Disabling NetBIOS and TLS v1.0

eexodus

eexodus

Dabbler
Joined
Aug 31, 2016
Messages
39
I use FreeNAS at work and our overzealous security team is requiring NetBIOS and TLS v1.0 be disabled on FreeNAS. :rolleyes: I don't see any options for disabling either in the GUI on 11.2-U5 so I'm checking in here if anyone has any ideas. Let me know, thanks!
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
The ability to disable the netbios name server will be an 11.3 feature. To prevent samba from being a netbios client you can simply add the auxiliary parameter "disable netbios = yes" under Services->SMB.
 
eexodus

eexodus

Dabbler
Joined
Aug 31, 2016
Messages
39
seanm said:
Overzealous? Sounds like good advice to me.

For NetBIOS, see: https://jira.ixsystems.com/browse/NAS-101378

For TLS, I dunno, but I'd like to. To get TLS 1.3 though, we'll probably have to wait until FreeBSD 12.
Click to expand...

Thanks seanm. I think that disabled NetBIOS. FreeNAS is still responding to nbtstat -A with names but an nmap scan reveals port 139 is now closed. To disable TLSv1 I coped /etc/local/nginx/nginx.conf to /root and removed TLSv1 from this copy. Then I created a short bash script that cp's /root/nginx.conf to /etc/local/nginx/nginx.conf and then runs service nginx restart. This is set to run through a Task -> Init/Shutdown Script. It simply runs: /bin/bash /root/tlsv1-disable.bash

Probably not kosher in FreeNAS-land, but its a hacky fix that works for me until TLSv1 is patched out.
 
You must log in or register to reply here.

Similar threads

K
  • Locked
How do you disable NetBios?
Replies
4
Views
3K
kjstech
K
B
Disable TLS v1.0 and 1.1
Replies
12
Views
3K
seanm
S
D
Disable http and TLS 1.0
Replies
9
Views
3K
ciscoguy
C
philiplu
  • Locked
Jail's alias IP taking over netbios name
Replies
6
Views
3K
philiplu
philiplu
K
  • Locked
DenyHosts and Sending Email
Replies
1
Views
3K
kiwijase
K
Top