raspberry pi random notes

raspberrypi.txt

INSTALL FIRST
sudo apt update
sudo apt dist-upgrade -y
sudo apt install vim ufw tmux git tcpdump nmap rsyslog-gnutls

ADDUSER with same permissions as pi user
sudo adduser <username>
sudo usermod -aG adm,dialout,cdrom,sudo,audio,video,plugdev,games,users,netdev,input,i2c,spi <username>

sudo userdel -r pi
OR
sudo passwd -l pi

#check if pi account is locked
sudo passwd -S pi

To force sudo to require a password:

sudo vim /etc/sudoers.d/010_pi-nopasswd
and change the pi entry (or whichever usernames have superuser rights) to:
<username> ALL=(ALL) PASSWD: ALL


UFW CONFIG
sudo ufw limit proto tcp from 192.168.x.x/24 to any port 22
sudo ufw limit 22/tcp

sudo ufw status numbered
sudo ufw delete rule_number

/etc/ufw/ufw.conf
IPV6=no
/etc/default/ufw
IPV6=no

sudo sh -c "sed -i '$ s/$/ ipv6.disable=1/' /boot/cmdline.txt"

DISABLE BT, WIFI, AND ALSA SOUND
boot/config.txt
dtoverlay=pi3-disable-wifi
dtoverlay=pi3-disable-bt
dtparam=audio=off

sudo sh -c "sed -i '\$adtoverlay=pi3-disable-wifi' /boot/config.txt"
sudo sh -c "sed -i '\$adtoverlay=pi3-disable-bt' /boot/config.txt"
sudo sh -c "sed -i '\$adtparam=audio=off' /boot/config.txt"

SSHD_CONFIG
/etc/ssh/sshd_config
AddressFamily inet
X11Forwarding no
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

For publickey authentication only:
/etc/ssh/sshd_config
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no


GENERATE SSH KEY
ssh-keygen -t rsa -b 4096 -C <username>
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
sudo chmod 644 ~/.ssh/authorized_keys
scp ~/.ssh/id_rsa 192.168.x.x:/home/<username>/

DISABLE AVAHI-DAEMON
sudo apt-get remove avahi-daemon

CHECK FOR SERVICES
sudo systemd-analyze
sudo systemd-analyze blame
sudo systemctl list-units -t service
sudo systemctl list-unit-files | grep enabled

DISABLE SERVICES
sudo systemctl disable triggerhappy
sudo systemctl stop triggerhappy 
sudo systemctl disable bluetooth
sudo systemctl stop bluetooth
sudo systemctl disable wifi-country.service
sudo systemctl disable nfs-config.service
sudo systemctl disable rsync.service
sudo systemctl disable hciuart.service
sudo systemctl disable bluealsa.service
sudo systemctl disable bluetooth.service
sudo apt-get purge bluez -y
sudo apt-get autoremove -y

MOUNT EXTERNAL  DRIVE AS /VAR/LOG
sudo service rsyslog stop
sudo mkdir -p /tmp/varlog
sudo cp -r /var/log/* /tmp/varlog

sudo mount /dev/sda1 /var/log

#edit /etc/fstab:
PARTUUID=<PARTUUID>  /var/log        ext4    defaults,noatime  0       3

sudo cp -r /tmp/varlog/* /var/log
sudo rm -rf /tmp/varlog
sudo service rsyslog start


RSYSLOG LATEST VIA REPO
https://software.opensuse.org/download.html?project=home%3Argerhards&package=rsyslog
***** choose debian, then find raspbian *****

sudo apt-key add - < Release.key

sudo echo 'deb http://download.opensuse.org/repositories/home:/rgerhards/Raspbian_9.0/ /' > /etc/apt/sources.list.d/home:rgerhards.list

sudo echo 'deb http://download.opensuse.org/repositories/home:/rgerhards/Raspbian_9.0/ /' > /etc/apt/sources.list.d/rgerhards.list


GPIO Zero
sudo apt update
sudo apt install python3-gpiozero
https://www.raspberrypi.org/documentation/usage/gpio/python/README.md