Security improvements on the Raspberry Pi: Difference between revisions

From Sensors in Schools
Jump to navigation Jump to search
No edit summary
Line 153: Line 153:
=== Status of ufw ===
=== Status of ufw ===
* To see all existing rules enter '''sudo ufw status verbose'''
* To see all existing rules enter '''sudo ufw status verbose'''
* You can also use the shorter command '''sudo ufw status'''


[[File:Screen Shot 2021-12-19 at 6.54.44 pm.png]]
[[File:Screen Shot 2021-12-19 at 6.54.44 pm.png]]

Revision as of 08:00, 19 December 2021

Overview

  • Running a Raspberry Pi computer on your home network can be done securely.
  • In this lesson we will explore different ways to improve security.

Learning Objectives

  • Updating and Upgrading your Raspberry Pi
  • Changing the default password for user pi
  • Install fail2ban
  • Install a firewall

Updating and Upgrading your Raspberry Pi

  • When you update your computer, not only do you get updates to the latest features, but you also get fixes to software bugs and security issues. You can do this process manually and you can also automate this procedure.
  • Open the Terminal on the Pi.
  • Enter the command sudo apt-get update

  • The update takes approximately 30 seconds to one minute.
  • This is the typical output.

Upgrading Raspberry Pi Software

  • Upgrading the Raspberry Pi updates all installed software to the most current version.
  • Do this by entering the command sudo apt-get full-upgrade

  • The Pi will tell you what software upgrades are required and ask for permission.
  • It will also tell you how much additional disk space will be required.

  • The first time you do an upgrade it could take several minutes.
  • Sometimes you need to check how much additional disk space you have available.
  • If too much space is occupied by the operating system and associated software it can compromise performance.

Changing the default password for user pi

  • It is always a good idea to change any default password setting.
  • The following instructions can also be used to set a new password for user pi just in case you forget it.
  • Open the Terminal
  • Enter the command sudo raspi-config

  • Select Option 1 System Options
  • Press the Tab key until <Select> is highlighted and press Enter.

  • Select S3 Password using the Tab key and press Enter.

  • You will be asked to enter a new password for the pi user.
  • Press OK.

  • You will be asked to enter in a new password. Then press the Enter key.
  • In Linux the password or the characters will not show.
  • You will be asked to retype the password.

  • A Password changed successfully will appear.
  • Press OK.

  • Back in the raspi-config main menu, press the Tab key to highlight <Finish>
  • Press Enter to return to the Terminal.


Protecting the Raspberry pi from malicious attacks on the internet using Fail2ban

  • Fail2ban is a tool used to detect brute-force attacks and block them.
  • If an attack is sustained for many months it is possible for an attacker to gain access to your computer system.
  • Fail2ban aims to protect your computer from repeat attacks.
  • It does this by blocking attackers from a re-occurring IP address if they fail to login more than a certain number of times. You can configure the number of tries before a ban is put in place and how long the ban will remain.
  • Open the Raspberry Pi Terminal.
  • To install Fail2ban enter the command sudo apt-get install fail2ban

  • Enter y (yes) to proceed with installation.
  • The installation only takes a few seconds to complete.
  • By default, fail2ban will ban attacker for 10 minutes after 5 failed attempts.

Install the firewall ufw

  • A firewall allows you to block all ports except the ones you need and also filter access by IP address.
  • We are going to install ufw (Uncomplicated FireWall), which is very straightforward to use and configure according to our needs.
  • A basic administration configuration page can be accessed using the Terminal.
  • To install ufw enter the command sudo apt-get install ufw

  • The installation takes a few seconds.

  • We can get help using ufw using the command sudo ufw help

Enable ufw

  • When ufw is first installed it will be enabled.
  • If you need to enable ufw enter the command sudo ufw enable

Disable ufw

  • In the Terminal enter the command sudo ufw disable
  • Disabling ufw is sometimes useful when diagnosing communication related issues.

Opening ports on ufw

  • When ufw is first installed all ports are blocked by default.
  • If we keep all ports closed then the Raspberry Pi will not be able to interact with the outside world.
  • The best approach is to only open a small number of ports.
  • Ports are small channels used by different software on our computer.
  • The more ports are open, the more vulnerable your computer is to hackers.


  • To open up port 80 for HTML requests enter the command sudo ufw allow 80
  • If you make a mistake you can always un do the instruction with the command sudo ufw delete allow 80

  • To open up port 5900 to use VNC' enter the command sudo ufw allow 5900
  • If the rule already exists the message Skipping adding existing rule

  • To open up port 1880 to use Node-RED' enter the command sudo ufw allow 1880

Status of ufw

  • To see all existing rules enter sudo ufw status verbose
  • You can also use the shorter command sudo ufw status

Retrieved from "http://www.waterwaysinwhittlesea.org/index.php?title=Security_improvements_on_the_Raspberry_Pi&oldid=266"