From 257ca5bb5b51dd64cc3cbd8b010c80d537bc51f4 Mon Sep 17 00:00:00 2001 From: MicJ Date: Fri, 24 Jan 2025 16:27:01 -0500 Subject: [PATCH 1/4] PD-1419 Add Session Expiration Information to Auditing and System Access Setting This PR adds information on how system session timeout are treated and reflected in audit logging. --- .../SCALE/SCALETutorials/SystemSettings/AuditingSCALE.md | 2 ++ .../SystemSettings/AdvancedSettingsScreen.md | 7 ++++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/content/SCALE/SCALETutorials/SystemSettings/AuditingSCALE.md b/content/SCALE/SCALETutorials/SystemSettings/AuditingSCALE.md index 88c502a2a6..2296eb088c 100644 --- a/content/SCALE/SCALETutorials/SystemSettings/AuditingSCALE.md +++ b/content/SCALE/SCALETutorials/SystemSettings/AuditingSCALE.md @@ -31,6 +31,8 @@ TrueNAS includes a manual page with more information on the [VFS auditing functi ### Session and User Auditing Events {{< expand "Authentication Events" "v" >}} Audit message generated every time a client logs into the TrueNAS UI or an SSH session or makes changes to user credentials. + +TrueNAS terminates inactive sessions when the it reaches the specified timeout limit. If a new session is initiated within a five-minute period, TrueNAS logs the user in as the previously login session. If the log in occurs outside the five-minute period TrueNAS initiates a new websocket session. This activity shows in the audit logs for sessions. {{< /expand >}} {{< expand "Method Call Events" "v" >}} Audit message generated every time the currently logged in user creates a new user account or changes user credentials. diff --git a/content/SCALE/SCALEUIReference/SystemSettings/AdvancedSettingsScreen.md b/content/SCALE/SCALEUIReference/SystemSettings/AdvancedSettingsScreen.md index 0585c3e421..56e98482e3 100644 --- a/content/SCALE/SCALEUIReference/SystemSettings/AdvancedSettingsScreen.md +++ b/content/SCALE/SCALEUIReference/SystemSettings/AdvancedSettingsScreen.md @@ -179,7 +179,7 @@ The **Sysctl** widget displays either **No Sysctl configured** or the existing s **Add** to add a tunable that configures a kernel module parameter at runtime. ### Add or Edit Sysctl Configuration Screen -The **Add Sysctl** or **Edit Sysctl** configuration screen settings let users set up tunables that configure kernel parameters at runtime. +The **Add Sysctl** or **Edit Sysctl** configuration screen settings let users set up tunables to configure kernel parameters at runtime. {{< trueimage src="/images/SCALE/SystemSettings/AddSysctlConfigScreen.png" alt="Sysctl Config Screen" id="Sysctl Config Screen" >}} @@ -233,11 +233,12 @@ It allows administrators to manage other active sessions and to configure the se **Terminate Other Sessions** ends all sessions except for the one you are currently using. You can also end individual sessions by clicking the logout icon next to that session if it is not the admin user session. You must check a confirmation box before the system allows you to end sessions. +TrueNAS terminates inactive sessions when the it reaches the specified timeout limit. If a new session is initiated within a five-minute period, TrueNAS logs the user in as the previously login session. If the log in occurs outside the five-minute period TrueNAS initiates a new websocket session. This activity shows in the audit logs for sessions. The logout button is inactive for your current session and active for all other current sessions. It cannot be used to terminate your current session. -**Session Timeout** displays the configured token duration for your current session (default five minutes). +**Session Timeout** displays the configured token duration for your current session (default is five minutes). TrueNAS logs out user sessions that are inactive for longer than the configured token setting. New activity resets the token counter. @@ -276,7 +277,7 @@ The **Allowed IP Addresses** widget displays IP addresses and networks added to {{< hint type="warning" >}} Entering an IP address to the allowed IP address list denies access to the UI or API for all other IP addresses not listed. -Use only if you want to limit system access to a single or limited number of IP addresses. Leave the list blank to allow all IP addresses. +Use only to limit system access to a single or limited number of IP addresses. Leave the list blank to allow all IP addresses. {{< /hint >}} Click **Add** next to **Allowed IP Addresses** to add an entry to the allowed IP Addresses list. From 9a6a45491b409d8b09fde9187b8142a8b1fd833e Mon Sep 17 00:00:00 2001 From: MicJ <92740932+micjohnson777@users.noreply.github.com> Date: Tue, 28 Jan 2025 15:31:45 -0500 Subject: [PATCH 2/4] Update content/SCALE/SCALETutorials/SystemSettings/AuditingSCALE.md Co-authored-by: linzibelle --- content/SCALE/SCALETutorials/SystemSettings/AuditingSCALE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/SCALE/SCALETutorials/SystemSettings/AuditingSCALE.md b/content/SCALE/SCALETutorials/SystemSettings/AuditingSCALE.md index 2296eb088c..18e10d10ce 100644 --- a/content/SCALE/SCALETutorials/SystemSettings/AuditingSCALE.md +++ b/content/SCALE/SCALETutorials/SystemSettings/AuditingSCALE.md @@ -32,7 +32,7 @@ TrueNAS includes a manual page with more information on the [VFS auditing functi {{< expand "Authentication Events" "v" >}} Audit message generated every time a client logs into the TrueNAS UI or an SSH session or makes changes to user credentials. -TrueNAS terminates inactive sessions when the it reaches the specified timeout limit. If a new session is initiated within a five-minute period, TrueNAS logs the user in as the previously login session. If the log in occurs outside the five-minute period TrueNAS initiates a new websocket session. This activity shows in the audit logs for sessions. +TrueNAS terminates inactive sessions when it reaches the specified timeout limit. If a new session is initiated within a five-minute period, TrueNAS logs the user in as the previously logged in session. If the log in occurs outside the five-minute period TrueNAS initiates a new websocket session. This activity shows in the audit logs for sessions. {{< /expand >}} {{< expand "Method Call Events" "v" >}} Audit message generated every time the currently logged in user creates a new user account or changes user credentials. From e8a8f46edc29a848c17557852c63b7a7a19398aa Mon Sep 17 00:00:00 2001 From: MicJ <92740932+micjohnson777@users.noreply.github.com> Date: Thu, 30 Jan 2025 14:54:59 -0500 Subject: [PATCH 3/4] Update AdvancedSettingsScreen.md Changed line 235 --- .../SCALEUIReference/SystemSettings/AdvancedSettingsScreen.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/SCALE/SCALEUIReference/SystemSettings/AdvancedSettingsScreen.md b/content/SCALE/SCALEUIReference/SystemSettings/AdvancedSettingsScreen.md index e76e18c718..7b5f22ef8b 100644 --- a/content/SCALE/SCALEUIReference/SystemSettings/AdvancedSettingsScreen.md +++ b/content/SCALE/SCALEUIReference/SystemSettings/AdvancedSettingsScreen.md @@ -232,7 +232,7 @@ It allows administrators to manage other active sessions and configure the sessi **Terminate Other Sessions** ends all sessions except the active session for the logged-in admin user. You can also end individual sessions by clicking the logout icon next to that session if it is not the admin user session. You must check a confirmation box before the system allows you to end sessions. -TrueNAS terminates inactive sessions when the it reaches the specified timeout limit. If a new session is initiated within a five-minute period, TrueNAS logs the user in as the previously login session. If the log in occurs outside the five-minute period TrueNAS initiates a new websocket session. This activity shows in the audit logs for sessions. +TrueNAS terminates inactive sessions when the it reaches the specified timeout limit. If a new session is initiated within a five-minute period, TrueNAS logs the user in as the previously login session. If the log in occurs outside the five-minute period TrueNAS initiates a new websocket session. The logout button is inactive for your current session and active for all other current sessions. It cannot be used to terminate your current session. From 496ac6a9526707edca31431fe1ee600e14af408e Mon Sep 17 00:00:00 2001 From: MicJ <92740932+micjohnson777@users.noreply.github.com> Date: Thu, 30 Jan 2025 14:55:32 -0500 Subject: [PATCH 4/4] Update AuditingSCALE.md changed line 35 --- content/SCALE/SCALETutorials/SystemSettings/AuditingSCALE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/SCALE/SCALETutorials/SystemSettings/AuditingSCALE.md b/content/SCALE/SCALETutorials/SystemSettings/AuditingSCALE.md index 18e10d10ce..f0fbd6dc16 100644 --- a/content/SCALE/SCALETutorials/SystemSettings/AuditingSCALE.md +++ b/content/SCALE/SCALETutorials/SystemSettings/AuditingSCALE.md @@ -32,7 +32,7 @@ TrueNAS includes a manual page with more information on the [VFS auditing functi {{< expand "Authentication Events" "v" >}} Audit message generated every time a client logs into the TrueNAS UI or an SSH session or makes changes to user credentials. -TrueNAS terminates inactive sessions when it reaches the specified timeout limit. If a new session is initiated within a five-minute period, TrueNAS logs the user in as the previously logged in session. If the log in occurs outside the five-minute period TrueNAS initiates a new websocket session. This activity shows in the audit logs for sessions. +TrueNAS terminates inactive sessions when it reaches the specified timeout limit. If a new session is initiated within a five-minute period, TrueNAS logs the user in as the previously logged in session. If the log in occurs outside the five-minute period TrueNAS initiates a new websocket session. {{< /expand >}} {{< expand "Method Call Events" "v" >}} Audit message generated every time the currently logged in user creates a new user account or changes user credentials.