I have started to use a raspberry and have installed Open Media Vault on Raspbian. I am slightly concerned about security. These are some of my areas of concern please feel open to tell me any more ways to enhance the security. I have encrypted the drive that will contain the data with LUKS add on.
Is there a way to use open media vault from a terminal(not web based)
The admin user for the web login, can the name be changed?
Can the host name of raspberry pi be changed?
What ports are necessary?(This is for the UFW firewall currently I have 80 enabled but for all protocols)
How would this be configured in fail2ban?(I have configured SSH in fail2ban)
I do not understand the question why you want to use OMV from terminal when it is running on Raspbian - use Raspbian from terminal to access your files.
I am no familiar with that software so I cannot help there.
Normaly you can change usernames directly with usermod - arch wiki has some command examples if you do not want to go through man usermod.
Standard is to use port 80 for http requests. Then you may want to use https (443), FTP (21) or SSH (22) - depends on what is setup on the machine. Since OMV uses web interface then port 80 is probably the only one you need. Is there some special functionaly you want to enable on your device other than web GUI?
Setting up fail2ban is probably a big task. I may not be able to help with the details when I do not know what should be the target use case.
As far as I know ufw is designed to operate with concept of IP addresses and not MAC. You can set up iptables rule or create a before rule for ufw - see link.
You should post your questions about OMV on their forum.
I do not have answers to all your questions but I have been using OMV for ~2 years and find it difficult to understand why you would want to run your media server on Endeavour.
OMV offers far better configuration options out of the box.
It is not a rolling release and will break less often and require far less maintenance.
It has a number useful but optional plugins for a media server.
You can of course run a media server on Endeavour or another distro of your choice, but what is the benefit?
Yes. If you’re running headless you can use SSH.
If you want a server, install the OS on a micro SD card. In step 3 connect a USB 3.0 storage device and choose to install a headless server instead of install a Desktop Environment.
and follow the “Homeserver1” through “Homeserver7” to install what you want.
“Homeserver6” installs minidlna for streaming audio, videos, and pictures to SMART devices. On the client side, VLC does a good job as a DLNA client. Also works with my Smart TVs that are on the LAN. It also works good on my YAMAHA receiver.
All with no 3rd party apps, as I recall everything is from the Arch Linux Arm repositories. yay is installed in case something is needed in the AUR.
It must be. It has @Pudge’s seal of quality.
As any distro these days I do not expect it would crash on its own (software is pretty mature). Only thing that comes to mind is that overclocking should be avoided if you require stability (at least from the hardware side).
I use standard connection through sftp to access the file system. Add it as a mountpoint to your main machine’s fstab and you are good to go.
JDownloader as a download manager (has a web gui that I can access in my main machine).
I used to use Kodi as an interface on my main machine that connects to it but I found out it is not better than accessing the files directly on the sftp.
The biggest question remains if you want to access your NAS from outside your home network or not. That will impact your security significantly. You can benefit from proper firewal on you connection facing the internet and leave your LAN (relatively) unprotected. I am not recommending opting out on the security but it doesn’t have to be over-done where it doesn’t matter so much. For example LUKS encryption has no meaning unless you expect someone will break to your house and steal your drives.
Agreed. With a headless server, the OS is strictly GNU Linux, and not much else. This is as base as one can get. Most software problems lie in the graphics layer, the window manger layer, or the desktop layer which are not installed on a headless server. GNU Linux has been bullet proof for many many years,
