- Login in with pi/raspberry
- sudo raspi-config and change password, locale (deselect GB and select en-us), keyboard to genreic 105 key, English US
- Sudo adduser [username] (adds user)
- Sudo adduser [username] sudo (adds to sudo group)
- Reboot
- Login with new user
- if bash history isn't working
sudo chsh -s /bin/bash <username>
https://askubuntu.com/questions/325807/arrow-keys-tab-complete-not-working
- Sudo deluser pi
- Connect with wifi via sudo raspi-config or edit wpa-supplicant
- Sudo apt-get update
- Sudo apt-get upgrade
https://makezine.com/2017/09/07/secure-your-raspberry-pi-against-attackers/
To add new user use ADDUSER
:
Ssh security and config options:
View ssh attempts and logs:
wpa_supplicant to set up wifi
sudo nano /etc/wpa_supplicant/wpa_supplicant.conf
network={
ssid="networkname"
psk="networkpassword"
}
dhcpcd.conf to set up static IP for different interfaces
sudo nano /etc/dhcpcd.conf
interface wlan0
static ip_address=192.168.220.1/24
static routers=192.168.220.0
iptables examples
sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
sudo iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT
Then make them persist on reboot by saving them
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
dnsmasq lets you turn your pi into a router and hand out ip addresses on a specific interface
sudo nano /etc/dnsmasq.conf
interface=eth0 # Use interface eth0
listen-address=192.168.220.1 # Specify the address to listen on
bind-interfaces # Bind to the interface
server=8.8.8.8 # Use Google DNS
domain-needed # Don't forward short names
bogus-priv # Drop the non-routed address spaces.
dhcp-range=192.168.220.50,192.168.220.150,12h # IP range and lease time
To change the hostname or IP address, you will need to change /etc/openvpn/easy-rsa/pki/Default.txt and your .ovpn files if you have already generated them.
running scripts on startup:
- https://learn.sparkfun.com/tutorials/how-to-run-a-raspberry-pi-program-on-startup/all
- https://www.raspberrypi.org/forums/viewtopic.php?f=91&t=131760
Watchdog to reset a frozen/locked pi automatically
Email on pi