As a pre-requisite, consider reading my TrueNAS SCALE virtualization guide! https://www.truenas.com/community/resources/getting-started-with-virtualization-on-truenas-scale.214/ This resource is meant to be a series. Part 1 will cover both the theory behind what I mean by Datacenter-in-a-box...

The Guide: https://www.samueldowling.com/2020/...n-FreeNAS-iocage-jail-with-hardened-security/ This guide will show you how to manually set up and configure a Nextcloud server in an iocage jail, as well as how to harden your security to make sure your information is safe. Specifically, this...

Hello. I am trying to verify my sever's SSH fingerprint so i don't get MITM'd. Every guide i find on google tells me that the host keys are stored in /etc/ssh/ , however, my /etc/ssh folder only contains the config files and a moduli file. I have searched the forum here for a solution but have...

Hi all, I've got this messages today. Nov 3 00:16:37 MVfreenas sshd[47927]: error: maximum authentication attempts exceeded for root from 5.189.164.178 port 46035 ssh2 [preauth] Nov 3 13:27:34 MVfreenas sshd[20613]: fatal: userauth_pubkey: incomplete message [preauth] Nov 3 13:27:35...

Hi, a buddy of mine scanned FreeNAS 11.2-U3 for possible security holes - below are his results. Do you have any estimate when these holes will be fixed (or packages in FreeNAS updated)? Vulnerability Severity FreeBSD: (Multiple Advisories) (CVE-2016-9063): python 2.7 -- multiple...

I've been experimenting with FreeNAS and am pretty happy. I'm using 11.2rc2, which is of course close to bleeding edge. I just discovered the FreeBSD "pkg audit -F" command and was surprised/disappointed to see so many packages are out of date and vulnerable to known security issues. ex...

id like to start off by saying i am no network tech. i am trying to learn as much as i can, but im having a hard time finding the right question to ask to get the answer im looking for. so this all started cuz paul's hardware did a video on freenas11.2 recently and i thought that looked like a...

Recently I am getting this report consistently. freenas.local kernel log messages: arp: d0:50:99:c3:78:b7 attempts to modify permanent entry for 192.168.1.121 on igb0 arp: d0:50:99:c3:78:b7 attempts to modify permanent entry for 192.168.1.121 on igb0 arp: d0:50:99:c3:78:b7 attempts to modify...

Several years ago I purchased a Netgear ReadyNAS as a home server, largely to host Plex. A few years later Netgear came out with a new model and abandoned my version, so it no longer could run newer versions of Plex. Soon it was useless as a Plex server, and I was faced with the choice of buying...

Is there a config file I can edit to change the freenas update server from http://update.ixsystems.com/FreeNAS/ to it's HTTPS link? I'm a little surprised that this is not the default.

Greetings! I believe ever since I started using my FreeNAS as an FTP Server ( No-IP.com ) I started receiving these freenas.local daily security run output - login failure reports on a daily basis: freenas.local login failures: Jul 11 00:13:58 freenas sshd[80290]: Failed password for invalid...

From the official doc: "select when the command/script will run; choices are Pre Init (very early in boot process before filesystems are mounted)" So, if pre-init script runs before filesystems are mounted, then where should I place it?! I'm trying to make FreeNAS at least somewhat protected...

Hello, I am trying to create a secure SMB share on my FreeNAS 11.1 U4 machine. My Nessus scanner keeps telling me it can connect to the share with a guest account(See below). However, SMB share is locked down to Domain Users and I have Guest Allowed turned off. Has anyone experienced this or...

Hi Everyone, I noticed that FreeNAS is still supporting SMBv1 by default. I have looked around the GUI and even tried diving into the console to find a way to disable SMBv1 but have had no luck. Does anyone know of a way I can do this? Thank You!

Ever since I put my server online using dyndns I have been getting messages on the screen of my NAS, example image shown below. I am scared what could be going on behind my back, but then im left to blame for making it probably insecure in the first place. I wouldn't be posting this if I knew...

This question has three aspects, because I can't expose a directory in a jail without also checking symlink security and jail users/groups' security, to make sure that these common functions aren't left in a state that lets a user escape the jail. Q.1 - exposing a path fully: I want to expose...

Had a vulnerability scan on our network recently and I am getting back this vulnerability. What is needed for this to get fixed? Build: FreeNAS-11.1-U4 Synopsis The remote web server is vulnerable to a cross-site scripting attack. Description The remote web server fails to sanitize the...

I've just run this ssh-audit tool on my FreeNAS 11-4 box, and the results are abysmal (see end of post for results). In short, all the items marked `warn`, `fail` or `remove` need to be dealt with. I've done this on several Linux boxes, following this hardening guide, and the results were...

Hello, I am attempting to stand up a FreeNAS VM on version 11.0-U4 (54848d13b). I need to get the machine to meet PCI requirements but, it is showing a lot of security errors with the system. Has anyone else run into this issue or have any advice on how to proceed. Some of the services are...

Looks like the combination of strong security settings on the GUI port, and FreeNAS using a self-signed certificate, has made it impossible to connect from Firefox to FreeNAS. I recently did a forced upgrade (I physically damaged the old USB key it booted from, and downloaded and made a new...

Hello Everyone, I have one task which i cannot solve for 2 days already. The task is simple - to share (through SMB) one folder in FreeNAS where users (from AD) can create/add any files - but delete only their owned folder/files. In Windows Advanced Security Settings - i set the rights in the...

Is it possible in 9.10 to deny a particular user account access to FTP? I'm using one main (not root) user account for SMB access on my home network, and I want that user to have access to everything. However, if that account is compromised, I don't want someone to be able to FTP into the...

Is there any kind of documentation somewhere on the meanings of items in the daily security run output? I get emails fairly often, and I have no idea if they are alerting me to a potential problem, or telling me everything is working like it should be, or just randomly listing characteristics of...

I am looking at encrypting my pool on my current system. I have conducted some testing on my backup system, but I am wondering what mechanism is at play when it comes to accessing an encrypted pool by someone who is not authorized to do so, given it may have access to the system (I am...

I am planning to migrate my company file servers to TrueNAS. One of the security enhancements I have enabled in my MS File Servers is disabling NTLM passthrough for mapped drives. This has the net effect of preventing crypto attacks from spreading to the network file systems. I still want my...