Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

Disabling NetBIOS and TLS v1.0

eexodus

Newbie
Joined
Aug 31, 2016
Messages
34
I use FreeNAS at work and our overzealous security team is requiring NetBIOS and TLS v1.0 be disabled on FreeNAS. :rolleyes: I don't see any options for disabling either in the GUI on 11.2-U5 so I'm checking in here if anyone has any ideas. Let me know, thanks!
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
5,878
The ability to disable the netbios name server will be an 11.3 feature. To prevent samba from being a netbios client you can simply add the auxiliary parameter "disable netbios = yes" under Services->SMB.
 

eexodus

Newbie
Joined
Aug 31, 2016
Messages
34
Overzealous? Sounds like good advice to me.

For NetBIOS, see: https://jira.ixsystems.com/browse/NAS-101378

For TLS, I dunno, but I'd like to. To get TLS 1.3 though, we'll probably have to wait until FreeBSD 12.
Thanks seanm. I think that disabled NetBIOS. FreeNAS is still responding to nbtstat -A with names but an nmap scan reveals port 139 is now closed. To disable TLSv1 I coped /etc/local/nginx/nginx.conf to /root and removed TLSv1 from this copy. Then I created a short bash script that cp's /root/nginx.conf to /etc/local/nginx/nginx.conf and then runs service nginx restart. This is set to run through a Task -> Init/Shutdown Script. It simply runs: /bin/bash /root/tlsv1-disable.bash

Probably not kosher in FreeNAS-land, but its a hacky fix that works for me until TLSv1 is patched out.
 
Top