Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

Disabling NetBIOS and TLS v1.0

Joined
Aug 31, 2016
Messages
33
Thanks
1
#1
I use FreeNAS at work and our overzealous security team is requiring NetBIOS and TLS v1.0 be disabled on FreeNAS. :rolleyes: I don't see any options for disabling either in the GUI on 11.2-U5 so I'm checking in here if anyone has any ideas. Let me know, thanks!
 

anodos

Belly-button Lint Extraordinaire
iXsystems
Joined
Mar 6, 2014
Messages
5,478
Thanks
1,513
#5
The ability to disable the netbios name server will be an 11.3 feature. To prevent samba from being a netbios client you can simply add the auxiliary parameter "disable netbios = yes" under Services->SMB.
 
Joined
Aug 31, 2016
Messages
33
Thanks
1
#6
Overzealous? Sounds like good advice to me.

For NetBIOS, see: https://jira.ixsystems.com/browse/NAS-101378

For TLS, I dunno, but I'd like to. To get TLS 1.3 though, we'll probably have to wait until FreeBSD 12.
Thanks seanm. I think that disabled NetBIOS. FreeNAS is still responding to nbtstat -A with names but an nmap scan reveals port 139 is now closed. To disable TLSv1 I coped /etc/local/nginx/nginx.conf to /root and removed TLSv1 from this copy. Then I created a short bash script that cp's /root/nginx.conf to /etc/local/nginx/nginx.conf and then runs service nginx restart. This is set to run through a Task -> Init/Shutdown Script. It simply runs: /bin/bash /root/tlsv1-disable.bash

Probably not kosher in FreeNAS-land, but its a hacky fix that works for me until TLSv1 is patched out.
 
Top