Raspberry Pi

How to Improve the Security of Raspberry Pi

The Raspberry Pi default security is not so strong and unwanted users can access the Raspberry Pi very easily. In a short span of time, the Raspberry Pi boards have become very much popular and people are using them to replace the personal computer. With the increase in popularity, the developers and Raspberry Pi users are much concerned about its security.

In this write-up, different measures will be discussed by which we can increase the security of the Raspberry Pi and make it difficult for unwanted users to access the Raspberry Pi.

How to improve the security of the Raspberry Pi operating system

There are different tricks to secure the Raspberry Pi because by default the security of Raspberry Pi.

How to keep Raspberry Pi Secure

The primary step to secure your Raspberry Pi is to make the system up to date so that when the new security features are launched by the developers of the Raspberry Pi, they are installed on your system. To update as well as upgrade the Raspberry Pi OS, we will simply execute the command:

$ sudo apt update && sudo apt full-upgrade -y

The update command will find the updates of packages of the system and the upgrade command will upgrade all those packages with the latest updates. Another way is to enable the automatic update of the packages of the Raspberry Pi for this we will install the unattended-upgrades package by using the command:

$ sudo apt install unattended-upgrades -y

When the package of the unattended-upgrades has been installed, it will automatically upgrade the security updates when the security updates will be available.

Change the password of the Raspberry Pi after a specific interval

The other recommendation to secure the Raspberry Pi is to change the password of the Raspberry Pi after every 3-4 days so that it is difficult for other people to crack the password and make sure the password should be a combination of special characters, numerics, and the alphabets. To change the password of the Raspberry Pi, we will run the command:

$ passwd

When the command is executed, it will first ask you to enter the current password, then to enter the new password which you want to set, and lastly, retype the new password to confirm both passwords match.

Don’t use the Pi user

The default user of the Raspberry Pi is “Pi” user which has all the security and root privileges of the Raspberry Pi operating system. It is recommended to make some other username and disable the Pi user so no one can access it to hack your operating system. We can make the new users by using the command:

$ sudo adduser --force-badname Hammad

It will create the user “Hammad” and ask you to set the password for the user. In the above command, you have to replace the “Hammad“ with your username then it will ask for some other information regarding the user:

Finally, it will confirm from you the validity of the provided information and then to give the user “sudo” privileges, add the user to the sudo group by using the command:

$ sudo adduser Hammad sudo

Wait! Are you worried that all your data stored in the Pi user will be deleted? No! We will copy all the files of the Pi user to the new user “Hammad” using the command:

$ sudo cp -r  /home/pi/Documents/ /home/Hammad/Documents/

Finally, disable the Pi user by removing it from the home users, using the command:

$ sudo deluser -remove-home pi

Stop the unwanted services on the Raspberry Pi

It is recommended to stop all the unwanted services on the Raspberry Pi. You have to stop all the unwanted services so that the attackers can not ruin the security of your Raspberry Pi by using any of the vulnerable services which are running in the background. To know the services running in the background, we will use the command:

$ sudo service --status-all

Now to stop the service, for example, we want to stop the Bluetooth service, so will use the command:

$ sudo service bluetooth stop

Install fail2ban app

The fail2ban package comes in the repository of the Raspberry Pi and used to prevent unauthorized users from accessing the Raspberry Pi. Using the fail2ban application, you can set the attempts for login. After defined unsuccessful attempts to log in to the account, fail2ban will block the IP address of the user who is trying to log in. We can install the fail2ban application simply with the help of the apt package manager using the command:

$ sudo apt install fail2ban -y

By the default settings of the fail2ban, it will ban the unauthorized user in just ten minutes after five wrong attempts of login, but we can change these settings by modifying the config file of fail2ban:

$ sudo nano /etc/fail2ban/jail.conf

We can change the “bantime”, “findtime”, and the “maxretry”.

Conclusion

The security of the Raspberry Pi is very important as it may contain important and private data. Hackers can try to harm the files and directories of the Raspberry Pi by accessing it in different ways. In this write-up, different methods to secure the Raspberry Pi have been explored through which we can make it difficult for unwanted users to access the Raspberry Pi and harm its data.

About the author

Hammad Zahid

I'm an Engineering graduate and my passion for IT has brought me to Linux. Now here I'm learning and sharing my knowledge with the world.