I put this here because I didn't find a more relevant sub-forum. If this is wrong, please move it!
I thought I'd make this post as someone new to OMV and Linux in general, with some questions (and advice) about protecting your system as much as you can. If the system is connected to the internet, I understand there's no 100% method, but it would be nice to protect oneself as much as possible. Some of this will be SO OBVIOUS to some people, and completely eye-opening for others, it just depends on your proficiency, experience and knowledge.
For the sake of this post, let's assume the people reading it are new and inexperienced, so we should approach things from the ground up, and not assume anything is known.
General rules of note:
Most people using OMV are going to have it connected to a router/modem at some point, in order to reach the internet. If this is the case, and especially if your OMV is left on 24 hours a day, it's a good idea to protect it from being accessed by unwanted parties in some way. If you want to access this externally (from outside your LAN), you need to be a little more careful than if you are just accessing internally. You will also see notes and posts all over the forum about setting up USERS, each with specific access rights to certain things, mostly which you can choose. For example you may have two folders that you create, one with important items and another with items you want to share with others. You could than grant a specific user access to one folder or not the other.
Some questions (I will update this post with the most relevant answers in the hopes it will help people):
1. Based on the above, if you are hoping to access your OMV from outside your LAN, what are the best safefy precautions to take? It's probably safe to say that forwarding a port to your OMV webgui from your router so that you can access your webgui from anywhere is unsafe. What would you suggest is the safest reasonable way to achieve this?
2. Some people have other apps installed, beyond basic ones provided by OMV. Some of these apps have their own webgui for management, such as SickBeard or HTPC manager. What's the safe way to access these without exposing your system too much?
3. There appears to be several methods of using VPN at the moment. If you are using OMV 0.5 (Sardaukar), there is an omv-extras plugin. If you are using the as yet unreleased OMV 1.0 (Krazilec), there are two at the moment. What is the best way to implement this at the moment (on either 0.5 or 1.0)? I have seen a simple script HERE: http://peterjolson.com/super-e…config-on-openmediavault/
Has anyone tried this and is it safe?
4. Some people have had their OMV's hacked into. This can be down to a poor root password, easily guessed or bypassed. What's a good way to protect yourself, other than a much stronger root password? There is some discussion about using DENYHOSTS in order to prevent scripts/hacks more often, or at least deter. Is this a good idea, or is there something better for a similar effect?
Once again, to many of you seasoned people out there, a lot of this is second nature to you! But not obvious to (dare I say it) most people. I hope we can make some kind of useful security thread (or even subforum if it's worth it).
Thanks