Wednesday, 13 July 2011

How to secure your FreeNAS server

Quote from FreeNAS forum:

Q: How do I make sure my FreeNAS server is secure?
A: You can ensure basic security by following the FreeNAS Security Checklist:
  1. Change the WebGUI admin/root password (the default is: freenas)
    Use a very strong password if you intend to access FreeNAS over the Internet.
    Please note - admin/root accounts use the same password.
    Please note - Users that are members of the wheel group can su to root if they know the root password.
  2. Change WebGUI admin user name (the default is admin), to protect your system against dictionary attacks.
  3. DO NOT give shell access to everybody.
  4. DO NOT use FTP over the Internet, use SSH or SFTP instead.
  5. DO NOT enable Password Authentication with SSH, set-up and use SSH key based authentication.
  6. Always use https protocol to access WebGUI interface.
  7. DO NOT open your WebGUI server to internet, rather open a tunnel via SSH from client to server.
 Let's start from the first item:

1. Change the WebGUI admin password under System | General | Password:


2,4. Change WebGUI admin user name and access protocol under System | General:


5,7. SSH setup under Services | SSH:


Of course, you need to create a non-admin user, create SSH key, and upload it to FreeNAS server. Please read SSH manual. If your FreeNAS server is behind a router, you also need to setup the router's NAT:


Here I opened both WebGUI interface and SSH to Internet, but I will use only SSH to connect. To do SSH tunneling from Linux box, type:

$ ssh -v -p 22 -L 8888:localhost:443 username@your.FreeNASorRouter.IP.address

Then open your web browser and type address https://localhost:8888/ and you are there. Windows users can read the instruction in FreeNAS KnowledgeBase.

I don't have a static IP address, so I use (free) DynDNS service.

Last word:

To eliminate Windows users' advantage of using shortcut Linux users can create an alias:


$ cat .bashrc
alias ssh-nas="ssh pvt@192.168.1.250"
alias ssh-dir="ssh pvt@192.168.1.1"
alias tunnel-nas="ssh -v -p 22 -L 8888:localhost:443 tvp@xxx.dyndns.org"
# sudo alias
alias apt-update="sudo apt-get update"
alias apt-install="sudo apt-get install"
alias apt-remove="sudo apt-get remove"
alias mount="sudo mount"
alias umount="sudo umount"
alias suvim="sudo vim"


$ tunnel-nas 

2 comments:

  1. VIRUS REMOVAL

    Is Your Computer Sluggish or Plagued With a Virus? – If So you Need Online Tech Repairs
    As a leader in online computer repair, Online Tech Repairs Inc has the experience to deliver professional system optimization and virus removal.Headquartered in Great Neck, New York our certified technicians have been providing online computer repair and virus removal for customers around the world since 2004.
    Our three step system is easy to use; and provides you a safe, unobtrusive, and cost effective alternative to your computer service needs. By using state-of-the-art technology our computer experts can diagnose, and repair your computer system through the internet, no matter where you are.
    Our technician will guide you through the installation of Online Tech Repair Inc secure software. This software allows your dedicated computer expert to see and operate your computer just as if he was in the room with you. That means you don't have to unplug everything and bring it to our shop, or have a stranger tramping through your home.
    From our remote location the Online Tech Repairs.com expert can handle any computer issue you want addressed, like:
    • - System Optimization
    • - How it works Software Installations or Upgrades
    • - How it works Virus Removal
    • - How it works Home Network Set-ups
    Just to name a few.
    If you are unsure of what the problem may be, that is okay. We can run a complete diagnostic on your system and fix the problems we encounter. When we are done our software is removed; leaving you with a safe, secure and properly functioning system. The whole process usually takes less than an hour. You probably couldn't even get your computer to your local repair shop that fast!
    Call us now for a FREE COMPUTER DIAGONISTIC using DISCOUNT CODE (otr214426@gmail.com) on +1-914-613-3786 or chat with us on www.onlinetechrepairs.com.




    ReplyDelete
  2. Problem: HP Printer not connecting to my laptop.

    I had an issue while connecting my 2 year old HP printer to my brother's laptop that I had borrowed for starting my own business. I used a quick google search to fix the problem but that did not help me.

    I then decided to get professional help to solve my problem. After having received many quotations from various companies, i decided to go ahead with Online Tech Repair (www.onlinetechrepairs.com).

    Reasons I chose them over the others:
    1) They were extremely friendly and patient with me during my initial discussions and responded promptly to my request.
    2) Their prices were extremely reasonable.
    3) They were ready and willing to walk me through the entire process step by step and were on call with me till i got it fixed.

    How did they do it
    1) They first asked me to state my problem clearly and asked me a few questions. This was done to detect any physical connectivity issues with the printer.
    2) After having answered this, they confirmed that the printer and the laptop were functioning correctly.
    3) They then, asked me if they could access my laptop remotely to troubleshoot the problem and fix it. I agreed.
    4) One of the tech support executives accessed my laptop and started troubleshooting.
    5) I sat back and watched as the tech support executive was navigating my laptop to spot the issue. The issue was fixed.
    6) I was told that it was due to an older version of the driver that had been installed.

    My Experience
    I loved the entire friendly conversation that took place with them. They understood my needs clearly and acted upon the solution immediately. Being a technical noob, i sometimes find it difficult to communicate with tech support teams. It was a very different experience with the guys at Online Tech Repairs. You can check out their website www.onlinetechrepairs.com or call them on 1-914-613-3786.
    Would definitely recommend this service to anyone who needs help fixing their computers.
    Thanks a ton guys. Great Job....!!

    ReplyDelete