UF8FF
Dabbler
- Joined
- Jan 16, 2016
- Messages
- 29
Hey everyone,
I just recently got my FreeNAS server up and running and so far everything is running well except for a few hiccups. But all in all, the forums have been a great help. I have all my burn in testing done and thanks to all the fantastic documentation here I have a working Plex server (mind you I will be erasing and starting over because I have a 5th drive on the way). I have noticed that port-scanners were trying to log into my server so I have changed to using SSH keys, disallowed password logins, and changed the port for SSH but I wanted to go a step further.
Now, I do want to say that I have read quite a few comments from users directed at other users like myself like 'why do you even have it open to the WAN' and etc. etc. For me it's simply because I like to be able to change a few things here and there when I'm at work and don't have access. But I may set up a Raspberry Pi OpenVPN to help with this stuff. Regardless, I want to be able to wrap my head around the following if just at very least to understand why some things are working and why some things don't.
(https://forums.freenas.org/index.php?threads/hacking-attempts.1288/ and https://forums.freenas.org/index.php?threads/constant-hacking-attempts.11856/)
I looked into it and found that fail2ban seems to be exactly what I want so I followed a few tutorials, namely these ones:
and I am now extremely confused.
[strikeout]Firstly, whenever I try to use pkg install it usually can't find anything in the repositories. From what I am gathering that's because the USB stick that I'm running FreeNAS off of usually won't hold much in the /usr/ports folder, if anything at all. I figured pkg install would search freshports.org or another repository but it seems to only be searching local folders. Is this normal?[/strikeout]
After following the first guide it instructs you to reboot and run
service fail2ban start
That is all fine and dandy but when I did that it told me that the service was not in /etc/rc.d/ so I manually moved it, it started, but it doesn't seem to actually be doing anything when I try to log in from another user. It obviously blocks me because I don't have the right public key, but I want it to lock me out.
This led me to fresh ports. Fresh ports is even more confusing because in the sshguard file it says that to install you just change directory to the ../ports/security/sshguard and then make install clean but that can't happen because I don't have the ports on my machine locally, so do I have to find them from a git first and clone them? Should they be downloadable through a pbi or something? On OS X I'm used to finding things using apt-get or brew. Is pkg basically those but looking at local repositories instead of public ones?
I checked 13.2.2 in the FreeNAS documentation and that was about as clear as mud for me.
Thank you so much for your help. I'm sorry if I am so amateur that my questions just don't make sense. This is my first venture into server admin and as excited as I am to learn, it is so far quite the challenge but also so far damn fun.
UPDATE:
Now I understand why you can't do pkg install in the root of the boot drive -- the FreeBSD.conf file doesn't allow for it. So that clears up a LOT of what I was asking. I'm still confused though as to why fail2ban won't ban my IP even after following the instructions.
I just recently got my FreeNAS server up and running and so far everything is running well except for a few hiccups. But all in all, the forums have been a great help. I have all my burn in testing done and thanks to all the fantastic documentation here I have a working Plex server (mind you I will be erasing and starting over because I have a 5th drive on the way). I have noticed that port-scanners were trying to log into my server so I have changed to using SSH keys, disallowed password logins, and changed the port for SSH but I wanted to go a step further.
Now, I do want to say that I have read quite a few comments from users directed at other users like myself like 'why do you even have it open to the WAN' and etc. etc. For me it's simply because I like to be able to change a few things here and there when I'm at work and don't have access. But I may set up a Raspberry Pi OpenVPN to help with this stuff. Regardless, I want to be able to wrap my head around the following if just at very least to understand why some things are working and why some things don't.
(https://forums.freenas.org/index.php?threads/hacking-attempts.1288/ and https://forums.freenas.org/index.php?threads/constant-hacking-attempts.11856/)
I looked into it and found that fail2ban seems to be exactly what I want so I followed a few tutorials, namely these ones:
- https://forums.freenas.org/index.php?threads/howto-install-file2ban-on-freenas-9-x.16170/
- http://howtounix.info/howto/sshguard-freebsd
and I am now extremely confused.
[strikeout]Firstly, whenever I try to use pkg install it usually can't find anything in the repositories. From what I am gathering that's because the USB stick that I'm running FreeNAS off of usually won't hold much in the /usr/ports folder, if anything at all. I figured pkg install would search freshports.org or another repository but it seems to only be searching local folders. Is this normal?[/strikeout]
- So following the first guide I am not sure how to actually download the file other than just download it and then scp it to a folder.
- In the first guide it specifically says we want to protect the entire NAS so we don't want to install it in a Jail -- but everything I read on the forums says otherwise.
After following the first guide it instructs you to reboot and run
service fail2ban start
That is all fine and dandy but when I did that it told me that the service was not in /etc/rc.d/ so I manually moved it, it started, but it doesn't seem to actually be doing anything when I try to log in from another user. It obviously blocks me because I don't have the right public key, but I want it to lock me out.
This led me to fresh ports. Fresh ports is even more confusing because in the sshguard file it says that to install you just change directory to the ../ports/security/sshguard and then make install clean but that can't happen because I don't have the ports on my machine locally, so do I have to find them from a git first and clone them? Should they be downloadable through a pbi or something? On OS X I'm used to finding things using apt-get or brew. Is pkg basically those but looking at local repositories instead of public ones?
I checked 13.2.2 in the FreeNAS documentation and that was about as clear as mud for me.
Thank you so much for your help. I'm sorry if I am so amateur that my questions just don't make sense. This is my first venture into server admin and as excited as I am to learn, it is so far quite the challenge but also so far damn fun.
UPDATE:
Now I understand why you can't do pkg install in the root of the boot drive -- the FreeBSD.conf file doesn't allow for it. So that clears up a LOT of what I was asking. I'm still confused though as to why fail2ban won't ban my IP even after following the instructions.
Last edited: