see so many packages are out of date and vulnerable to known security issues. ex...
  7. O

    need help with windows 10 security network credentials

    id like to start off by saying i am no network tech. i am trying to learn as much as i can, but im having a hard time finding the right question to ask to get the answer im looking for. so this all started cuz paul's hardware did a video on freenas11.2 recently and i thought that looked like a...
  8. peter_cd.cn

    What is this security out run output means?

    Recently I am getting this report consistently. freenas.local kernel log messages: arp: d0:50:99:c3:78:b7 attempts to modify permanent entry for 192.168.1.121 on igb0 arp: d0:50:99:c3:78:b7 attempts to modify permanent entry for 192.168.1.121 on igb0 arp: d0:50:99:c3:78:b7 attempts to modify...
  9. Monkey_Demon

    FreeNAS 11.2, No-IP, & Let's Encrypt confusion

    Several years ago I purchased a Netgear ReadyNAS as a home server, largely to host Plex. A few years later Netgear came out with a new model and abandoned my version, so it no longer could run newer versions of Plex. Soon it was useless as a Plex server, and I was faced with the choice of buying...
  10. Garyw

    Change update server to the HTTPS version

    Is there a config file I can edit to change the freenas update server from http://update.ixsystems.com/FreeNAS/ to it's HTTPS link? I'm a little surprised that this is not the default.
  11. D

    freenas.local daily security run output - login failures

    Greetings! I believe ever since I started using my FreeNAS as an FTP Server ( No-IP.com ) I started receiving these freenas.local daily security run output - login failure reports on a daily basis: freenas.local login failures: Jul 11 00:13:58 freenas sshd[80290]: Failed password for invalid...
  12. A

    SOLVED Where to put pre-init script? (or attempts to make FreeNAS safe; ipfw)

    From the official doc: "select when the command/script will run; choices are Pre Init (very early in boot process before filesystems are mounted)" So, if pre-init script runs before filesystems are mounted, then where should I place it?! I'm trying to make FreeNAS at least somewhat protected...
  13. W

    Nessus able to use Guest account

    Hello, I am trying to create a secure SMB share on my FreeNAS 11.1 U4 machine. My Nessus scanner keeps telling me it can connect to the share with a guest account(See below). However, SMB share is locked down to Domain Users and I have Guest Allowed turned off. Has anyone experienced this or...
  14. W

    Disable SMBv1 11.1 U4

    Hi Everyone, I noticed that FreeNAS is still supporting SMBv1 by default. I have looked around the GUI and even tried diving into the console to find a way to disable SMBv1 but have had no luck. Does anyone know of a way I can do this? Thank You!
  15. A

    Random Attempted Connection From Public IP's

    Ever since I put my server online using dyndns I have been getting messages on the screen of my NAS, example image shown below. I am scared what could be going on behind my back, but then im left to blame for making it probably insecure in the first place. I wouldn't be posting this if I knew...
  16. S

    Exposing a directory tree from a dataset safely and fully, within a jail

    This question has three aspects, because I can't expose a directory in a jail without also checking symlink security and jail users/groups' security, to make sure that these common functions aren't left in a state that lets a user escape the jail. Q.1 - exposing a path fully: I want to expose...
  17. Q

    Web Server Expect Header XSS Vulnerability

    Had a vulnerability scan on our network recently and I am getting back this vulnerability. What is needed for this to get fixed? Build: FreeNAS-11.1-U4 Synopsis The remote web server is vulnerable to a cross-site scripting attack. Description The remote web server fails to sanitize the...
  18. Stranded Camel

    How to harden SSH in FreeNAS 11

    I've just run this ssh-audit tool on my FreeNAS 11-4 box, and the results are abysmal (see end of post for results). In short, all the items marked `warn`, `fail` or `remove` need to be dealt with. I've done this on several Linux boxes, following this hardening guide, and the results were...
  19. W

    Security

    Hello, I am attempting to stand up a FreeNAS VM on version 11.0-U4 (54848d13b). I need to get the machine to meet PCI requirements but, it is showing a lot of security errors with the system. Has anyone else run into this issue or have any advice on how to proceed. Some of the services are...
  20. David Dyer-Bennet

    SOLVED Can't connect to web GUI due to Strict Transport Security

    Looks like the combination of strong security settings on the GUI port, and FreeNAS using a self-signed certificate, has made it impossible to connect from Firefox to FreeNAS. I recently did a forced upgrade (I physically damaged the old USB key it booted from, and downloaded and made a new...
  21. I

    Windows AD Share Permission

    Hello Everyone, I have one task which i cannot solve for 2 days already. The task is simple - to share (through SMB) one folder in FreeNAS where users (from AD) can create/add any files - but delete only their owned folder/files. In Windows Advanced Security Settings - i set the rights in the...
  22. catnas

    How to Deny User FTP Access

    Is it possible in 9.10 to deny a particular user account access to FTP? I'm using one main (not root) user account for SMB access on my home network, and I want that user to have access to everything. However, if that account is compromised, I don't want someone to be able to FTP into the...
  23. duggulous

    A guide to interpreting daily security run output?

    Is there any kind of documentation somewhere on the meanings of items in the daily security run output? I get emails fairly often, and I have no idea if they are alerting me to a potential problem, or telling me everything is working like it should be, or just randomly listing characteristics of...
  24. A

    Looking for encrypted pool security mechanism

    I am looking at encrypting my pool on my current system. I have conducted some testing on my backup system, but I am wondering what mechanism is at play when it comes to accessing an encrypted pool by someone who is not authorized to do so, given it may have access to the system (I am...
  25. T

    Disable NTLM Passthrough

    I am planning to migrate my company file servers to TrueNAS. One of the security enhancements I have enabled in my MS File Servers is disabling NTLM passthrough for mapped drives. This has the net effect of preventing crypto attacks from spreading to the network file systems. I still want my...
Top