Home media hub, security cam system or just a straightforward project box – the Raspberry Pi is versatile and popular. But this popularity could lead to your Pi being hacked or even stolen, resulting in you losing time, effort and data. So what can you do about it?
Change Your Default Password
The default password for your Raspberry Pi should be changed. Often, it isn't, yet doing so is simple.
To change your Pi's password (assuming you're using Raspbian – for your favourite Pi-flavoured distro, check appropriate documentation) boot it up, open the Terminal and run
sudo raspi-config
to display the configuration tool.
Here, select the Change User Password option, and follow the instructions.
This is actually the simplest method of changing your Raspberry Pi password. The quickest is to just type
passwd
into the terminal, and input a new password when prompted; this method doesn't require the sudo command, as it is for the pi user that you are already signed in as. Note that when you input the password, no text is displayed on screen, keeping your new secret code safe.
If you were changing the password of a different account, then
sudo
would be required.
Which brings us to an interesting point: can you change the pi username as well?
Changing The Default Username
If an intruder has your username, they're half way to accessing your data. As such, you should change the pi username to something else.
As deleting the account could be dangerous without ensuring you have the correct permissions elsewhere, the best option is to create a new superuser account:
sudo useradd -m christian -G sudo
The -m condition creates a home directory for the user, while the second "sudo" adds the user to that group.
Next, enter:
sudo passwd christian
This will allow you to set a password for the new user (in this case, called "christian").
Your new account should now have the same permissions as pi, as both are in the sudo usergroup.
Before deleting pi, logout of the account and then login again using your new account, and attempt to run
sudo visudo
again. If successful, your account is ready to take command.
In the terminal, enter
sudo deluser pi
to delete just the user account. You can leave it there if you like, or also remove the /home/pi directory as well with
sudo deluser -remove-home pi
.
These are far better options than leaving the default pi/raspberry username/password combination intact, wouldn't you agree?
Firewalls And The Raspberry Pi
This ridiculously flexible little computer can be setup to act as a physical firewall, a first point of entry into your home network (or even in reverse, as a secure anonymous gateway to the world at large). However, this isn't what we're discussing in this guide.
Instead, we're looking at methods of securing your Raspberry Pi. Various software firewall apps are available for the Pi, but perhaps the most impressive is the powerful Firewall Builder, an easy-to-use GUI that will configure various firewalls including iptables, which is pretty tricky to setup correctly.
Install using
sudo apt-get update
sudo apt-get install fwbuilder
In the Raspberry Pi GUI (type
startx
in the command line to launch), you'll find Firewall Builder listed in the Other submenu. Follow the instructions to create your firewall, and save the script. For the best results you'll need to make sure that the script is loaded before your Pi connects to the network. To do this, open the /etc/network/interfaces script in a text editor and modify, adding:
pre-up /home/pi/fwbuilder/firewall.fw
Finally, add this to the section of the script marked Epilog:
route add default gw [YOUR.ROUTER.IP.HERE] eth0
This will ensure you can still reach the Internet. You're now done, and your Pi is secure from online intrusion!
A Raspberry Pi Under Lock & Key
That Raspberry Pi of yours is certainly an impressive box of tricks. A less trustworthy person might even be tempted to unplug it and squirrel it away in his pocket… if he didn't already own one!
Small dimensions do make this little computer extremely easy to pocket, so it is a good idea to keep it and your data under lock and key. When your Pi isn't in use, place it in a locked drawer; if it is switched on at all times you should similarly consider placing it in a locked container, albeit one with plenty of airflow.
Also, remember to make backups of your SD cards and any other connected data regularly, lest they be stolen or subverted.
Security: Raspberry Pi Style
Everyone with an Internet connection can use Google to find the default username and password of your Raspberry Pi. Don’t give intruders that opening – change your default credentials, and while you're at it, setup a firewall and make sure you have a safe place to store your Raspberry Pi!
Do you have any security tips to add for your Pi?