Notes for myself as much as anything…
Install from Noobs
Change pi password
passwd
Get wifi working
sudo raspi-config
Check that wlan0 is getting an ip address
iwconfig
ifconfig
Update the rPi
sudo apt-get update
sudo apt-get upgrade
Change the ssh port to something other than 22
sudo nano /etc/ssh/sshd_config
change
# Port 22
to
Port newportnumber
ctrl-x save and exit
Restart SSH
sudo service ssh restart
Amend port forwarding on the router to reflect the new port number
Install fail2ban – this will block IP addresses of bots attempting to access the Pi
sudo apt-get install fail2ban
It should run as a service and be running after a restart, to check if its running
sudo /etc/init.d/fail2ban status
***Note we need to amend the config file***
sudo nano /etc/fail2ban/jail.local
[ssh]
enabled = true
port = sshportnumberfromearlier
filter = sshd
logpath = /var/log/auth.log
maxretry = 6
Install no-ip, to update DNS with any IP changes
mkdir /home/pi/noip
cd /home/pi/noip
wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz
tar vzxf noip-duc-linux.tar.gz
cd noip-2.1.9-1
sudo make
sudo make install
sudo /usr/local/bin/noip2 starts the service. To check the status:
sudo /usr/local/bin/noip2 -S
Have No-Ip run on startup
sudo nano /etc/rc.local
add the line /usr/local/bin/noip2 just above the exit 0
fi
/usr/local/bin/noip2
exit 0
To check no-ip is running
sudo /usr/local/bin/noip2 -S
So now, we have installed Raspbian, changed the default password, got everything up to date, changed the SSH port to something more obscure than the standard port 22, secured that port with fail2ban, and made the Pi reachable from outside the network. Restarting the Pi along the way to check things are still running.
Check fail2ban is running
sudo /etc/init.d/fail2ban status
Check no-ip is running
sudo /usr/local/bin/noip2 -S
Things. Stuff 