Security

From Internet in a Box

Some security tips — that will become more professional as time goes on:

  1. Please confirm your passwords are secured.
  2. Consider the strategies below to help secure your OS (downloading and/or semi-automatically installing recent security patches & updates). That is IF you find a reasonably fast Internet connection for your IIAB, and are willing to take certain risks with packages/versions occasionally/potentially colliding.
  3. Please read more about the iiab-admin Linux user and group, which allow you to log in to IIAB's Admin Console:
  4. If OpenVPN is installed, developers' ssh keys are also installed to enable remote login, for remote support during Beta programs and similar. You can disable this feature by running: sudo rm -f /root/.ssh/authorized_keys. NOTE: If you later ask Internet-in-a-Box to reinstall OpenVPN, please note that developer keys will be reinstalled.
  5. If you use Samba file sharing, see also: https://github.com/iiab/iiab/tree/master/roles/samba#samba-readme

OS "apt" Updates

  • Several in our Internet-in-a-Box (IIAB) community choose to run the following quasi-weekly:
  apt update
  apt dist-upgrade    (or "apt upgrade" if you do not want a new kernel etc)
  apt clean           (may be more comprehensive than "apt autoclean")
  • Finally, remove packages that were auto-installed to satisfy dependencies, but are no longer needed:
  apt autoremove
  • Raspberry Pi 4, Raspberry Pi 5 and Raspberry Pi 400: Raspberry Pi OS automatically updates the bootloader for important bug fixes. If however manually updating the bootloader or changing the boot order proves necessary, consider Raspberry Pi Imager, raspi-config, or rpi-eeprom-update.
  • Upgrading Raspberry Pi firmware is not recommended as the rpi-update command can be dangerous — it's far safer to wait for the next version of Raspberry Pi OS (available using the apt commands above).

Security Blowback / Survival Tips

Retrieved from "http://wiki.iiab.io/index.php?title=Security&oldid=771"