TrueNAS Open Storage Logo
TrueNAS.com Products Enterprise Support Community Support Truenas Security Get TrueNAS Enterprise Download TrueNAS Community Edition About TrueNAS Careers
TrueNAS Open Storage Logo
F-Series
F-Series

All-Flash NVMe Performance.

H-Series
H-Series

Big business performance. Entry level pricing.

Mini Series
Mini Series

Home Labs, Small Office & SMB Applications.

M-Series
M-Series

All-Flash or Hybrid Enterprise Performance.

R-Series
R-Series

Single Controller Storage Appliances.

TrueNAS Enterprise Icon
TrueNAS Enterprise

Mission Critical Storage. 24×7 Enterprise Support.

TrueCommand Icon
TrueCommand

Manage Your TrueNAS Fleet All From One Place.

Use Cases

Analytics Backup & Archival Cloud Data Mobility File Sharing
iX-Storj Media & Entertainment Surveillance Veeam Backup Virtualization

Industry

Audio Broadcasting Gaming Healthcare Manufacturing Media & Entertainment
Automotive Education Government MSP Research & AI

Support

Enterprise Support

For customers with active support contracts.

Community Support

For peer-to-peer, open-source support.

Resources

Case Studies Documentation TrueNAS API Apps Market TrueNAS Security FAQ ZFS Overview
TrueNAS Blog Solution Guides Datasheets Software Status Videos TrueCommand Cloud
TrueNAS Community Edition Community Forum Discord TrueNAS GitHub TrueNAS Merch Store
About TrueNAS Awards Careers Contact Us Our Clients Reviews
Contact Icon
Contact an Enterprise Specialist

Speak with an enterprise storage specialist to find the right solutions for your business needs.

TrueNAS Enterprise Icon
TrueNAS Enterprise

Enterprise-grade storage appliances designed for business and mission-critical environments.

TrueNAS Community Edition Icon
Download TrueNAS Community Edition

Test Drive TrueNAS in Your Environment.

Using Administrator Logins

Root account logins are deprecated in TrueNAS Bluefin 22.12.0 or newer for security hardening and to comply with Federal Information Processing Standards (FIPS). All TrueNAS users should create an administrator account with all required permissions and begin using it to access TrueNAS. When the root user password is disabled, only an administrative user account can log in to the TrueNAS web interface.

TrueNAS plans to permanently disable root account access in a future release.

Read full post gdoc_arrow_right_alt
7 minutes to read 2fa ssh

Advanced Settings Screen

Advanced settings have reasonable defaults in place. A warning message displays for some settings advising of the dangers of making changes. Changing advanced settings can be dangerous when done incorrectly. Use caution before saving changes.

Make sure you are comfortable with ZFS, Linux, and system configuration, backup, and restoration before making any changes.

The Advanced Settings screen provides configuration options for the console, syslog, audit, kernel, sysctl, storage (system dataset pool), replication, WebSocket sessions, cron jobs, init/shutdown scripts, allowed IP addresses, isolated GPU device(s), self-encrypting drives, and global two-factor authentication.

Read full post gdoc_arrow_right_alt

Security Recommendations

Follow these best practices to administer TrueNAS securely.

General Recommendations

  • Modifying the base TrueNAS firmware image is unsupported and can create security issues.
  • Keep TrueNAS up-to-date with the most recent updates for your supported version.
  • Upgrade to new major releases promptly consistent with the deployment use case.
  • Disable any network services when not in use.
  • Restrict the TrueNAS web UI, IPMI, and any other management interfaces to private subnets away from untrusted users, or keep them disconnected when not in active use.
  • Configure Syslog settings to send logs to an external server (CORE | SCALE).
  • In TrueNAS 24.04 (Dragonfish) or later, locally monitor and review audit logs using the Audit screen.
  • In the System > Advanced Settings, always keep Show Text Console without Password Prompt set to Disabled.

Read full post gdoc_arrow_right_alt

STIG Compliance

TrueNAS Compliance

TrueNAS falls into the category of an appliance with its own operating system as covered in General Purpose Operating System SRG findings. Through connection to Active Directory, TrueNAS also complies with the Active Directory Domain Security Technical Implementation Guide SRG findings related to authentication and access controls for user, group, and systems.

Read full post gdoc_arrow_right_alt
16 minutes to read 2fa ssh

Two-Factor Authentication Screen

Two-factor authentication is time-based and requires a correct system time setting.

The Two-Factor Authentication screen, accessed from the Settings menu on the top toolbar, allows managing user-level two-factor authentication (2FA) credentials. It shows a different message if 2FA enabled than when not configured or disabled.

To configure 2FA settings go to the Advanced Settings screen. For more information, see the Managing Global 2FA tutorial.

Actions

Renew Secret changes the system-generated Secret and Provisioning URI values.

Read full post gdoc_arrow_right_alt

Managing Global 2FA (Two-Factor Authentication)

Global Two-factor authentication (2FA) is great for increasing security.

TrueNAS offers global 2FA to ensure that entities cannot use a compromised administrator or root password to access the administrator interface.

Advanced settings have reasonable defaults in place. A warning message displays for some settings advising of the dangers of making changes. Changing advanced settings can be dangerous when done incorrectly. Use caution before saving changes.

Make sure you are comfortable with ZFS, Linux, and system configuration, backup, and restoration before making any changes.

Read full post gdoc_arrow_right_alt