How to harden the setup?

[amrap030]

Hello, thank you very much for your instructions, it worked like a charm :)

You mentioned that the instructions are for a test environment, for a production environment it should be hardened. Could you maybe add instructions for hardening etc. or give us some options on what could be done additionally to harden the setup?

Thank you in advance!

[fenio]

I skipped hardening as it would make whole guide really complicated and hard to follow. What I could recommend at least for start is:

• NFS - switch to version 4 and start using Kerberos / GSS based authentication If you really want to stay on NFSv3 then at least configure your exports to allow only connections from trusted hosts.
• iSCSI - it supports much more sophisticated auth mechanisms. I just skipped them to make guide easier but you can enable authorization in iSCSI setup in TrueNAS Scale and set up clients / passwords.

In general just be aware that without further hardening basically anyone can mount your shares and that's definitely something you'd like to avoid. For playground it's fine but you really have to dig further to make such setup production ready.