huynhbaoan · May 8, 2024 02:10
diff --git a/Raspberry Pi 4B installation and tshoot b/Raspberry Pi 4B installation and tshoot
 ## Clone a running OS from SD card to USD SSD, Raspberry 4B 8G

 ### Main guide
 https://medium.com/xster-tech/move-your-existing-raspberry-pi-4-ubuntu-install-from-sd-card-to-usb-ssd-52e99723f07b

 ### References:
 https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#raspberry-pi-boot-modes
 https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#raspberry-pi-4-boot-flow
 https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#raspberry-pi-4-boot-eeprom

 ### If necessary, deal with the SSD adaptor without UAS support (Argon one m2 does not have this issue)
 https://www.helping.ninja/how-to-migrate-raspberry-pi-sd-card-to-a-usb-ssd-speedtest/

 ## Deal with Argon one m2 fan noise
 - Set fan to run when temperature is high than 50 Celsius degree. Trying to keep temparature lower is hard.
 - Remove the magnetic cover if necessary. This cover prevent the heat from flowing out.
 - As confirmed by Reddit community, setting the jumper to mode 2-3 (direct flow) cause more heat on Pi. Use mode 1-2 reduce the heat
 - Need more test: the thermal pad might need a little time before it can take effect.


 ## Setup

 ## [OS upgrade]
 apt-get update -y
 apt-get upgrade -y


 ## [Install necessary packages]
 apt install apt-list mlocate vim nano fail2ban etherwake hddtemp lm-sensors -y
 updatedb


 ## [Add normal user]
 useradd -m <user>
 passwd <user>


 ## [Install dwagent]
 wget https://node896146.dwservice.net/getAgentFile.dw?name=dwagent.sh
 mv getAgentFile.dw\?name\=dwagent.sh dwagent.sh
 chmod 700 dwagent.sh 
 ./dwagent.sh 


 ## [Setup WOL] Must be run as root or sudo
 vim ~/.bashrc

 alias wakehome='sudo etherwake 30:85:A9:98:CB:4A'
 alias temp='/usr/bin/vcgencmd measure_temp'


 ## [Secure SSHD]
 vim /etc/ssh/sshd_config

 Include /etc/ssh/sshd_config.d/*.conf
 Port 22
 AllowUsers [email protected].* <user>@<IP x.x.x.x> <user2>@<IP x.x.x.x>
 PermitRootLogin no
 StrictModes yes
 MaxAuthTries 3
 PasswordAuthentication yes
 PermitEmptyPasswords no
 ChallengeResponseAuthentication no
 UsePAM yes
 PrintMotd no
 AcceptEnv LANG LC_*
 Subsystem       sftp    /usr/lib/openssh/sftp-server

 sshd -t
 systemctl restart sshd


 ## [Configre fail2ban] Block SSH attacker
 apt install fail2ban -y
 vim /etc/fail2ban/jail.local

 [sshd]
 mode = aggressive
 [DEFAULT]
 bantime = 180m
 findtime = 15m
 maxretry = 5

 systemctl start fail2ban
 systemctl enable fail2ban

 fail2ban-client status
 fail2ban-client status sshd
 cat /var/log/fail2ban.log 
 iptables -L
 iptables -S
 fail2ban-client set <jail-name> unbanip <ip-address>


 ## Argon one m2 fan control
 wget https://download.argon40.com/argon1.sh
 chmod 750 argon1.sh
 ./argon1.sh
 argonone-config

 #### Set fan to run if temperature is higher than 50 Celcius degree


 ## Get cpu temp, hdd temp:
 sensors
 temp
 hddtemp


 ## Test run get metrics
 vim loop.sh 

 #!/bin/bash
 while sleep 60; do python get-by-id-lite.py >> output.log; done

 #### Run by &, then disown
	## Clone a running OS from SD card to USD SSD, Raspberry 4B 8G

	### Main guide
	https://medium.com/xster-tech/move-your-existing-raspberry-pi-4-ubuntu-install-from-sd-card-to-usb-ssd-52e99723f07b

	### References:
	https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#raspberry-pi-boot-modes
	https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#raspberry-pi-4-boot-flow
	https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#raspberry-pi-4-boot-eeprom

	### If necessary, deal with the SSD adaptor without UAS support (Argon one m2 does not have this issue)
	https://www.helping.ninja/how-to-migrate-raspberry-pi-sd-card-to-a-usb-ssd-speedtest/

	## Deal with Argon one m2 fan noise
	- Set fan to run when temperature is high than 50 Celsius degree. Trying to keep temparature lower is hard.
	- Remove the magnetic cover if necessary. This cover prevent the heat from flowing out.
	- As confirmed by Reddit community, setting the jumper to mode 2-3 (direct flow) cause more heat on Pi. Use mode 1-2 reduce the heat
	- Need more test: the thermal pad might need a little time before it can take effect.


	## Setup

	## [OS upgrade]
	apt-get update -y
	apt-get upgrade -y


	## [Install necessary packages]
	apt install apt-list mlocate vim nano fail2ban etherwake hddtemp lm-sensors -y
	updatedb


	## [Add normal user]
	useradd -m <user>
	passwd <user>


	## [Install dwagent]
	wget https://node896146.dwservice.net/getAgentFile.dw?name=dwagent.sh
	mv getAgentFile.dw\?name\=dwagent.sh dwagent.sh
	chmod 700 dwagent.sh
	./dwagent.sh


	## [Setup WOL] Must be run as root or sudo
	vim ~/.bashrc

	alias wakehome='sudo etherwake 30:85:A9:98:CB:4A'
	alias temp='/usr/bin/vcgencmd measure_temp'


	## [Secure SSHD]
	vim /etc/ssh/sshd_config

	Include /etc/ssh/sshd_config.d/*.conf
	Port 22
	AllowUsers [email protected].* <user>@<IP x.x.x.x> <user2>@<IP x.x.x.x>
	PermitRootLogin no
	StrictModes yes
	MaxAuthTries 3
	PasswordAuthentication yes
	PermitEmptyPasswords no
	ChallengeResponseAuthentication no
	UsePAM yes
	PrintMotd no
	AcceptEnv LANG LC_*
	Subsystem sftp /usr/lib/openssh/sftp-server

	sshd -t
	systemctl restart sshd


	## [Configre fail2ban] Block SSH attacker
	apt install fail2ban -y
	vim /etc/fail2ban/jail.local

	[sshd]
	mode = aggressive
	[DEFAULT]
	bantime = 180m
	findtime = 15m
	maxretry = 5

	systemctl start fail2ban
	systemctl enable fail2ban

	fail2ban-client status
	fail2ban-client status sshd
	cat /var/log/fail2ban.log
	iptables -L
	iptables -S
	fail2ban-client set <jail-name> unbanip <ip-address>


	## Argon one m2 fan control
	wget https://download.argon40.com/argon1.sh
	chmod 750 argon1.sh
	./argon1.sh
	argonone-config

	#### Set fan to run if temperature is higher than 50 Celcius degree


	## Get cpu temp, hdd temp:
	sensors
	temp
	hddtemp


	## Test run get metrics
	vim loop.sh

	#!/bin/bash
	while sleep 60; do python get-by-id-lite.py >> output.log; done

	#### Run by &, then disown