Personal Privacy

Login Advanced Search
     General TopicsSelf Hosted ServicesServer Setup

Hardening Raspberry Pi

Introduction

Raspberry Pi is a powerful SoC device you can use as a home server. It is very cheap, consumes very little power, and its OS is Linux based.
There are a few things you can do after downloading a Raspberry Pi image to enhance the security of your device

Enabling Headless Connection

You can easily connect to your device remotely which means you do not need a keyboard or monitor connected to your device.
To enable this, after downloading and writing the image to your SD card, insert it in a computer, for to the Boot directory and create an empty folder called ssh.
Then, insert the card into your Raspberry Pi and after a couple of minutes, try connecting to it using SSH protocol.
For a more detailed explanation of how to do SSH, you can visit our SSH webpage.

Adding a user and deleting the default pi user

Raspberry Pi comes with a default user called pi. You can add your own user and remove pi. To add a new user:

sudo adduser username
sudo usermod -a -G adm,dialout,cdrom,sudo,audio,video,plugdev,games,users,input,netdev,gpio,i2c,spi username

Removing the default 'pi' user:

sudo pkill -u pi
sudo deluser -remove-home pi

Adding ROOT password

To enhance the security, you can add a pssword for the user ROOT:

sudo -i passwd

Enforcing password when using sudo

By default, your account can use sudo without a need for the user to enter a password. To change this, do:

sudo nano /etc/sudoers.d/010_pi-nopasswd

And modify

username ALL=(ALL) PASSWD: ALL

Enforce login on boot

By default, Raspberry Pi does not ask for user password after a boot. To enforce this, open a terminal and enter:

sudo raspi-config

Then, choose System Options and then Boot/Auto Login.

Tip: Connecting to a WPA2 Enterprise Wi-Fi Network (EAP)

If you want to connect to a Wi-Fi network with WPA2 Enterprise security you need to do the followings:

sudo nano /etc/wpa_supplicant/wpa_supplicant.conf

and paste

network={
  ssid="Network_Name"
  key_mgmt=WPA-EAP
  group=CCMP TKIP
  eap=PEAP
  identity="USERNAME"
  password="PASSWRD"
  phase1="peapver=0"
  phase2="MSCHAPV2"
}

Then, identify the network interface of your Raspberry Pi (it is usually called wlan0) using

ip a

Then

sudo nano /etc/network/interfaces

and paste

auto wlan0
allow-hotplug wlan0
iface wlan0 inet dhcp
  pre-up wpa_supplicant -B -Dwext -i wlan0 -c/etc/wpa_supplicatnt/wpa_supplicant.conf -f /var/log/wpa_supplicant.log
  post-down killall -q wpa_supplicant

Restart the device to apply changes.

Buy me a coffe?!


Comments

No comments yet!
Add a new comment:

20