Jump to content

Unraid OS 6.8.2 and General Security Tips


Recommended Posts

  • 2 weeks later...
Posted

I run a virtualized instance of an enterprise-grade firewall on my box. This keeps viruses and other nasties from penetrating my network and infecting my hardware. But at the same time, my friends with benefits can still gain access to my 9TB worth of Hard Disks for their pleasure. It may be hard to swallow, but taking the time to carefully setup your sever will pay dividends later with all that data going in and out, and in, and out.

 

 

 

Ck76x6SWEAERcBB.jpg.cf9966779790ae5f4fe27f4749f68082.jpg

  • Haha 5
Posted
15 hours ago, 1812 said:

I run a virtualized instance of an enterprise-grade firewall on my box. This keeps viruses and other nasties from penetrating my network and infecting my hardware. But at the same time, my friends with benefits can still gain access to my 9TB worth of Hard Disks for their pleasure. It may be hard to swallow, but taking the time to carefully setup your sever will pay dividends later with all that data going in and out, and in, and out.

 

 

 

Ck76x6SWEAERcBB.jpg.cf9966779790ae5f4fe27f4749f68082.jpg

I see what you did there! Great tip.

Posted

It's a good blog/article. Thanks.

 

As for ideas: disable SSH OOTB.

Reason: Root has no password yet. Some people have their 22 port already open for other devices they manage on their network.

 

A warning popup before letting the user turn on SSH, unless the user has:

1. ideally set up SSH keys; or

2. At a minimum, set a strong password; or

3. They're network is internal only (i.e. 22 isn't forwarded)

 

...or is this thread for users rather than for Lime?

 

If it's for users only - install the SSH plugin by @docgyver and disable root SSH login, disable passwords, pick/make a non-root user for SSH functions and only use keys. Some people also recommend not using the default port 22. It's much more secure to SSH as a limited user, with keys, and su to root if you need root.

 

I really hope that Lime integrate these SSH features into the OS from the outset because it's essential OS security that is currently being provided by a volunteer. Bless him/her :)

  • Thanks 2
Posted
14 hours ago, Derek_ said:

 

 

As for ideas: disable SSH OOTB.

Reason: Root has no password yet. Some people have their 22 port already open for other devices they manage on their network.

 

A warning popup before letting the user turn on SSH, unless the user has:

1. ideally set up SSH keys; or

2. At a minimum, set a strong password; or

3. They're network is internal only (i.e. 22 isn't forwarded)

thanks for the comment and ideas. If you would, could you post this to Feature Requests and we will put it on the board. Thanks again!

  • Thanks 1
Posted
13 hours ago, SpencerJ said:

thanks for the comment and ideas. If you would, could you post this to Feature Requests and we will put it on the board. Thanks again!

Done! Thanks for suggesting it :)

 

 

 

  • Thanks 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...