steps to take to improve the security of your Raspberry Pi using terminal
Change your default password raspberry
- passwd
Change your username
- sudo useradd -m fred -G sudo
change new user password - sudo passwd fred
disable the Pi account
- sudo passwd --lock pi
Make sudo require a password
- sudo nano /etc/sudoers.d/010_pi-nopasswd
and change the pi entry (or whichever usernames have superuser rights) to - pi ALL=(ALL) PASSWD: ALL
save file
Setup iptables firewall
- sudo nano /etc/iptables
add the following code and modify to your preference
# Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
#
-A INPUT -i lo -j ACCEPT
#
-A INPUT -d 127.0.0.0/8 -j REJECT
#
# Accept all established inbound connections
#
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#
# Allow all outbound traffic - you can modify this to only allow certain traffic
#
-A OUTPUT -j ACCEPT
#
# Allow HTTP and HTTPS connections from the port number you specified in your project config.json file, replace YOUR PORT NUMBER with your specified port number.
#
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
#
# Allow SSH connections, the -dport number should be the same port number you set in sshd_config
#
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
#
# Allow ping
#
-A INPUT -p icmp -j ACCEPT
#
# Log iptables denied calls
#
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
#
# Drop all other inbound - default deny unless explicitly allowed policy
#
-A INPUT -j DROP
#
-A FORWARD -j DROP
check firewall with the command
- sudo /sbin/iptables -L
update pi
- sudo apt-get update -y && sudo apt-get dist-upgrade -y
- sudo apt-get clean
Congratulations @infern0g0d! You received a personal award!
Click here to view your Board
Congratulations @infern0g0d! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Vote for @Steemitboard as a witness to get one more award and increased upvotes!