Security improvements on the Raspberry Pi

From Sensors in Schools
Revision as of 07:17, 19 December 2021 by EdmondLascaris (talk | contribs)
Jump to navigation Jump to search

Overview

  • Running a Raspberry Pi computer on your home network can be done securely.
  • In this lesson we will explore different ways to improve security.

Learning Objectives

  • Updating and Upgrading your Raspberry Pi
  • Changing the default password for user pi
  • Make directories and files in the Terminal
  • Install fail2ban
  • Install a firewall

Updating and Upgrading your Raspberry Pi

  • When you update your computer, not only do you get updates to the latest features, but you also get fixes to software bugs and security issues. You can do this process manually and you can also automate this procedure.
  • Open the Terminal on the Pi.
  • Enter the command sudo apt-get update

  • The update takes approximately 30 seconds to one minute.
  • This is the typical output.

Upgrading Raspberry Pi Software

  • Upgrading the Raspberry Pi updates all installed software to the most current version.
  • Do this by entering the command sudo apt-get full-upgrade

  • The Pi will tell you what software upgrades are required and ask for permission.
  • It will also tell you how much additional disk space will be required.

  • The first time you do an upgrade it could take several minutes.
  • Sometimes you need to check how much additional disk space you have available.
  • If too much space is occupied by the operating system and associated software it can compromise performance.

Changing the default password for user pi

  • It is always a good idea to change any default password setting.
  • The following instructions can also be used to set a new password for user pi just in case you forget it.
  • Open the Terminal
  • Enter the command sudo raspi-config

  • Select Option 1 System Options
  • Press the Tab key until <Select> is highlighted and press Enter.

  • Select S3 Password using the Tab key and press Enter.

  • You will be asked to enter a new password for the pi user.
  • Press OK.

  • You will be asked to enter in a new password. Then press the Enter key.
  • In Linux the password or the characters will not show.
  • You will be asked to retype the password.

  • A Password changed successfully will appear.
  • Press OK.

  • Back in the raspi-config main menu, press the Tab key to highlight <Finish>
  • Press Enter to return to the Terminal.


Protecting the raspberry pi from malicious attacks on the internet

  • Fail2ban is a tool used to detect brute-force attacks and block them. If an attack is sustained for many months it is possible for an attacker to gain access to your computer system.
  • Fail2ban aims to protect your computer from repeat attacks. It does this by blocking attackers from a re-occurring IP address if they fail to login more than a certain number of times. You can configure the number of tries before a ban is put in place and how long the ban will remain.
  • Open the Raspberry Pi Terminal.
  • To install Fail2ban enter the command sudo apt-get install fail2ban

  • Enter y (yes) to proceed with installation.
  • The installation only takes a few seconds to complete.
  • By default, fail2ban will ban attacker for 10 minutes after 5 failed attempts.

Install a firewall

  • A firewall allows you to block all ports except the ones you need and also filter access by IP address.
  • We are going to install ufw (Uncomplicated FireWall), which is very straightforward to use and configure according to our needs.
  • A basic administration configuration page can be accessed using the Terminal.
  • To install ufw enter the command sudo apt-get install ufw

  • The installation takes a few seconds.

  • We can get help using ufw using the command sudo ufw help

Retrieved from "http://www.waterwaysinwhittlesea.org/index.php?title=Security_improvements_on_the_Raspberry_Pi&oldid=254"