Not (yet) implemented, but it is planned to add "fail2ban" via a plugin by the third party plugin developers. This Plugin could take care of such attacks.
BTW: Before you now say something like "why don't gets this implemented into the core?". Think about the target of OpenMediaVault. It is designed for home/soho environment. Therefore such feature would be overkill for this 'target'.
Greetings
David
Glad to know about that 
Zitat von "davidh2k"BTW: Before you now say something like "why don't gets this implemented into the core?".
I never said that though. Still, for home or not, basic security precautions is never overkill IMO.
Thanks for your response
Well, I don't think the interface should be opened to the internet. Keep it behind a firewall and when the openvpn plugin is done connect via it.
Zitat von "tekkbebe"Well, I don't think the interface should be opened to the internet. Keep it behind a firewall and when the openvpn plugin is done connect via it.
Bingo!
Zitat von "davidh2k"..... Think about the target of OpenMediaVault. It is designed for home/soho environment. Therefore such feature would be overkill for this 'target'.
OMV can do it's job not only in these environments, it is absolutely able to serve in enterprise environments, but this is not the point. A NAS is a storage device and not meant to replace a full featured firewall, even at home. It has a basic firewall to manage tcp ports, but this is IMHO sufficient for a storage device. I would never connect a NAS directly to the web, it's place is in the inner network or in a DMZ, but always behind a firewall device.
Zitat von "datadigger"
OMV can do it's job not only in these environments, it is absolutely able to serve in enterprise environments, but this is not the point. A NAS is a storage device and not meant to replace a full featured firewall, even at home. It has a basic firewall to manage tcp ports, but this is IMHO sufficient for a storage device. I would never connect a NAS directly to the web, it's place is in the inner network or in a DMZ, but always behind a firewall device.
Of course it even is able to serve small to medium Office requirements. But Volker choose that target for OpenMediaVault, because of that some business type features won't be implemented by Volker into the core or as a core plugin.
Greetings
David
Zitat von "tekkbebe"Well, I don't think the interface should be opened to the internet. Keep it behind a firewall and when the openvpn plugin is done connect via it.
Perhaps, but sometimes it might be useful to get external access to the web interface.
I was not aware of that openvpn plugin. Looks like a better solution
Yes ... for example OwnCloud must be enabled from ALL. But how to secure this? Bruteforce attack is expected.
Zitat von "Nazgulled"
Perhaps, but sometimes it might be useful to get external access to the web interface.
I was not aware of that openvpn plugin. Looks like a better solution
AFAIK there is no option via owncloud itself. BUT it is also possible via fail2ban.
Zitat von "WastlJ"AFAIK there is no option via owncloud itself. BUT it is also possible via fail2ban.
Which SVS is working on the plugin
I´m already refreshing the dev section every 10 seconds. 
So what I want say, I´m also waiting for it. And I promised it in the plugins v3 thread. It´ll win
fail2ban and similar solution have little problem - small posibilities OMV firewall webgui. It does not allow to define own chains and jump target.
IPSET framework is also very useful - external scripts wrote into ipset, not into netfilter tables. And iptables loading (iptables-restore binary called internally from WEBGUI) not affect this rules.
Ipset also very, very fast ... comparing to large netfilter tables.
If you are paranoid don't open the web-gui to the net, period. Use an OpenVPN plugin. Access your lan via that. Then if you still paranoid have the http access to the web-gui limited to the lan via 192.168.1.0/24 (source lan or source ip) in your firerwall rule. Don't limit the https access in this manner and you can access the web-gui via ssl while connected to your lan via openvpn, while not having port 443 open to the internet.
Easy.
Maybe supporting https://packages.debian.org/wheezy/libpam-shield or https://packages.debian.org/wheezy/libpam-abl would be a fine feature. If requested, please open a feature request.
Zitat von "tekkbebe"If you are paranoid don't open the web-gui to the net, period. Use an OpenVPN plugin.
yes ... install openvpn everywhere! You are insane? Many users need access (secure ...) from many devices. Windows, linux, android, ios, firefoxos ... media players, and so on. Most devices are in environment without root permissions (for example in employment).
Password-only authorization is not very secure, if bruteforce attack is possible.
If you don't see requirement of this feature, don't answer ... many others of us have this need. Period.
Users will be blocked for 180sec after 3 failed WebGUI login attempts. See http://sourceforge.net/p/openmediavault/code/1084. Will be available in openmediavault 0.6.0.10.
Zitat von "ludvik"yes ... install openvpn everywhere! You are insane? Many users need access (secure ...) from many devices. Windows, linux, android, ios, firefoxos ... media players, and so on. Most devices are in environment without root permissions (for example in employment).
Password-only authorization is not very secure, if bruteforce attack is possible.
If you don't see requirement of this feature, don't answer ... many others of us have this need. Period.
...so viel Wut. 
Ich mache mir Sorgen um dich.
Windows, Linux, Android and IOS all have clients for OpenVPN. Any browser works through a VPN connection so I don't get what you mean by Firefox. If your workplace locks down it's computers and you cannot install a client why don't you just say so. Then maybe we help you find another solution.
I suggest what I do because I know it is secure.
PS- I use OpenVPN from/to my workplace.
Sehr schön Volker!
But you know, lets get a bit naughty. I´ve created this feature request here:
http://bugtracker.openmediavault.org/view.php?id=1029
As soon as you add this feature, fail2ban would be obsolete at least for myself.
btw. When will you add kralizec to the "product version" field?
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!
