Netgate 1100(on 22.05-Release) can no longer update nor install apps
-
Ah, interesting. Hmm, you actually disabled the admin account?
-
@stephenw10 Yeah, I was mimic'ing the recommendations from some NAS vendors : create an alternative admin account and disable the default admin account.
Minor security-by-obscurity attempt I guess.
-
@davidylau said in Netgate 1100(on 22.05-Release) can no longer update nor install apps:
Yeah, I was mimic'ing the recommendations from some NAS vendors
NASs are not firewalls/router.
The first shares resources among a lot of users. All these users have typically their own login ID and password. 'root' or admin can access all resources (files) of all users.Firewall share ..... nothing, and are administrated, as a NAS, by typically one user, the admin.
If you think the admin account is exposed, their is one easy and final solution : accept admin logins into pfSense only to from your IP, on the pfsense LAN interface.
For daily use, create other interfaces for yourself, friends, family, co-workers or visitors, and block the admin access (block the access to pfsense itself) on all these interfaces.
If you need to admin pfsense, hook yourself physically up to the LAN interface.
Lock pfSense up in a physical non accessible place and you'll be fine.Btw : I'm doing the same thing with my Synology NAS : I don't care about their advise that I should rename my admin account : it accepts admin access only from my device, my IP on its LAN. Added a double auth to the admin account, and I feel safe enough.
-
off-topic:
Me too do not follow these advise! I guess OP is using a QNAP NAS.
QNAP indeed recommends to disable the origin admin account and use an alternative admin account instead.
That is because a very large number of users did expose their NAS without any security to internet and was attacked and hacked with malware/ransomware.
But even when doing so at a QNAP, the alternative admin does not have all privileges, even with sudo some things wont work.
A significant count of apps do not work or cant be installed, because they refer "hard-coded" to the origin admin account.
So this advise is really "security-by-obscurity".Regards
-
Hmm, that's curious. I can't replicate that here, and I didn't expect to be able to.
How exactly did you disable the account?There are some things that must be run as admin/root but the gui processes always do that.
Steve
-
@gertjan Thanks for the comment.
I had already implemented the other steps you mentioned.
-
@fsc830 Thanks for the comment.
Which other QNAP apps won't work with another admin account? I haven't experienced that.
-
@stephenw10 How I disabled the admin account:
System>User Manager>Users>Edit , I clicked the "Disable, This user cannot login" button.
-
Mmm, by itself that should not cause a problem with the pkg system. I wonder if it was failing for some other related reason. Are you able to recreate it? No worries if not.
Steve
-
@stephenw10 I'd rather not muck with the fire-wall as my house has multiple users who need internet most of the time :-)
FWIW, I don't remember changing anything else to get the package manager working again.
