RaspDAB/Some steps to increase security and create a new user

From Opendigitalradio
Revision as of 17:21, 2 July 2017 by Glokhoff (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Once you have installed Raspbian you should make some changes to the settings of the Raspberry Pi. So go to the applications main menu by clicking on the raspberry in the upper left, select 'Preferences' and go to the Raspberry Pi configuration program.

In the 'System' tab you should increase the file system - if not already done -, so all available empty space on the SD card can be used for the file system. You should also change the password for the default user 'pi'. This is by default 'raspberry', which is well known, so at least you should change this as a first security measure (and be sure to remember it, so please note it somehow). You can set a hostname, which is easy to recognize the unit in a network. Normally one would start with the desktop, but de-select automatic login as user 'pi'. I selected 'wait for network' during start up, as I want to make sure the network is up and stable before the DAB software starts. Set the remaining items on the tab to your liking.

On the 'Interfaces' tab I only enabled the VNC interface, such that it is possible to control the system remotely using a VNC viewer.

Finally, set all items on the 'Localization' tab to their correct value. Especially the time setting will be used to copy the time to the DAB signal. You will have to reboot to activate these settings.

If you want, you can add or remove certain programs from the main menu using the main menu editor in the preferences category. This will e.g. enable you to install a graphical software packet update program.

Some checks

Now select the add/remove software program, and check that git and gcc (GNU C Compiler) are installed, by entering these names and wait until you see a checkmark to confirm.

In most cases it is convenient to set the IP address of the interface you use (the Ethernet cable is preferred, for reason of stability - in that case disable the Wifi) to a fixed one, so EasyDAB can later find it easily. You can access the settings menu by right clicking on the 2 arrows or Wifi symbol in the upper right corner.

UPDATE: Since apparently Raspbian has been updated, it seems you might get a message that the file /etc/dhcpcd.conf cannot be saved. You may want to check http://elinux.org/RPi_Setting_up_a_static_IP_in_Debian . Or https://www.modmypi.com/blog/how-to-give-your-raspberry-pi-a-static-ip-address-update

You may want to disable WiFi and Bluetooth altogether for an installation that is to run reliably. This can be done by adding overlays to the /boot/config.txt file, such as

  dtoverlay=pi3-disable-bt
  dtoverlay=pi3-disable-wifi

See https://github.com/raspberrypi/firmware/blob/master/boot/overlays/README

If you have a small display you may also prefer to remove the mathematica and wolfram startup icons in the taskbar. You can access the taskbar settings menu by right clicking on the taskbar.

Adding a new user

Next we are going to add a new user so the DAB software doesn't run under the default user account. Open a terminal console window by double clicking on the black rectangular icon with the prompt symbol >_ in the upper left corner. You will see the user name and computer name (pi@raspberrypi), an indication of the current directory (~ , meaning the user's home directory) and the dollar sign. We will use the $ sign also in this guide to indicate command you have to type (so don't type the first $ sign itself, just what is shown after it).

To add the new user type

   $ sudo adduser USERID

Instead of USERID you just type any name for the new user you can think of. Make it something you can remember easily, but shouldn't be too obvious so it is difficult to guess. In the examples here we use 'odr' as it is also used in many scripts and other documentation, but for security you better use something else. You will have to provide a new password for the new user account. Don't make it the same as for the user 'pi' ! Some user details can be provided as well, but this is not mandatory.

Next we need to ensure the new user can also run commands as superuser. This is done by editing the file /etc/sudoers using the visudo program:

   $ sudo visudo -f /etc/sudoers

This opens a simple text editor that can be used to change the file. You will have to scroll down to the line under the line

   root    All=(ALL:ALL) ALL

Add a similar line but change 'root' into the USERID you have chosen. Save the change by pressing CTRL and O ("CTRL+O") simultaneously, confirm the filename by pressing ENTER and exit the editor using CTRL+X .

Next it is time to reboot and log in as the new user, and install the OpendigitalRadio software.

Personal tools