Raspberry pi tips


Raspberry Pi Tips

Add New user and remove pi

For security reasons its better to remove the default “pi” user and setup your own username.

Adding new user

sudo adduser newuser
sudo usermod -aG sudo newuser
sudo usermod -aG docker newuser
sudo usermod -aG adm newuser
sudo usermod -aG dialout newuser
sudo usermod -aG audio newuser
sudo usermod -aG video newuser
sudo usermod -aG plugdev newuser
sudo usermod -aG games newuser
sudo usermod -aG users newuser
sudo usermod -aG input newuser
sudo usermod -aG netdev newuser
sudo usermod -aG spi newuser
sudo usermod -aG i2c newuser
sudo usermod -aG gpio newuser

Delete pi user

sudo deluser pi

Disable no password sudo for pi

cd /etc/sudoers.d
sudo nano 010_pi-nopasswd

comment the line by adding # in front of pi ALL=(ALL) NOPASSWD: ALL

SSH hardening

SSH server configs can be adjusted by editing “/etc/ssh/sshd_config”

sudo nano /etc/ssh/sshd_config

Disable remote login

Set PermitRootLogin yes to ‘no’

set PermitRootLogin no

We can enable more ssh security settings like allowing/denying specific users, passwordless login and fail2ban if we want to blacklist logins after a certain number of attempts etc. Instructions are available at official raspberry pi site https://www.raspberrypi.org/documentation/configuration/security.md

Disable root login

To completely disable root-access, either lock it via

passwd --lock root 

or remove the password by executing

passwd -d root

Disable swap

sudo dphys-swapfile swapoff && \
sudo dphys-swapfile uninstall && \
sudo update-rc.d dphys-swapfile remove

If swap is disabled successfully then the below command should return empty response.

sudo swapon --summary

Install Docker

Docker provides a convenience script to install for rpi boards. This will install all the required dependencies and set up docker.

curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh

Assign docker group to current logged in user. This will give full root access to user so take necessary precautions before giving super access.

sudo usermod -aG docker $USER

Try checking docker info to see if we have missing memory and swap support

docker info

Sample response trimmed to show only warnings.

WARNING: No memory limit support
WARNING: No swap limit support
WARNING: No kernel memory limit support
WARNING: No oom kill disable support
WARNING: No cpu cfs quota support
WARNING: No cpu cfs period support

To fix this edit the startup cmdline txt using below command and append the following before “rootwait” and reboot the system.

sudo nano /boot/cmdline.txt
cgroup_enable=memory swapaccount=1

Check docker info after reboot

docker info

We should see something similar to below output.

WARNING: No swap limit support
WARNING: No cpu cfs quota support
WARNING: No cpu cfs period support