Once you set up your system and connected it to the Internet, you've become visible to the wide world. And if you use your Pi (or any other machine to be honest) as a server, webcam, mail server, ssh server, you become vulnerable to outside attacks. To prevent yourself from loosing precious data (in some cases including even other devices connected to your home network), there are several things you should do to secure your system. The tutorial will be divided into parts, covering initial setup, firewall setup and web server security. It's based on Raspbian Wheezy distro.
Part I - Update the System
1. Default Password
First of all, make sure you've changed the default user password. You can do this by logging into your Pi and typing
The command allows you to change the default password any time you want. You will be prompted for your existing password (the default being "raspberry"), then your new password twice. Once this is done then the next time you log in you will need to use the new password:
Changing password for pi. (current) UNIX password: Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
It is even a better idea to create another user account and not use the default pi at all. This would make your system more unique and prevent any attempts to hack it from outside.
To create your own user account do as follows:
In the command line, log in as root:
sudo su - # mind the - (dash) at the end.
$ useradd [desired_user_name]
After that, we have to create password for our new user:
$ passwd [our_user_name] Changing password for user [our_user_name]. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully.
After finishing, type
to leave root session and log in as the newly created user. Now we will be able to use the unique username to log into our machine. We can delete the default pi account with no harm to the system with (as root, of course):
userdel -r pi
2. Kernel Update
We need to update the Raspberry Pi Unix Kernel (operating system's heart), so that it supports the iptables firewall - so lets get the latest CA(Certificate Authority) certificates. We do so by typing in the command line:
sudo apt-get install ca-certificates
Next, we should get the Hexxeh rpi-update program by running (the command should be run without any carriage returns):
sudo wget https://raw.github.com/Hexxeh/rpi-update/master/rpi-update -O /usr/bin/rpi-update && sudo chmod +x /usr/bin/rpi-update
as well as
git-core (Kernel directory content management system), the main software to access the latest Unix build:
sudo apt-get install git-core
and perform the update the Raspberry Pi Kernel to the latest Unix build:
The update takes some time, so be patient and wait till your shell prompt (e.g.
Once the update has finished, we should reboot our Raspberry by typing:
sudo shutdown -r now
Remember, if you are logging in remotely to your Raspberry Pi, the session will drop, so wait about a minute and log back to your Pi.
That's all as far as initial setup of your Pi.
In the next parts, we will cover: