Iron-Legion/documentation
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add TrueNAS hardening changelog JSONL - 2026-06-02

Browse Source
This commit is contained in:
F.R.I.D.A.Y.
2026-06-02 09:34:44 -04:00
parent 9372e0fe69
commit 5ef8314c0e
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
audits/2026-06-02-truenas-hardening-changelog.jsonl Normal file
View File

@@ -0,0 +1,16 @@
{"timestamp": "2026-06-02T13:23:15.746711+00:00", "dataset": "ISOs", "action": "nfs_restrict", "before": {"id": 3, "path": "/mnt/Ice/ISOs", "aliases": [], "comment": "", "networks": [], "hosts": [], "ro": false, "maproot_user": null, "maproot_group": null, "mapall_user": null, "mapall_group": null, "security": [], "enabled": true, "locked": false, "expose_snapshots": false}, "after": {"id": 3, "path": "/mnt/Ice/ISOs", "aliases": [], "comment": "", "networks": ["192.168.0.0/18"], "hosts": [], "ro": false, "maproot_user": "nobody", "maproot_group": "nogroup", "mapall_user": null, "mapall_group": null, "security": [], "enabled": true, "locked": false, "expose_snapshots": false}}
{"timestamp": "2026-06-02T13:23:17.898501+00:00", "dataset": "ISOs", "action": "smb_readonly", "before": {"id": 3, "purpose": "DEFAULT_SHARE", "name": "ISOs", "path": "/mnt/Ice/ISOs", "enabled": true, "comment": "", "readonly": false, "browsable": true, "access_based_share_enumeration": false, "locked": false, "audit": {"enable": false, "watch_list": [], "ignore_list": []}, "options": {"aapl_name_mangling": false, "hostsallow": [], "hostsdeny": []}}, "after": {"id": 3, "purpose": "DEFAULT_SHARE", "name": "ISOs", "path": "/mnt/Ice/ISOs", "enabled": true, "comment": "", "readonly": true, "browsable": true, "access_based_share_enumeration": false, "locked": false, "audit": {"enable": false, "watch_list": [], "ignore_list": []}, "options": {"aapl_name_mangling": false, "hostsallow": [], "hostsdeny": []}}}
{"timestamp": "2026-06-02T13:23:18.873819+00:00", "dataset": "ISOs", "action": "acl_remove_everyone", "before": {"path": "/mnt/Ice/ISOs", "user": null, "group": null, "uid": 0, "gid": 0, "acltype": "NFS4", "acl": [{"tag": "owner@", "type": "ALLOW", "perms": {"BASIC": "FULL_CONTROL"}, "flags": {"BASIC": "NOINHERIT"}, "id": -1, "who": null}, {"tag": "group@", "type": "ALLOW", "perms": {"BASIC": "FULL_CONTROL"}, "flags": {"BASIC": "NOINHERIT"}, "id": -1, "who": null}, {"tag": "everyone@", "type": "ALLOW", "perms": {"BASIC": "READ"}, "flags": {"BASIC": "NOINHERIT"}, "id": -1, "who": null}, {"tag": "USER", "type": "ALLOW", "perms": {"BASIC": "FULL_CONTROL"}, "flags": {"BASIC": "INHERIT"}, "id": 3001, "who": null}, {"tag": "USER", "type": "ALLOW", "perms": {"BASIC": "TRAVERSE"}, "flags": {"BASIC": "INHERIT"}, "id": 986, "who": null}], "aclflags": {"autoinherit": false, "protected": false, "defaulted": false}, "trivial": false}, "after": 46730}
{"timestamp": "2026-06-02T13:23:39.838810+00:00", "dataset": "Archive", "action": "nfs_restrict", "before": {"id": 1, "path": "/mnt/Ice/Archive", "aliases": [], "comment": "", "networks": [], "hosts": [], "ro": false, "maproot_user": null, "maproot_group": null, "mapall_user": null, "mapall_group": null, "security": [], "enabled": true, "locked": false, "expose_snapshots": false}, "after": {"id": 1, "path": "/mnt/Ice/Archive", "aliases": [], "comment": "", "networks": ["192.168.0.0/18"], "hosts": [], "ro": false, "maproot_user": "nobody", "maproot_group": "nogroup", "mapall_user": null, "mapall_group": null, "security": [], "enabled": true, "locked": false, "expose_snapshots": false}}
{"timestamp": "2026-06-02T13:23:41.521837+00:00", "dataset": "Archive", "action": "smb_access_based_enumeration", "before": {"id": 1, "purpose": "DEFAULT_SHARE", "name": "Archive", "path": "/mnt/Ice/Archive", "enabled": true, "comment": "", "readonly": false, "browsable": true, "access_based_share_enumeration": false, "locked": false, "audit": {"enable": false, "watch_list": [], "ignore_list": []}, "options": {"aapl_name_mangling": false, "hostsallow": [], "hostsdeny": []}}, "after": {"id": 1, "purpose": "DEFAULT_SHARE", "name": "Archive", "path": "/mnt/Ice/Archive", "enabled": true, "comment": "", "readonly": false, "browsable": true, "access_based_share_enumeration": true, "locked": false, "audit": {"enable": false, "watch_list": [], "ignore_list": []}, "options": {"aapl_name_mangling": false, "hostsallow": [], "hostsdeny": []}}}
{"timestamp": "2026-06-02T13:23:42.623695+00:00", "dataset": "Archive", "action": "acl_remove_everyone", "before": {"path": "/mnt/Ice/Archive", "user": null, "group": null, "uid": 0, "gid": 568, "acltype": "NFS4", "acl": [{"tag": "owner@", "type": "ALLOW", "perms": {"READ_DATA": true, "WRITE_DATA": true, "APPEND_DATA": true, "READ_NAMED_ATTRS": true, "WRITE_NAMED_ATTRS": true, "EXECUTE": true, "DELETE": false, "DELETE_CHILD": true, "READ_ATTRIBUTES": true, "WRITE_ATTRIBUTES": true, "READ_ACL": true, "WRITE_ACL": true, "WRITE_OWNER": true, "SYNCHRONIZE": true}, "flags": {"BASIC": "NOINHERIT"}, "id": -1, "who": null}, {"tag": "group@", "type": "ALLOW", "perms": {"READ_DATA": true, "WRITE_DATA": true, "APPEND_DATA": true, "READ_NAMED_ATTRS": true, "WRITE_NAMED_ATTRS": false, "EXECUTE": true, "DELETE": false, "DELETE_CHILD": true, "READ_ATTRIBUTES": true, "WRITE_ATTRIBUTES": false, "READ_ACL": true, "WRITE_ACL": false, "WRITE_OWNER": false, "SYNCHRONIZE": true}, "flags": {"BASIC": "NOINHERIT"}, "id": -1, "who": null}, {"tag": "everyone@", "type": "ALLOW", "perms": {"READ_DATA": false, "WRITE_DATA": false, "APPEND_DATA": false, "READ_NAMED_ATTRS": true, "WRITE_NAMED_ATTRS": false, "EXECUTE": false, "DELETE": false, "DELETE_CHILD": false, "READ_ATTRIBUTES": true, "WRITE_ATTRIBUTES": false, "READ_ACL": true, "WRITE_ACL": false, "WRITE_OWNER": false, "SYNCHRONIZE": true}, "flags": {"BASIC": "NOINHERIT"}, "id": -1, "who": null}], "aclflags": {"autoinherit": false, "protected": false, "defaulted": false}, "trivial": true}, "after": 46743}
{"timestamp": "2026-06-02T13:24:18.519424+00:00", "dataset": "lab-dash", "action": "smb_access_based_enumeration", "before": {"id": 5, "purpose": "DEFAULT_SHARE", "name": "lab-dash", "path": "/mnt/FastPool/dockge/configs/lab-dash", "enabled": true, "comment": "", "readonly": false, "browsable": true, "access_based_share_enumeration": false, "locked": false, "audit": {"enable": false, "watch_list": [], "ignore_list": []}, "options": {"aapl_name_mangling": false, "hostsallow": [], "hostsdeny": []}}, "after": {"id": 5, "purpose": "DEFAULT_SHARE", "name": "lab-dash", "path": "/mnt/FastPool/dockge/configs/lab-dash", "enabled": true, "comment": "", "readonly": false, "browsable": true, "access_based_share_enumeration": true, "locked": false, "audit": {"enable": false, "watch_list": [], "ignore_list": []}, "options": {"aapl_name_mangling": false, "hostsallow": [], "hostsdeny": []}}}
{"timestamp": "2026-06-02T13:24:19.543463+00:00", "dataset": "lab-dash", "action": "acl_remove_everyone", "before": {"path": "/mnt/FastPool/dockge/configs/lab-dash", "user": null, "group": null, "uid": 0, "gid": 0, "acltype": "NFS4", "acl": [{"tag": "owner@", "type": "ALLOW", "perms": {"BASIC": "FULL_CONTROL"}, "flags": {"BASIC": "INHERIT"}, "id": -1, "who": null}, {"tag": "group@", "type": "ALLOW", "perms": {"BASIC": "MODIFY"}, "flags": {"BASIC": "INHERIT"}, "id": -1, "who": null}, {"tag": "GROUP", "type": "ALLOW", "perms": {"BASIC": "FULL_CONTROL"}, "flags": {"BASIC": "INHERIT"}, "id": 545, "who": null}, {"tag": "GROUP", "type": "ALLOW", "perms": {"BASIC": "FULL_CONTROL"}, "flags": {"BASIC": "INHERIT"}, "id": 544, "who": null}], "aclflags": {"autoinherit": false, "protected": false, "defaulted": false}, "trivial": false}, "after": 46748}
{"timestamp": "2026-06-02T13:24:21.339419+00:00", "dataset": "arr-zimaos", "action": "smb_access_based_enumeration", "before": {"id": 8, "purpose": "MULTIPROTOCOL_SHARE", "name": "arr-zimaos", "path": "/mnt/Ice/Backup/Arr-ZimaOS", "enabled": true, "comment": "", "readonly": false, "browsable": true, "access_based_share_enumeration": false, "locked": false, "audit": {"enable": false, "watch_list": [], "ignore_list": []}, "options": {"aapl_name_mangling": false, "hostsallow": [], "hostsdeny": []}}, "after": {"id": 8, "purpose": "MULTIPROTOCOL_SHARE", "name": "arr-zimaos", "path": "/mnt/Ice/Backup/Arr-ZimaOS", "enabled": true, "comment": "", "readonly": false, "browsable": true, "access_based_share_enumeration": true, "locked": false, "audit": {"enable": false, "watch_list": [], "ignore_list": []}, "options": {"aapl_name_mangling": false, "hostsallow": [], "hostsdeny": []}}}
{"timestamp": "2026-06-02T13:24:22.410784+00:00", "dataset": "arr-zimaos", "action": "acl_remove_everyone", "before": {"path": "/mnt/Ice/Backup/Arr-ZimaOS", "user": null, "group": null, "uid": 0, "gid": 0, "acltype": "NFS4", "acl": [{"tag": "owner@", "type": "ALLOW", "perms": {"BASIC": "FULL_CONTROL"}, "flags": {"BASIC": "INHERIT"}, "id": -1, "who": null}, {"tag": "group@", "type": "ALLOW", "perms": {"BASIC": "MODIFY"}, "flags": {"BASIC": "NOINHERIT"}, "id": -1, "who": null}, {"tag": "everyone@", "type": "ALLOW", "perms": {"BASIC": "TRAVERSE"}, "flags": {"BASIC": "NOINHERIT"}, "id": -1, "who": null}, {"tag": "USER", "type": "ALLOW", "perms": {"BASIC": "FULL_CONTROL"}, "flags": {"BASIC": "INHERIT"}, "id": 3001, "who": null}], "aclflags": {"autoinherit": false, "protected": false, "defaulted": false}, "trivial": false}, "after": 46753}
{"timestamp": "2026-06-02T13:25:33.784352+00:00", "dataset": "hermes_agent", "action": "smb_access_based_enumeration", "before": {"id": 9, "purpose": "MULTIPROTOCOL_SHARE", "name": "hermes_agent", "path": "/mnt/FastPool/dockge/configs/hermes_agent", "enabled": true, "comment": "", "readonly": false, "browsable": true, "access_based_share_enumeration": false, "locked": false, "audit": {"enable": false, "watch_list": [], "ignore_list": []}, "options": {"aapl_name_mangling": false, "hostsallow": [], "hostsdeny": []}}, "after": {"id": 9, "purpose": "MULTIPROTOCOL_SHARE", "name": "hermes_agent", "path": "/mnt/FastPool/dockge/configs/hermes_agent", "enabled": true, "comment": "", "readonly": false, "browsable": true, "access_based_share_enumeration": true, "locked": false, "audit": {"enable": false, "watch_list": [], "ignore_list": []}, "options": {"aapl_name_mangling": false, "hostsallow": [], "hostsdeny": []}}}
{"timestamp": "2026-06-02T13:25:34.296749+00:00", "dataset": "hermes_agent", "action": "acl_already_minimal", "before": {"path": "/mnt/FastPool/dockge/configs/hermes_agent", "user": null, "group": null, "uid": 0, "gid": 568, "acltype": "POSIX1E", "acl": [{"tag": "USER_OBJ", "perms": {"READ": true, "WRITE": true, "EXECUTE": true}, "default": false, "id": -1, "who": null}, {"tag": "GROUP_OBJ", "perms": {"READ": true, "WRITE": true, "EXECUTE": true}, "default": false, "id": -1, "who": null}, {"tag": "OTHER", "perms": {"READ": true, "WRITE": true, "EXECUTE": true}, "default": false, "id": -1, "who": null}], "trivial": true}, "after": {"path": "/mnt/FastPool/dockge/configs/hermes_agent", "user": null, "group": null, "uid": 0, "gid": 568, "acltype": "POSIX1E", "acl": [{"tag": "USER_OBJ", "perms": {"READ": true, "WRITE": true, "EXECUTE": true}, "default": false, "id": -1, "who": null}, {"tag": "GROUP_OBJ", "perms": {"READ": true, "WRITE": true, "EXECUTE": true}, "default": false, "id": -1, "who": null}, {"tag": "OTHER", "perms": {"READ": true, "WRITE": true, "EXECUTE": true}, "default": false, "id": -1, "who": null}], "trivial": true}}
{"timestamp": "2026-06-02T13:26:12.388923+00:00", "dataset": "Repo", "action": "nfs_restrict", "before": {"id": 6, "path": "/mnt/Ice/Repo", "aliases": [], "comment": "", "networks": [], "hosts": [], "ro": false, "maproot_user": null, "maproot_group": null, "mapall_user": null, "mapall_group": null, "security": [], "enabled": true, "locked": false, "expose_snapshots": false}, "after": {"id": 6, "path": "/mnt/Ice/Repo", "aliases": [], "comment": "", "networks": ["192.168.0.0/18"], "hosts": [], "ro": false, "maproot_user": "nobody", "maproot_group": "nogroup", "mapall_user": null, "mapall_group": null, "security": [], "enabled": true, "locked": false, "expose_snapshots": false}}
{"timestamp": "2026-06-02T13:26:13.721341+00:00", "dataset": "Repo", "action": "smb_access_based_enumeration", "before": {"id": 7, "purpose": "DEFAULT_SHARE", "name": "Repo", "path": "/mnt/Ice/Repo", "enabled": true, "comment": "", "readonly": false, "browsable": true, "access_based_share_enumeration": false, "locked": false, "audit": {"enable": false, "watch_list": [], "ignore_list": []}, "options": {"aapl_name_mangling": false, "hostsallow": [], "hostsdeny": []}}, "after": {"id": 7, "purpose": "DEFAULT_SHARE", "name": "Repo", "path": "/mnt/Ice/Repo", "enabled": true, "comment": "", "readonly": false, "browsable": true, "access_based_share_enumeration": true, "locked": false, "audit": {"enable": false, "watch_list": [], "ignore_list": []}, "options": {"aapl_name_mangling": false, "hostsallow": [], "hostsdeny": []}}}
{"timestamp": "2026-06-02T13:26:14.846935+00:00", "dataset": "Repo", "action": "acl_remove_everyone", "before": {"path": "/mnt/Ice/Repo", "user": null, "group": null, "uid": 0, "gid": 568, "acltype": "NFS4", "acl": [{"tag": "owner@", "type": "ALLOW", "perms": {"READ_DATA": true, "WRITE_DATA": true, "APPEND_DATA": true, "READ_NAMED_ATTRS": true, "WRITE_NAMED_ATTRS": true, "EXECUTE": true, "DELETE": false, "DELETE_CHILD": true, "READ_ATTRIBUTES": true, "WRITE_ATTRIBUTES": true, "READ_ACL": true, "WRITE_ACL": true, "WRITE_OWNER": true, "SYNCHRONIZE": true}, "flags": {"BASIC": "NOINHERIT"}, "id": -1, "who": null}, {"tag": "group@", "type": "ALLOW", "perms": {"READ_DATA": true, "WRITE_DATA": true, "APPEND_DATA": true, "READ_NAMED_ATTRS": true, "WRITE_NAMED_ATTRS": false, "EXECUTE": true, "DELETE": false, "DELETE_CHILD": true, "READ_ATTRIBUTES": true, "WRITE_ATTRIBUTES": false, "READ_ACL": true, "WRITE_ACL": false, "WRITE_OWNER": false, "SYNCHRONIZE": true}, "flags": {"BASIC": "NOINHERIT"}, "id": -1, "who": null}, {"tag": "everyone@", "type": "ALLOW", "perms": {"READ_DATA": true, "WRITE_DATA": true, "APPEND_DATA": true, "READ_NAMED_ATTRS": true, "WRITE_NAMED_ATTRS": false, "EXECUTE": true, "DELETE": false, "DELETE_CHILD": true, "READ_ATTRIBUTES": true, "WRITE_ATTRIBUTES": false, "READ_ACL": true, "WRITE_ACL": false, "WRITE_OWNER": false, "SYNCHRONIZE": true}, "flags": {"BASIC": "NOINHERIT"}, "id": -1, "who": null}], "aclflags": {"autoinherit": false, "protected": false, "defaulted": false}, "trivial": true}, "after": 46772}
{"timestamp": "2026-06-02T13:27:11.126868+00:00", "dataset": "Backup", "action": "nfs_restrict", "before": {"id": 2, "path": "/mnt/Ice/Backup", "aliases": [], "comment": "", "networks": [], "hosts": [], "ro": false, "maproot_user": null, "maproot_group": null, "mapall_user": null, "mapall_group": null, "security": [], "enabled": true, "locked": false, "expose_snapshots": false}, "after": {"id": 2, "path": "/mnt/Ice/Backup", "aliases": [], "comment": "", "networks": ["192.168.0.0/18"], "hosts": [], "ro": false, "maproot_user": "nobody", "maproot_group": "nogroup", "mapall_user": null, "mapall_group": null, "security": [], "enabled": true, "locked": false, "expose_snapshots": false}}