tags: - raspberry pi - setup categories: - informational comments: true

date: 2021-12-25 00:00:00


Configuration changes to make on new raspberry pi - raspbian systems.


Ensure rfkill is disabled

vi /etc/profile.d/wifi-check.sh
exit 0



System changes


systemctl disable wpa_supplicant
export EDITOR=vi
set -o vi
export TMOUT=900
readonly TMOUT
set syntax=on

systemctl status unattended-upgrades systemctl enable unattended-upgrades

user management

passwd -d ubuntu

* Disable dsa key in sshd and remove dsa keys

``` comment in /etc/ssh/sshd_config
# HostKey /etc/ssh/ssh_host_dsa_key

rm /etc/ssh/ssh_host_dsa_key*

* Disable depreciated setting and disable forwarding

``` add/change in /etc/ssh/sshd_config
# UsePrivilegeSeparation yes
AllowAgentForwarding yes
AllowTcpForwarding yes
GatewayPorts no
X11Forwarding yes

* Check sshd configuration

/usr/sbin/sshd -t

## Network primary - /etc/network/interfaces.d/eth01 

* /etc/network/interfaces.d/eth0

auto eth0
iface eth0 inet static
address x.x.x.x
gateway x.x.x.x

* disable dhcpcd client

systemctl disable  dhcpcd.service

* ntp

/etc/systemd/timesyncd.conf:NTP=x.x.x.x y.y.y.y

systemctl status systemd-timesyncd.service

* rng

systemctl status rng-tools.service

## Monitoring (not done)

install and enable logcheck? logwatch?

~~~ /etc/motd

System: Move heavy writes to USB drive (to save sdcard)