Leaderboard

Something else I wanted to add, as long as we're talking about security measures in the pipe: we are looking at integrating various 2-Factor solutions directly in Unraid OS, such as google authenticator.

tldr: If you are running Unraid OS 6 version 6.8.1 or later, the following does not apply (mitigations are in place). If you are running any earlier Unraid OS 6 release, i.e., 6.8.0 and earlier, please read on. On Jan 5, 2020 we were informed by a representative from sysdream.com of security vulnerabilities they discovered in Unraid OS. Their report is attached to this post. At the time, version 6.8.0 was the stable release. The most serious issue concerns version 6.8.0. Here they discovered a way to bypass our forms-based authentication and look at the contents of various webGUI pages (that is, without having to log in first). Then using another exploit, they were further able to demonstrate the ability to inject "arbitrary code execution". Someone clever enough could use this latter exploit to execute arbitrary code on a server. (That person would have to have access to the same LAN as the server, or know the IP address:port of the server if accessible via the Internet.) Even in versions prior to 6.8.0, the "arbitrary code execution" vulnerability exists if an attacker can get you to visit a webpage using a browser that is already logged into an Unraid server (and they know or can guess the host name of the server). In this case, clicking the link could cause injection of code to the server. This is similar to the CSRF vulnerability we fixed a few years ago. In summary, sysdream.com recognizes 3 vulnerabilities: That it's possible to bypass username/password authentication and access pages directly in v6.8.0. That once authentication is bypassed, it's possible to inject and have server execute arbitrary code. That even if bug #1 is fixed, #2 is still possible if attacker can get you to click a link using browser already authenticated to your Unraid server (6.8.0 and all earlier versions of Unraid 6). Mitigations are as follows: First, if you are running version 6.8.0, either upgrade to latest stable release, or downgrade to an earlier release and install the sysdream mitigation plugin. We are not going to provide a mitigation plugin for 6.8.0. If you are running any 6.6 or 6.7 Unraid release, the best course of action is to upgrade to the latest stable release; otherwise, please install this mitigation plugin: https://raw.githubusercontent.com/limetech/sysdream/master/sysdream.plg This plugin will make a small patch to the webGUI template.php file in order to prevent arbitrary code execution. This plugin will work with all 6.6.x and 6.7.x releases and should also be available via Community Apps within a couple hours. We are not going to provide a mitigation for Unraid releases 6.5.x and earlier. If you are running an earlier release and cannot upgrade for some reason, please send us an email: [email protected]. I want to thank sysdream.com for bringing this to our attention, @eschultz for initial testing and fixes, and @bonienl for creation of the sysdream mitigation plugin. I also want to remind everyone: please set a strong root password, and carefully consider the implications and security measures necessary if your server is accessible via the Internet. Finally, try and keep your server up-to-date. VULNERABILITY_DISCLOSURE.pdf

Nice work everyone!

Message pops up generally when you move the docker.img. You can recreate it no problems. Simply stop the docker service (Settings - Docker), then delete the image, then restart the service Followed by Apps, Previous Apps, check off whatever you had installed and it'll be the same as before

It's actually correct what you're seeing. What you want to select is Tunnel WG0 to get to where you want to be.

That looks like an Nginx problem, and outside my knowledge, maybe someone else can help, rebooting should fix it, but parity check will restart.

Once you get back in make sure you generate and save backup codes.

Thanks for that, I've read it and moving the Plex Appdata to the cache drive solved the problem. Thanks again.

may start with the logs, what is standing there, then may someone can help

So it turns out that my issue yesterday was, in fact my VPN provider temporarily suspending my account for "unusually high data usage." I must have busted through their unlisted 3TB soft data cap.

This whole process is pretty technical, I don't expect the average user would want to undertake this, but good suggestion. I have added a check on available space to the script.

if 4 ports are enough get a 4/5 port controller based on the JMB585 chipset, or get one of the recommended 8 port LSI controllers.

Upload Script 0.95.2 Thanks to @watchmeexplode5 helping me fix me being stupid and not using my own script properly, which led to him adding another nice simplification. --drive-service-account-file added to upload remote, removing the need to add a remote that isn't 'used' for the upload job. Before if using an encrypted remote e.g. gdrive_vfs: the service account was added to gdrive: . Now, via --drive-service-account-file the rotating of SAs is done in gdrive_vfs: https://github.com/BinsonBuzz/unraid_rclone_mount/blob/latest---mergerfs-support/rclone_upload

Can't see nothing on the log to why it's stuck, what happens if you pause and then resume?

when i used the external official onlyoffice doc server docker with lsio nextcloud i added those 2 variables from the readme

Two factor authentication would certainly be a welcome addition.

Unraid is an appliance. There is only one user: root. We can rename to "admin" but it's still root. There are not traditional user logins. Users are only used to validate SMB connections. Running as non-root would not have prevented this vulnerability which btw, was a couple 1-line bugs. re: the request: we have a blog post that talk about this: https://unraid.net/blog/unraid-os-6-8-2-and-general-security-tips Sure I can go reply in there...

Hey everyone! Stoked to have officially joined the team 🙌

Don't need the table. But do insist on this...

Too bad, it comes with pool tables 😁

Have you looked at the WireGuard VPN support that is now built into Unraid 6.8?

Maybe I'm missing something, but last time I checked, a PI runs ARM and unRaid is x86

I don't know how common it is for the drives today to not have temperature sensors so not sure how much effort is really needed on this. My work around is working well for now. Thank you for the update!! I find it odd that Unraid is able to count the UD drives towards the license but is not able to adjust monitoring thresholds for them. Perhaps a later version will address this. However with such a great piece of software it really is a minor complaint. Thanks to both of you on your hard work making Unraid the great OS it is.

I love Plex. It was the first app I had Eric dockerize when we were testing before beta 6. It is the most simple and intuitive to use media player solution on the marker IMHO. I love XBMC and have heard great things about some of the others, but I just can't get over the completeness of vision that Plex has consistently shown me since my time using it.