IOT: Bringing up Raspberry PI

For my IOT project, I'll have a Raspberry PI 3 (RPI) together with some Arduino units, where RPI will serve as a secure gateway to the Internet.

The first step is to bring up the RPI and configure it for a monitor with landscape orientation.

Step 1: Protecting the RPI

Even though some of the circuits are covered, I'm still working with open electronics, that can be damaged just by me touching it. To protect the circuits, I've build a simple box in Lego, where I can still reach the USB and HDMI ports. 

Step 2: Disconnecting the Mouse and Keyboard - Bringing up SSH

I want to use the RPI without keyboard, mouse and monitor. To still be able to control the RPI, I had to install and configure SSH using this instruction.

After a reboot, I discovered that the SSH client (Windows 10/WSL/Ubuntu) timed out when trying to connect to RPI. The SSH client in DOS (Windows 10) worked fine, but I need to understand what happened to the WSL SSH client. 

Step 3: Disconnecting the Monitor - Bringing up Virtual Desktop

It is easy to install the VNC server using apt-get.

Any client will do, I selected RealVNC Viewer.

The desktop is configured for portrait mode.

Step 4: Setting a Static IP address for the RPI

I'm following the guide from raspberrytips.com. The router's IP address is  192.168.X.Y (I won't disclose details regarding my network).

The desired IP address will be 192.168.X.Z and the MAC address is Q. Now, I know enough to set the RPI to have the same IP address. In the file /etc/dhcpcd.conf, I added the following lines:

My typo on the third row disabled internet access to the RPI.
It should be routers.

Finally, I made a reservation for my RPI in my DLink router to ensure that no other device will get the same IP number.

With these changes, the RPI will always get the same IP on this network.

Step 5: Firewall and Antivirus

I'm following the Raspberry PI guide for security.

There is a discussion in the Linux community whether antivirus or firewalls are needed for Linux. Those who say that it isn't needed mean that there are very few viruses targeting Linux. To me, it sounds like "famous last words".

For my system, I personally don't see a great threa.t - I don't save any personal data on my mini computer. I will install it anyways for curiosity. I installed clam antivirus and the iptables/ufw firewall.

I created a new user with root privileges. When trying to ssh to the RPI, I was rejected. I had to add the user to the AllowUsers tag in /etc/ssh/sshd_config file.

Another measure to increase security of the RPI would be to change the SSH port number (default port is 22). Then, an attacker would need to scan the different ports for a SSH connection. Changing port number can be done by editing /etc/ssh/sshd_config.

Conclusion:

Now, the RPI is up and running with an acceptable security. I have a grip on the basics on the Arduino and I've been able to setup a project with a LCD display, several LED's, a potentiometer and a push button. 

The next step will be to connect a 8$ web camera to the Raspberry PI and to set up a web server on that micro computer.