securing raspberry PI - Raspberry Pi Forums
i running pi directly public ip aaa.bbb.yyy.zzz/32.
@ moment machine lab, run:
-webmin
-ssh key login
-nginx webserver
-email server (exim) email me of status updates
of mentioned services run pi , whoever enters aaa.bbb.yyy.zzz on browser site comes live.
lost iptables secure box of unwanted access apart whoever has ssh-key.
guidance please secure box.
@ moment machine lab, run:
-webmin
-ssh key login
-nginx webserver
-email server (exim) email me of status updates
of mentioned services run pi , whoever enters aaa.bbb.yyy.zzz on browser site comes live.
lost iptables secure box of unwanted access apart whoever has ssh-key.
guidance please secure box.
install ufw through apt-get, it's front end ip tables , it's easy use. have machine locked down specific ips through (seeing they're static).
****** make sure have physical access pi before enabling ufw, failure may lock out if you're connecting via ssh, if colo'd please careful. *******
ufw enable
once you've installed , enabled it, make sure allow access lan - in case it's 192.168.2.0/24 (so ip address thats 192.168.2.0-255) allowed access. command "ufw allow 192.168.2.0/24"
same command can used people connecting - "ufw allow xxx.xxx.0.0/16" allow connections xxx.xxx.* - case of mobile telephone, last 3 octets change, chance of else connecting server mobile provider on specific port limited.
want "ufw default deny incoming" - believe default rule allows outgoing connections default, there shouldn't issue there.
suggest change ssh port little more obscure 22.
rough guide, gives little , may manage iptables without remember long chains.
there little tutorial on website (see sig) aswell show how block entires countries ip address (in order stop of automated scanning/hacking attempt's you'll face).
issues - give me shout , i'll try help.
cheers.
****** make sure have physical access pi before enabling ufw, failure may lock out if you're connecting via ssh, if colo'd please careful. *******
ufw enable
once you've installed , enabled it, make sure allow access lan - in case it's 192.168.2.0/24 (so ip address thats 192.168.2.0-255) allowed access. command "ufw allow 192.168.2.0/24"
same command can used people connecting - "ufw allow xxx.xxx.0.0/16" allow connections xxx.xxx.* - case of mobile telephone, last 3 octets change, chance of else connecting server mobile provider on specific port limited.
want "ufw default deny incoming" - believe default rule allows outgoing connections default, there shouldn't issue there.
suggest change ssh port little more obscure 22.
rough guide, gives little , may manage iptables without remember long chains.
there little tutorial on website (see sig) aswell show how block entires countries ip address (in order stop of automated scanning/hacking attempt's you'll face).
issues - give me shout , i'll try help.
cheers.
raspberrypi
Comments
Post a Comment