Protecting the Shell at Console

[brandonpoc]

Is there a way to either disable or, more appropriately, password-protect the Shell option in the console? I don't want anyone being able to sit-down and take command of all of the files that I have used the GELI encryption on, and thus defeating the purpose. Password-protecting some of the other options may be a good idea, too; is there anyway to achieve any of this?

Or, how would one edit the scripts controlling the menu and get the modifications to stick and not be refreshed to originals at boot? I ask because, if there is no such option to password-protect and/or disable certain console menu items like shell, I would like to implement my own. I'd like the adversary (or snooping friend, whatever!) to at least have to beat the password out of me with a rubber hose and hot curling iron :D.

Thanks in advance, FreeNAS is great software!

Brandon

 

[brandonpoc]

I see there is a way to disable it -- does this persist over reboots? I'd assume not. How can we get a password protected console to persist over reboot?

Thanks
Brandon

 

[Caesar]

the entire webpage can be password protected isnt that enough?

 

[warri]

I think he means the local shell.

 

[Caesar]

oops my bad... my install is headless so I kinda forgot about that.

 

[brandonpoc]

I think he means the local shell.

Yes -- is there anyway to do this? And if not, what scripts or program source would have to be altered to provide this functionality?

Thanks,

Brandon

 

[William Grzybowski]

You can disable it from the WebGUI... Settings->Advanced tab

 

[brandonpoc]

You can disable it from the WebGUI... Settings->Advanced tab

Keeping that in mind, should something happen to where I need console access, how would I re-enable it? Reboot?

Thanks
Brandon

 

[William Grzybowski]

Enable it again in the GUI?

 

[titan_rw]

Keeping that in mind, should something happen to where I need console access, how would I re-enable it? Reboot?

Thanks
Brandon

Just login?

Disabling the console menu doesn't disable the ability to login, it just doesn't give you the nice menu of common tasks.

You get the normal unix style boot, followed by "login:"

Type 'root', then type root's password, and bang, root console.

 

[brandonpoc]

Just login?

Disabling the console menu doesn't disable the ability to login, it just doesn't give you the nice menu of common tasks.

You get the normal unix style boot, followed by "login:"

Type 'root', then type root's password, and bang, root console.

I've noticed that , even though I change the root password either via the web GUI or via the change_password.sh script via the CLI, upon reboot the password resets to nothing (that is, locked; a "*" entry in master.passwd). I checked the check_password script and it is indeed copying /etc/master.passwd and such to /cfg , which I assume to be persistent , but it doesn't seem to matter. Is this how it is supposed to work? The root password just won't stick! And there are times where the root password will revert back after a period of time after changing it without rebooting. Very odd indeed.