Skip to content

Instantly share code, notes, and snippets.

@koji

koji/RaspberryPi_InitialSettings.md

Last active October 22, 2017 16:45
Show Gist options
  • Save koji/0b8e99c7995039b278f3718974a09740 to your computer and use it in GitHub Desktop.
Save koji/0b8e99c7995039b278f3718974a09740 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
RaspberryPi_InitialSettings.md

Settings for security add a new user

$ sudo adduser ngems-koji

type password

add a new user to sudo group

$ sudo adduser ngems-koji sudo

change password

$ passwd username

change pi(user) setting

$ sudo vim /etc/sudoers

comment out 
#pi ALL=(ALL) NOPASSWD: ALL

or delete because pi user will be removed

search users who don't use password(empyt)

if there are some lock the account

$ sudo passwd -l username

unlock

$ sudo passwd -u username

check the uid to make sure only the root user has a uid 0

$ sudo awk -F: '($3 == "0") {print}' /etc/passwd
root:x:0:0:root:/root:/bin/bash

lock the root

$ sudo passwd -l root

user list

$ cat /etc/passwd

del pi user

$ sudo deluser --remove-home pi

Looking for files to backup/remove ...
Removing user `pi' ...
Warning: group `pi' has no more members.
userdel: user pi is currently used by process 622
/usr/sbin/deluser: `/usr/sbin/userdel pi' returned error code 8. Exiting.

check process pi is running

$ ps -fu pi

change Boot option to del pi-user sudo raspi-config Boot Options->Desktop/CLI->console

Get a list of installed packages and export that to txt file

$ dpkg --get-selections > list.txt

Change hostname

$ sudo raspi-config 
Select Hostname, then change the name from raspberrypi to something

Delete software don't need(GUI)

# LXDE
$ sudo apt-get remove --purge lxappearance lxde-common lxde-icon-theme lxinput lxmenu-data lxpanel lxpanel-data lxpolkit lxrandr lxsession lxsession-edit lxshortcut lxtask lxterminal

# X Windows
$ sudo apt-get remove --purge xserver-xorg xserver-xorg-input-all xserver-xorg-input-evdev xserver-xorg-input-synaptics xserver-common xserver-xorg-core xserver-xorg-video-fbdev xserver-xorg-video-fbturbo x11-common x11-utils x11-xkb-utils x11-xserver-utils xarchiver xauth weston ttf-dejavu-core xkb-data fontconfig fontconfig-config fonts-freefont-ttf gnome-themes-standard-data gstreamer1.0-alsa gstreamer1.0-libav gstreamer1.0-omx gstreamer1.0-plugins-base dbus-x11

iptables(firewall)

$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

install ufw which is a software firewall

$ sudo apt-get install ufw

set up

$ sudo ufw status
Status: active

basic concept is that deny all packets, then allows some pakets that I need (like ssh)
$ sudo ufw default DENY
$ sudo ufw allow ssh
$ sudo ufw allow 80 (if allows users to access pi via web browsers)

delete rule
$ sudo ufw delete allow 22

set limitation to make pi more secure
$ sudo ufw limit ssh

set log function
$ sudo ufw logging low

enable ufw
$ sudo ufw enable
@tinkrmind
Copy link

tinkrmind commented Oct 13, 2017
edited
Loading

Great documentation! Thanks so much!!
Just a little remark, ufw is disabled by default. The command to enable it is:sudo ufw enable Might save a man page call in the future :)

@koji
Copy link
Author

koji commented Oct 22, 2017

@tinkrmind, you're right.
I just added sudo ufw enable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment