Project

General

Profile

Feature #26195

Avatar?id=14398&size=22x22

Feature Request: Secure the console menu for FreeNAS

Added by Manuel Morcillo almost 3 years ago. Updated almost 3 years ago.

Status:
Closed: Behaves correctly
Priority:
Important
Assignee:
Kris Moore
Category:
GUI (new)
Target version:
Estimated time:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:

Description

The FreeNAS console menu is completely open to anyone with access to the keyboard via console. The FreeNAS menu should be secured and not be open to anyone that happens to get access to the physical keyboard/monitor.

It would be better to improve access to the console so that you have to logon first (as root/admin) before you can make any kind of change. I have created a picture to show some options that could be implemented. If you have to logon to the web gui, then why can't the console menu be also protected by a password?

Regards
Manuel M

FreeNAS secure console.png (37 KB) FreeNAS secure console.png Manuel Morcillo, 10/14/2017 05:18 AM
12706

Related issues

Related to FreeNAS - Bug #19740: Update Advanced Console UI descriptionResolved2016-12-21

History

#1 Updated by Dru Lavigne almost 3 years ago

  • Status changed from Unscreened to Closed: Behaves correctly
  • Target version changed from 11.0 to N/A

You can uncheck the "Enable Console Menu" box in System -> Advanced in environments where console access is considered to be insecure.

#2 Updated by Manuel Morcillo almost 3 years ago

Ok this is one way to remove the console menu. But.
What can the admin do when something happens and the web gui is not accessible and the console menu is disabled?
Wouldn't it be better if the console was available at all times but is 'secured' so that when the web gui is not working (keeps crashing) the admin has a way to get in and run commandline fixes?

Cheers
Manuel

#3 Updated by Manuel Morcillo almost 3 years ago

  • Assignee changed from Release Council to Dru Lavigne
  • Private changed from No to Yes

Ok this is one way to remove the console menu. But.
What can the admin do when something happens and the web gui is not accessible and the console menu is disabled?
Wouldn't it be better if the console was available at all times but is 'secured' so that when the web gui is not working (keeps crashing) the admin has a way to get in and run commandline fixes?

Cheers
Manuel

#4 Updated by Dru Lavigne almost 3 years ago

  • Status changed from Closed: Behaves correctly to Unscreened
  • Assignee changed from Dru Lavigne to Kris Moore

Kris: what are your thoughts on this one?

#5 Avatar?id=14398&size=24x24 Updated by Kris Moore almost 3 years ago

  • Status changed from Unscreened to Closed: Behaves correctly

Thats exactly what that option does right now. If you uncheck web-console, it just puts it behind a root/password prompt before it shows up.

#6 Updated by Manuel Morcillo almost 3 years ago

Thanks for pointing this out. I tested this in my test FreeNas and it does simply show the 'login:' prompt.
I was looking for the 'web-console' but could not find it - i think you meant 'uncheck the "Enable Console Menu" box in System -> Advanced'.

The online guide says 'unchecking this box removes the console menu' - it doesn't say 'this will secure your menu behind logon access'

http://doc.freenas.org/11/system.html#advanced

Since security is the in thing, shouldn't this be unchecked by default? This way it is secure from the first boot. At least the documentation should say 'Recommended setting is leave it unchecked to force logon at console menu'.

Thank you
Manuel

#7 Updated by Manuel Morcillo almost 3 years ago

  • Private changed from Yes to No

Thanks for pointing this out. I tested this in my test FreeNas and it does simply show the 'login:' prompt.
I was looking for the 'web-console' but could not find it - i think you meant 'uncheck the "Enable Console Menu" box in System -> Advanced'.

The online guide says 'unchecking this box removes the console menu' - it doesn't say 'this will secure your menu behind logon access'

http://doc.freenas.org/11/system.html#advanced

Since security is the in thing, shouldn't this be unchecked by default? This way it is secure from the first boot. At least the documentation should say 'Recommended setting is leave it unchecked to force logon at console menu'.

Thank you
Manuel

#8 Updated by Dru Lavigne almost 3 years ago

  • Related to Bug #19740: Update Advanced Console UI description added

#9 Updated by Dru Lavigne almost 3 years ago

This option has actually been renamed in 11.1 to be clearer: Show Text Console Without Password Prompt.

Also available in: Atom PDF