Security: Difference between revisions
From Internet in a Box
mNo edit summary |
|||
| Line 1: | Line 1: | ||
'''''Some security tips | '''''Some security tips:''''' | ||
# Please confirm your '''[[FAQ#What_are_the_default_passwords%3F|passwords are secured]]'''. | # Please confirm your '''[[FAQ#What_are_the_default_passwords%3F|passwords are secured]]'''. | ||
| Line 42: | Line 42: | ||
== Security Blowback / Survival Tips == | == Security Blowback / Survival Tips == | ||
* | * If using an LMS, think carefully about "[https://github.com/iiab/iiab/issues/1516 Student Privacy / Medical Confidentiality best practices prior to copying/re-provisioning an IIAB"] in context with duplication techniques like "[http://wiki.laptop.org/go/IIAB/FAQ#How_do_I_back_up%2C_shrink_%26_copy_IIAB_microSD_cards%3F How do I back up, shrink & copy IIAB microSD cards?]" in [https://wiki.iiab.io/go/FAQ FAQ.IIAB.IO] | ||
<!-- | <!-- | ||
* If you notice Wikipedia-like items are no longer accessible from http://box.lan, try running the following as root, which is similar to http://box/admin '''> Install Content > Restart Kiwix Server''': | * If you notice Wikipedia-like items are no longer accessible from http://box.lan, try running the following as root, which is similar to http://box/admin '''> Install Content > Restart Kiwix Server''': | ||
Revision as of 07:49, 7 August 2024
Some security tips:
- Please confirm your passwords are secured.
- Consider the strategies below to help secure your OS (downloading and/or semi-automatically installing recent security patches & updates). That is IF you find a reasonably fast Internet connection for your IIAB, and are willing to take certain risks with packages/versions occasionally/potentially colliding.
- Please read more about the
iiab-adminLinux user and group, which allow you to log in to IIAB's Admin Console: - If OpenVPN is installed, developers' ssh keys are also installed to enable remote login, for remote support during Beta programs and similar. You can disable this feature by running:
sudo rm -f /root/.ssh/authorized_keys. NOTE: If you later ask Internet-in-a-Box to reinstall OpenVPN, please note that developer keys will be reinstalled. - If you use Samba file sharing, see also: https://github.com/iiab/iiab/tree/master/roles/samba#samba-readme
OS, Bootloader and Firmware Updates
- Several in our Internet-in-a-Box (IIAB) community choose to run the following quasi-weekly:
apt update apt dist-upgrade (or "apt upgrade" if you do not want a new kernel etc) apt clean (may be more comprehensive than "apt autoclean") apt autoremove (remove packages that were auto-installed to satisfy dependencies, but are no longer needed)
- Raspberry Pi 4, Raspberry Pi 5 and Raspberry Pi 400: Raspberry Pi OS automatically updates the bootloader for important bug fixes. If however manually updating the bootloader or changing the boot order proves necessary, consider Raspberry Pi Imager, raspi-config, or rpi-eeprom-update.
- Upgrading Raspberry Pi firmware is not recommended as the
rpi-updatecommand can be dangerous — it's far safer to wait for the next version of Raspberry Pi OS (available using theaptcommands above).
Security Blowback / Survival Tips
- If using an LMS, think carefully about "Student Privacy / Medical Confidentiality best practices prior to copying/re-provisioning an IIAB" in context with duplication techniques like "How do I back up, shrink & copy IIAB microSD cards?" in FAQ.IIAB.IO
