Via the FreeNAS forum, Phan Vinh Thinh has posted some details on how to secure your FreeNAS server.
- Change the WebGUI admin/root password (the default is: freenas)
Use a very strong password if you intend to access FreeNAS over the Internet.
Please note – admin/root accounts use the same password.
Please note – Users that are members of the wheel group can su to root if they know the root password.
- Change WebGUI admin user name (the default is admin), to protect your system against dictionary attacks.
- DO NOT give shell access to everybody.
- DO NOT use FTP over the Internet, use SSH or SFTP instead.
- DO NOT enable Password Authentication with SSH, set-up and use SSH key based authentication.
- Always use https protocol to access WebGUI interface.
- DO NOT open your WebGUI server to internet, rather open a tunnel via SSH from client to server.
See the rest of his blog entry for a brief tutorial on implementing these steps Phan’s blog: How to secure your FreeNAS server
Some more details are starting to emerge about what will appear in FreeNAS 0.8:
Planned major features:
- Development on FreeBSD RELENG_8. Release, depending on timeframe may be based on a RELENG_8 snapshot or 8.1-RELEASE
- Migrate off m0n0wall
- Migrate GUI to django
- Add support for ada and ahci SATA drivers
- Add optional SoftUpdates + Journaling support to UFS2 filesystems
- Migration path/tool for previous releases and configurations
- Preservation of all existing features of the current FreeNAS release
- Refactor FreeNAS build system to allow building FreeNAS without affecting the host environment
- Non-Blocking Features
Possible other features
- FreeNAS package support. Binary one click installs that modify the GUI dynamically.
I am sure this list will evolve and you can keep an eye on the current developments here: http://freenas.org/roadmap
There doesn’t seem to have been an actual official announcement about this, but it seems FreeNAS 0.7.1 has been released.
You can download it from SourceForge: http://sourceforge.net/projects/freenas/files/
FreeNAS 0.7.1 (Shere):
- Upgrade e2fsprogs to 1.41.9.
- Upgrade istgt to version 20100125.
- Upgrade msmtp to 1.4.19.
- Upgrade transmission to 1.76.
- Upgrade PHP to 5.2.12 (Thanks to Xin LI).
- Upgrade fuppes to 0.660.
- Upgrade rsync to 3.0.7.
- Upgrade inadyn-mt to 02.18.08.
- Upgrade netatalk to 2.0.5.
- Upgrade bash to 4.0.35.
- Upgrade lighttpd to 1.4.25.
- Upgrade proftpd to 1.3.2c.
- Modify Samba default buffer size.
- Modify Tuning values.
- Add new MIB in System|Advanced|sysctl.conf.
- Add UTF-8 with English menu in File Manager (quixplorer).
- Restrict NFS sharing directory with alldirs.
- Add serial console support.
- Fix bug in istgt script.
- Fix Samba ‘Unknown socket option IPTOS_LOWDELAY’ messages. Thanks to Daisuke Aoyama. (BR 2894782|2858262).
- Fix mt-daapd/firefly error ‘Undefined symbol "avcodec_decode_audio"’ (BR 2895960).
- Fix bug in iSCSI initiator script (BR 2916334). Thanks to Daisuke Aoyama.
- Set home dir for Quixplorer users. Thanks to Daisuke Aoyama.
- Remove useless character in email (BR 2928068).
- Every reboot increases the number of ‘proc’ entries in fstab on ‘full’ installations (BR 2929029).
- Fix message in console menu ‘Reset WebGUI password’ (BR 2929338).
- Fix initial resolv issue.
- Fix full install upgrade error.
- Fix nsswitch error when ldap is enabled (BR 2936505).
- Fix transmission umask does not work (BR 2945242).
- Fix WebGUI allows usernames longer than 16 characters (BR 2934168).
- Fix cannot check WebGUI default port.
- Fix fail to apply if webserver authentication is enabled and documentroot is missing.
- It is not possible to format a SoftRAID disk with MSDOS FAT16/32.
- It is not possible to encrypt a disk partition, only complete disks are supported.
- It is not possible to get seperate CPU stats per processor on SMP machines because FreeBSD does not support that feature.
- Enable ‘polling’ on interfaces used by a LAGG interface will make it inoperable.
- It is not possible to mount EXT2 disks with an inode size of 256 bytes. You have to format it with 128 bytes on Linux to use them on FreeBSD.
- If DHCP for IPv4 is used, the IPv6 statically configured DNS server will be overriden by the IPv4 DNS server.
- Downgrading to 0.69 via WebGUI fails because of broken pipe error.
- FreeBSD’s ext2fs module, as of release 7.1, cannot mount ext2 file systems with 256-byte large inodes, only 128 byte sized. Unfortunately, 256 byte is the default size with many recent Linux distributions.