ap-wtioit

Members
  • Posts

    8
  • Joined

  • Last visited

Everything posted by ap-wtioit

  1. That's unfortunate. Command arguments in ps.txt can be anything including sensitive information like external auth servers and credentials (hopefully no passwords). User names can be private information according to the GDPR. It's not good practice to leak your internal network structure by giving away information about ip addresses and ranges of internal networks. Device Serial number also can be used to look up if certain hardware has security issues. E.g. hardware defects are often limited to a certain range of serial numbers. Imagine a phone call: "Hi i'm from Disk Company A and we need to send you a replacement for a hard disk because there is an issue with it." much more credible if they have the actual serial numbers of the hard drives.
  2. Unfortunately i had to reset the stats for our monitoring to catch it again if the error count increases so i cannot test if the numbers are ok in 6.12.4 rc.
  3. there are other things, i checked the whole archive again: * config/ident.cfg: NAME, COMMENT, (DOMAIN_USER, DOMAIN_PASSWORD (cannot test that it's empty on our servers), WORKGROUP (maybe if its not "WORKGROUP"), LOCAL_TLD * config/listen.txt: br0 and tun0 ip ranges / ips * config/rsyslog.cfg: remote_server * config/rsyslog.conf: at least the ip of the remote_server (*.* @1.2.3.4:514;RSYSLOG_SyslogProtocol23Format) * config/super.dat: disk serial numbers * config/pool/cache.cfg: diskId, diskId.1 (seem to contain disk serials) * logs/dhcp.log: IPs and routes * logs/libvirt: hostname * logs/syslog*.txt: hostname, ips, ssh users (successful and failed logins), docker container names, file names (mover) * qemu/*.txt: filename is VM name, hostname, HOME, XDG_*_HOME, master-key file name, image names (block dev) * smart/*.txt: filename contains disk serials, Serial Number, LU WWN Device Id (for Crucial CT2000MX500 contains part of the serial number), * system/ifconfig.txt: ip addresses and mac addresses (at least strip the last 3 segments so only the manifacturer part is visible) * system/lsof.txt: ip addresses, user names (all non default unraid users) * system/meminfo.txt: RAM serial numbers * system/ps.txt: user names (all non default unraid users), command arguments, program locations * system/testparm.txt: interfaces, server string, read list ("valid users" and "write list" are already replace with {a}...{z}) * system/top.txt: user names (all non default unraid users), not sure about COMMAND (did contain nothing secret in our example but might in others) * system/urls.txt: Server Name, Local TLD, Internal IP, DNS 1, HTTP IP url, HTTP URL, HTTPS url 1, and errors (ERROR: When using DNS server 1.2.3.4, unredacted.fully.qualified.domain.name resolves to [redacted]. It should resolve to 1.2.3.5), cert names also show host name (and old host names possibly (Tower_unraid_bundle.pem)) * system/vars.txt: DISK ID shows serial, idSb shows serial, DNS_SERVER1, IPADDR:0, GATEWAY:0, NGINX_LANIP, NGINX_LANNAME, NGINX_LANMDNS, ID_SERIAL (dotted for USB but not for disks), ID_SERIAL_SHORT (dotted for USB but not for disks), ID_WWN (for Crucial), ID_WWN_WITH_EXTENSION (for Crucial), NAME, COMMENT, WORKGROUP (if not "WORKGROUP"), LOCAL_TLD * xml/*.xml: filename is VM name, name, mac addresses of network interfaces, vnc listen if not 0.0.0.0, filesystem mount file names
  4. Unraid needs updated btrfs progs for v6.2.2+ root@redacted:~# btrfs version btrfs-progs v6.2.1 root@redacted:~# btrfs dev stats /mnt/cache [/dev/sdg1].write_io_errs 0 [/dev/sdg1].read_io_errs 0 [/dev/sdg1].flush_io_errs 0 [/dev/sdg1].corruption_errs 4 [/dev/sdg1].generation_errs 0 [/dev/sdf1].write_io_errs 0 [/dev/sdf1].read_io_errs 0 [/dev/sdf1].flush_io_errs 0 [/dev/sdf1].corruption_errs 4 [/dev/sdf1].generation_errs 0 root@redacted:~# btrfs dev stats -T /mnt/cache Id Path Write errors Read errors Flush errors Corruption errors Generation errors -- --------- ------------ ----------- ------------ ----------------- ----------------- 1 /dev/sdg1 0 0 0 0 0 2 /dev/sdf1 0 0 0 0 0 with the current version of btrfs in unraid one does not receive the correct numbers when using `btrfs dev stats -T` (see https://github.com/kdave/btrfs-progs/issues/585) Note: posting without diagnostics (there is still too much information in the anonymized version (e.g. Serial Numbers, VM Names, ...))
  5. Current findings: With wireshark i could confirm that the client (gvfs-smb) is terminating the find request after 20seconds (as documented as default timeout for smb-client). Unfortunately i couldn't find any url options for smb:// urls that would allow me to increase the timeout on client side. Also there seems no system wide option available that wouldn't need to be specified as comand line arg for smb-client. Workarround: add the following as extra configuration # split answers for directory listings into 256K chunks to avoid client timeout for directories with many elements smb2 max trans = 262144 This splits the response for SMB2_FIND_ID_BOTH_DIRECTORY_INFO * into 256kb chunks for the answer where the first chunk is available after 0.3 seconds avoiding the 20s timeout. Edited: leave only smb2 max trans as extra configuration, add slightly higher value than 64k, that still gives us an smb2 find response roughly every 1.5 seconds to avoid client timeout (on our system)
  6. After we upgraded Unraid to 6.11.1 (from 6.9.2) it seems no longer possible to retrieve directories with many entries via samba. I'm getting "Broken pipe" from Ubuntu Client after a bit more than 20 seconds. Listing the directory on a terminal directly on unraid takes about 30 seconds. Is there any way of increasing the timeouts for directory listings in samba again? (as it seems 6.9.2 had way longer timeouts) The directory contents are created via Ubuntu Deja Dup backup so i cannot directly change the directory structure in there.
  7. On reddit someone posted editing /etc/profile it seems to be the following 2 lines: export HOME=/root cd $HOME for our server i had to copy the ssh keys again for all non root users and disable the export HOME for users allowed to login via ssh: [[ $UID == 1000 || $UID == 1001 || $UID == 1002 ]] || \ export HOME=/root cd $HOME
  8. Graylog accepts remote syslog messages only if i manually set the protocol/format to RSYSLOG_SyslogProtocol23Format. To do this you currently need to: activate the Remote Syslog Server in the Settings GUI Login via ssh as root and edit /etc/rsyslog.conf, add ";RSYSLOG_SyslogProtocol23Format" to the end of the syslog line *.* @@YOUR_REMOTE_SERVER_IP:514;RSYSLOG_SyslogProtocol23Format Change something in the WEBUI again (not touching the remote syslog options) to reload the rsyslog service After editing the config like this the GUI Options for the Remote syslog server seem to no longer have an effect. Can you add a dropdown for the rsyslog format template options?