Jul 142013

Once you set up your system and connected it to the Internet, you’ve become visible to the wide world. And if you use your Pi (or any other machine to be honest) as a server, webcam, mail server, ssh server, you become vulnerable to outside attacks. To prevent yourself from loosing precious data (in some cases including even other devices connected to your home network), there are several things you should do to secure your system. The tutorial will be divided into parts, covering initial setup, firewall setup and web server security. It’s based on Raspbian Wheezy distro.

Part I – Update the System

1. Default Password

First of all, make sure you’ve changed the default user password. You can do this by logging into your Pi and typing passwd.

The command allows you to change the default password any time you want. You will be prompted for your existing password (the default being “raspberry”), then your new password twice. Once this is done then the next time you log in you will need to use the new password:

It is even a better idea to create another user account and not use the default pi at all. This would make your system more unique and prevent any attempts to hack it from outside.

To create your own user account do as follows:

In the command line, log in as root:


After that, we have to create password for our new user:

After finishing, type

to leave root session and log in as the newly created user. Now we will be able to use the unique username to log into our machine. We can delete the default pi account with no harm to the system with (as root, of course):

2. Kernel Update

We need to update the Raspberry Pi Unix Kernel (operating system’s heart), so that it supports the iptables firewall – so lets get the latest CA(Certificate Authority) certificates. We do so by typing in the command line:

3. rpi-update

Next, we should get the Hexxeh rpi-update program by running (the command should be run without any carriage returns):

as well as git-core (Kernel directory content management system), the main software to access the latest Unix build:

and perform the update the Raspberry Pi Kernel to the latest Unix build:

The update takes some time, so be patient and wait till your shell prompt (e.g. user@raspberrypi:~$) reappears.

4. Reboot

Once the update has finished, we should reboot our Raspberry by typing:


Remember, if you are logging in remotely to your Raspberry Pi, the session will drop, so wait about a minute and log back to your Pi.

That’s all as far as initial setup of your Pi.

In the next parts, we will cover:

  • Tom

    That’s very useful for me. I’ve just bought my Pi and want to make it into a webserver. The tips you gave would be useful for me, especially that I’m just a beginner in Linux. Thanks!

    • http://www.bartbania.com/ Bart Bania

      Glad I could help. Contact me if you have any problems.

  • Vincent Vega

    great tutorial! worked for me! thanks!

  • Pingback: Links: Raspberry Pi / Linux security series » TechNotes()

  • Anders

    Great tutorial!
    But you should add how to create a new user which can use sudo instead of the pi user and how to lock the pi users from logging in to your machine.
    Known user login is a great source of information to crack a computer fast.

    • http://www.bartbania.com/ Bart Bania

      good tip, especially that on some distros you have to create user yourself. point taken.

  • https://plus.google.com/112573076923795876260 mark thorson

    Brilliant thanks for the article I’m a Linux noob too and setting up my Pi as a owncloud server and node.js server so these tips are being applied right now!