Raspberry PI: Raspbian – Security Hardening

First we will want to secure the users

Create a new root user for yourself

Type: sudo adduser username

this will ask you twice for a password for the new user, after that it will ask you more questions you can use the default answer by hitting enter on each question.

Now we will add the group sudo to the user you just created

Type: sudo adduser username sudo

You are ready to use the user you just created

Type: logout

Log back in as the user you just created

Next you will edit /etc/sudoers as follows the pi line is at the bottom of the file

Type: sudo nano /etc/sudoers

#pi ALL=(ALL) NOPASSWD: ALL

Verify no accounts have empty passwords

Type: sudo awk -F: '($2 == "") {print}' /etc/shadow

If you find a user with an empty password use the following to lock the account

Type If: sudo passwd -l username

You may unlock the account later by typing the following

Type If: sudo passwd -u username

Next we will make sure only the root user has a UID of 0

Type: sudo awk -F: '($3 == "0") {print}' /etc/passwd

If you see other lines, delete them or make sure other accounts are authorized by you to use UID 0.
[How do we delete them?]

Make sure the root account is disabled

Type: sudo passwd -l root

Delete the user pi

Type: sudo deluser --remove-home pi

You will get a message: Warning: group `pi’ has no more members. Don’t worry the above command deletes the pi group automatically.

Get rid of excess programs

Get a list of installed packages

Type: dpkg --get-selections

For a more specific package search

Type: dpkg --get-selections | grep xserver

Get rid of LXDE

Type: sudo apt-get remove --purge lxappearance lxde-common lxde-icon-theme lxinput lxmenu-data lxpanel lxpanel-data lxpolkit lxrandr lxsession lxsession-edit lxshortcut lxtask lxterminal

Get rid of X Windows

Type: sudo apt-get remove --purge xserver-xorg xserver-xorg-input-all xserver-xorg-input-evdev xserver-xorg-input-synaptics xserver-common xserver-xorg-core xserver-xorg-video-fbdev xserver-xorg-video-fbturbo x11-common x11-utils x11-xkb-utils x11-xserver-utils xarchiver xauth weston ttf-dejavu-core xkb-data fontconfig fontconfig-config fonts-freefont-ttf gnome-themes-standard-data gstreamer1.0-alsa gstreamer1.0-libav gstreamer1.0-omx gstreamer1.0-plugins-base dbus-x11

Get rid of wireless programs

Type: sudo apt-get remove --purge wireless-tools wpasupplicant

Get rid of Samba

Type: sudo apt-get remove --purge smbclient samba-common

Get rid of Audio support

Type: sudo apt-get remove --purge alsa-base alsa-utils

Get rid of Python

Type: sudo apt-get remove --purge python python-gi python-minimal python-numpy python-picamera python-pifacecommon python-pifacedigitalio python-rpi.gpio python-serial python-support python2.7 python2.7-minimal python3 python3-minimal python3-numpy python3-picamera python3-pifacecommon python3-pifacedigital-scratch-handler python3-pifacedigitalio python3-rpi.gpio python3-serial python3.2 python3.2-minimal

Get rid of Git

Type: sudo apt-get remove --purge git git-core git-man

Get rid of other programs (make sure nothing you use is in this list these are programs like text editors and shells that I didn’t want or need)

Type: sudo apt-get remove --purge smartsim minecraft-pi penguinspuzzle udisks freepats ed vim-common vim-tiny java-common

Now clean up any missed packages

Type: sudo apt-get autoremove –purge

After programs are removed we will want to perform a system upgrade

We begin by updating the package list

Type: sudo apt-get update

If you are asked are you sure press Y then enter.

When this has completed we upgrade the system

Type: sudo apt-get upgrade

If you are asked are you sure press Y then enter.