How does one check Unraid for/rectify potential compromise?

[TyantA]

If it's a website, I'd look for rogue code. 

If it's Windows I'd just format the system (lol). 

Unraid? 

 

I have no reason to believe mine has been, but I'm still curious - what would one do? I suppose you could start from scratch but would there be an easier way (maintain drive config at least)? Would just copying over fresh Unraid files to flash suffice?

 

Could a compromised VM pose any issues to the rest of the system/network? In theory I'd think not but... 

Edited January 7, 2023 by TyantA

[trurl]

Unraid installs itself into RAM fresh from the archives on flash at each boot, and runs completely in RAM. Think of it as firmware. These flash archives are not modified except on each upgrade. These are the bz* files in the root folder of the flash drive.

 

Your configuration is completely stored in the config folder on flash. You must always have a current backup of your configuration.

 

Everything on your disks is just your data, no Unraid OS files are stored with your data, but Dockers/VMs are stored with your data.

[TyantA]

That turl. So because it's a bz file, you're saying they can't (at least easily) be changed outside of an update. So the "low hanging fruit" risk is attack surfaces on dockers and VMs and their inherent potential security issues (ex, Windows), but they are in theory completely isolated from the host OS... and there's nothing really there (Unraid level) that would persist beyond a reboot. 

 

So if one were truly concerned, you could blow out / restore a VM from a known clean state and be sure dockers are up to date and follow security best practices.