Ascii227 Posted October 24, 2018 Share Posted October 24, 2018 Recently I and at least 1 other on this forum were hit by ransomware. During this attack the malware managed to scan the network (or maybe just looped through the arp table) and start systematically encrypting public shares. I was sensible enough to keep my backup data shares private so that only the server backing up to it had access which saved my bacon. However I was unaware that by default unraid shares its root filesystem publicly over samba, and the ransomware was able to encrypt my whole flash drive. I am aware that unraid makes no pretence of being a secure OS, I mean by default it has no root password. However as it claims to be an easy to use backup solution for non professionals, I think at least securing up the root file system from anything being able to access it on the local network would be beneficial to a lot of users. Either that or just making it known somewhere on the main page next to the Flash section that it is currently exported as public. It could be a simple colour indicator or just a tick or cross in a column marked 'Shared'. Thanks for listening. 2 Quote Link to comment
itimpi Posted October 24, 2018 Share Posted October 24, 2018 4 hours ago, Ascii227 said: Recently I and at least 1 other on this forum were hit by ransomware. During this attack the malware managed to scan the network (or maybe just looped through the arp table) and start systematically encrypting public shares. I was sensible enough to keep my backup data shares private so that only the server backing up to it had access which saved my bacon. However I was unaware that by default unraid shares its root filesystem publicly over samba, and the ransomware was able to encrypt my whole flash drive. I am aware that unraid makes no pretence of being a secure OS, I mean by default it has no root password. However as it claims to be an easy to use backup solution for non professionals, I think at least securing up the root file system from anything being able to access it on the local network would be beneficial to a lot of users. Either that or just making it known somewhere on the main page next to the Flash section that it is currently exported as public. It could be a simple colour indicator or just a tick or cross in a column marked 'Shared'. Thanks for listening. Just for clarity - the flash drive is not the root file system, but the boot system that is made visible as the ‘flash’ share. The root file system is not accessible as a share over the network. As to whether the ‘flash’ share should be private that is a different consideration. Maybe setting it to be a hidden share might be a better compromise to making it private? However I agree that the moment it is not immediately obvious that one needs to click on the flash drive on the Main tab is the way to see its share status. Alternatively simply adding the ‘flash’ share to the Shares page and visible regardless of whether disk shares are enabled would at least make it as easy as any other share to see what it’s visibility and access modes are. It would bring the share inline with how all the other shares are managed rather than hiding it behind clicking on the flash drive on the Main tab. This lwould be my preferred approach in the short term as it seems it is purely a GUI change but still makes the share status visible in a location where you are likely to be looking for such information. Quote Link to comment
Ascii227 Posted October 24, 2018 Author Share Posted October 24, 2018 29 minutes ago, itimpi said: This would be my preferred approach in the short term as it seems it is purely a GUI change but still makes the share status visible in a location where you are likely to be looking for such information. I would agree with this, there does not need to be any functional changes if at least the information was presented readily. In my use case for example, had i seen on the shares or main screen that the flash drive was shared publicly I would have immediately made it private. It is rather confusing for a new user that the flash is shared but does not appear anywhere on the shares tab Quote Link to comment
itimpi Posted October 24, 2018 Share Posted October 24, 2018 Another reason I would like to see the ‘flash’ share added to the Shares tab is the fact that I think quite a few users do not realise that the flash drive can be updated over the network - you do not need to remove it and plug it into another machine in most cases. there is also perhaps a discussion as to why the share is labelled ‘flash’ rather than ‘boot’, but that is probably a lost cause for historical reasons. Quote Link to comment
bonienl Posted October 24, 2018 Share Posted October 24, 2018 By default Unraid comes as an 'open' system. The flash share is immediately accessible when the user boots the system the first time. This allows a user to copy or modify the flash device right from the start. This is a key design element. Making the flash device a private share by default won't work because no users are defined at initial start up, and would defeat the above open design concept. The flash share is not a user share, i.e. it is always present regardless of the array status. Mixing this "special" share with user shares leads to confusion because user share properties such as "allocation method" or "minimum file size" do not apply to the flash device. Perhaps more emphasis need to be made on setting up the flash device and make the user aware to do the appropriate changes once the basic configuration is completed. Quote Link to comment
JonathanM Posted October 24, 2018 Share Posted October 24, 2018 1 hour ago, bonienl said: This allows a user to copy or modify the flash device right from the start. What, exactly, would need to be modified on the flash over the network that isn't covered by the GUI? Quote Link to comment
bonienl Posted October 24, 2018 Share Posted October 24, 2018 8 minutes ago, jonathanm said: What, exactly, would need to be modified on the flash over the network that isn't covered by the GUI? When everything goes right, there is nothing to modify. It's those cases when something went wrong and needs to be corrected. Quote Link to comment
JonathanM Posted October 24, 2018 Share Posted October 24, 2018 Is the SMB share an appropriate venue to correct something? It seems the normal troubleshooting step is to run diagnostics, shut down and read the USB stick in another machine. I'm just not convinced the benefits outweigh the inherent risks in the current security situation. Quote Link to comment
bonienl Posted October 24, 2018 Share Posted October 24, 2018 What are the inherent risks? Quote Link to comment
JonathanM Posted October 24, 2018 Share Posted October 24, 2018 6 minutes ago, bonienl said: What are the inherent risks? 10 hours ago, Ascii227 said: During this attack the malware managed to scan the network (or maybe just looped through the arp table) and start systematically encrypting public shares. 10 hours ago, Ascii227 said: I was unaware that by default unraid shares its root filesystem publicly over samba, and the ransomware was able to encrypt my whole flash drive. Quote Link to comment
itimpi Posted October 25, 2018 Share Posted October 25, 2018 23 hours ago, bonienl said: The flash share is not a user share, i.e. it is always present regardless of the array status. Mixing this "special" share with user shares leads to confusion because user share properties such as "allocation method" or "minimum file size" do not apply to the flash device. I was thinking it should be presented as an ‘always present’ Disk Share, not as a User Share. The share settings that apply to Disk Shares DO apply to the ‘flash’ share. Quote Link to comment
Ascii227 Posted November 9, 2018 Author Share Posted November 9, 2018 On 10/24/2018 at 9:03 PM, bonienl said: What are the inherent risks? Just seen this in the 6.6.4 Changelog: "webgui: Added warning when Flash device is set as public share" A good compromise I feel, thankyou for listening. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.