Take Back the Darknet (Part 4) – McRetro.net

Take Back the Darknet (Part 4)

Part 4 – Hardening Your Pi

Hardening, important for the sake of reducing attack vectors! First off we’ll create a new user and then delete the “pi” user that comes preinstalled.

Log back in via SSH / Terminal / PuTTY
ssh [email protected]

Think of a new username. Could be your name or something a bit more fun. I’ll be using “tim” as my example.
sudo adduser tim
When prompted for a password, make a very long complicated password (or even passphrase). You could also use a password generator. This will be your new username and password to login via SSH in the future. Don’t forget it!

Now we have a new user, but it doesn’t have any of the previously existing permissions that the “pi” user has. Let’s have a look at what we are missing out on.
groups pi
groups tim

See the difference? We can see tim is only a member of the group tim. Such lonely. We can fix that by issuing the following commands.

sudo adduser tim sudo
sudo adduser tim adm

Now tim is an admin user and can use sudo. We will be deleting the pi user, so it’s probably safer to add all those other groups listed under the “groups pi” command to the tim user. Just enter them one at a time and when done type.

groups tim
It should look the same as (with the exception of the tim/pi group)

groups pi

I can’t remember if this next step was necessary or not but ended up doing it anyway (and so should you… probably!)
sudo visudo

Add the following just under the pi user.
tim ALL=(ALL) NOPASSWD: ALL
Finally close the remote connection and log out of the pi user by typing
exit

Try logging in with your newly created user
ssh [email protected]

If it successfully logged you in, we can delete the pi user for good using the following commands
sudo deluser pi

and trash the home folder
sudo rm -rf /home/pi

Past cool, now we have a new user and some things are configured. We will revisit hardening later on (Metapod used Harden!) for other pieces of software yet to be installed.

Advance onward to part 5 or head back to the table of contents on page 1.


Creative Commons License Netscape Internet Explorer ICQ Powered by Debian! Tor - Anonymity Online mIRC for all! Do Only Good Everyday!

Established February 2012 and was last updated 14th of December 2024. You are visitor number Counter since sometime in the mid-1990s. We are powered by a Raspberry Pi.
:BIGGAYROLL: