secure root shell access after boot?

[jjb2018]

Hello,

I've recently started using FreeNAS, and I have a small server set up in my office. I've noticed that if I boot the machine, with a monitor attached, then in the options menu (in the terminal interface after booting, not in the webUI), there is an option 9 for "Shell". This just immediately gives access to a root shell prompt, without any password required ..... I have definitely set a root password though. There must be a way to secure this? I obviously don't want anybody to be able to connect a monitor to the server and get root access with such ease! I'm using 11.2 U3.

Thanks - JB

 

[Chris Moore]

The server is meant to be in a secure physical location as anyone that has physical access to the system can crack into it regardless of any password you have set.

 

[jjb2018]

Hi Chris - thanks for the quick response. I hear what you're saying, and generally i do trust my colleagues, but for me with my particular server this is a security hole I'd like to plug if possible. Is there a way to get a password prompt for this console shell option?

 

[danb35]

There's an option in the web GUI to turn off the console menu.

 

[jjb2018]

There's an option in the web GUI to turn off the console menu.

Thanks - found the option. Just what I wanted.

 

[Chris Moore]

Thanks - found the option. Just what I wanted.

After you turn that off, it should prompt you for a password on the local console, but once you login, you are sitting at a command prompt with no menu. The menu can be very handy if you have a problem accessing the web GUI.
If you want to get the menu, you give this command at the prompt: /usr/libexec/getty freenas

 

[jjb2018]

Awesome, thanks Chris.

 

[danb35]

If you want to get the menu, you give this command at the prompt: /usr/libexec/getty freenas

...or just /etc/netcli (you'll have to ask iX why they thought putting executables in /etc/ was a good idea).