5 security tips for the Raspberry Pi

If you open ports on the Internet, use it as a WiFi hotspot, or if you install the Pi in a larger network, you need to take security measures to protect your Raspberry Pi.

By default, the Raspberry Pi comes with a poor level of security. If you use the Pi at home or in a small network, that's not a big deal.

But if you open ports on the Internet, use it as a WiFi hotspot, or if you install the Pi in a larger network, you need to take security measures to protect your Raspberry Pi.

The following article will show you how to do this.

1. Always update the system

5 security tips for the Raspberry Pi Picture 15 security tips for the Raspberry Pi Picture 1

This first may be obvious, but very important. With the updates in the Raspbian repository, you not only get the latest features, but mainly security fixes to the installed software.

Try to update your Raspberry Pi regularly with:

sudo apt update sudo apt upgrade

You can also automate this process with an unattended upgrade package. This process allows you to automatically install security fixes every day:

  1. Install the upgrade package unattended
sudo apt install unattended-upgrades
  1. Open the configuration file
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
  1. Change what you want in this file

By default, it will only download security updates, but you can change this if you want to install all the Debian updates or even other repositories.

At least you should note this line:

Unattended-Upgrade::Mail "root";

This will send mail to root (or any other address if you have a mail server installed).

  1. Save and exit ( CTRL + O, CTRL + X )
  2. Then, you'll need to set up periodic upgrades:
    1. Open this file:
sudo nano /etc/apt/apt.conf.d/02periodic
    1. Paste these lines (file should be empty, otherwise change the values):
APT::Periodic::Enable "1"; APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::Unattended-Upgrade "1"; APT::Periodic::AutocleanInterval "1"; APT::Periodic::Verbose "2";

This will allow daily automatic updates. You ask apt to: Update, download upgrades, install upgrades, and do daily cleaning automatically.

The last line is the level of detail you will get in / var / log / unattended-upgrade and email (1 = low, 3 = max).

    1. Save and exit ( CTRL + O, CTRL + X ).
  1. You can debug your configuration with this command:
sudo unattended-upgrades -d

Don't forget to check the log files and / or emails received to make sure everything is working as expected

2. Don't use automatic login or blank passwords

5 security tips for the Raspberry Pi Picture 25 security tips for the Raspberry Pi Picture 2

Passwords are an important part of system security. The first thing to do is make sure that all important accesses require passwords.

Don't use automatic login and add login steps for each app that you can directly access

The article won't list all the apps, but for example, if you have a web server, make sure that your personal data or admin pages can't be accessed without a password.

Make sure no one is using a blank password on the Raspberry Pi. If you have few accounts, it's easy, check all permissions. If you have multiple user accounts, these commands can help you:

  1. Search for a blank password
sudo awk -F: '($2 == "") {print}' /etc/shadow

This will only show accounts with blank passwords.

  1. Account lock is not secure
passwd -l 

3. Change the default password for Pi

A common mistake is to leave the default passwords for pi ( raspberry ) users as they are. Anyone who has used a Raspberry Pi knows this password. So many people are scanning SSH ports and trying to login using pi / raspberry.

Changing the default password is the first thing to do when doing a fresh install. Doing this is very easy, log in with pi and enter this command:

passwd

Try to use a sentence with more than 15 characters to be safe from Brute-force attacks and easy to remember it (eg iloveraspberrytips is a good password, easy to remember).

4. Disable pi user

Hackers have a list of commonly used credentials and often try them out

If possible, create a new user and disable pi user to prevent brute-force attack type:

  1. Create a new user:
sudo adduser 
  1. Grant sudo privileges if needed:
sudo adduser sudo

This will add your new user to the sudo group.

  1. Check if everything is working properly (ssh, sudo, etc . access)
  2. Copy files from pi user to new user if needed
sudo cp /home/pi/Documents/* /home//Documents/ .
  1. Delete user pi
sudo deluser -remove-home pi

If you want, you can start by locking the account (as said before) and deleting it after a few weeks, when you're sure everything is okay.

5. Stop unnecessary services

On the Raspberry Pi, people do a lot of projects on everything, and that can be a bad habit for security.

Let's say you installed PHPMyAdmin 3 months ago to try something, but you are no longer using it

This could create a vulnerability for an attacker, allowing him to enter your system. So try to stop or uninstall unnecessary services and apps.

  1. To stop using the service:
sudo service stop
  1. If it does boot automatically on boot, try:
sudo update-rc.d remove
  1. Or to uninstall it use the following command:
sudo apt remove 
4 ★ | 1 Vote