Howto configure a basic debian server on a Raspberry Pi

Requirements

Raspberry Pi & power supply
LAN connection with DHCP & Internet access
SD-card with newest Raspbian

Installation steps

boot up the Raspberry Pi
login through ssh console (user: pi / password: raspberry)
```
ssh pi@10.{x}.{x}.{x}
```
use raspi-config for some basic configurations
1. Expand Filesystem
2. Internationalisation Options
  1. Change locale to „en_GB.UTF-8 UTF-8“
  2. Change Timezone to „Europe/Berlin“
3. Advanced Options
  1. Hostname - set to „{xyz}.b9h.de“
  2. Memory Split - set to „16“
  3. Update
update firmware
```
rpi-update
```
reboot the Raspberry Pi
```
reboot
```
login through ssh console
```
ssh pi@10.{x}.{x}.{x}
```
get root console
```
sudo su -
```
remove unnecessary packages
```
apt-get purge squeak-vm wolfram-engine
```

remove desktop environment

apt-get purge consolekit desktop-base* desktop-file-utils* gnome-icon-theme* gnome-themes-standard* hicolor-icon-theme* leafpad* lxde* lxde-core* midori* xserver-common* xserver-xorg* xserver-xorg-core* xserver-xorg-input-all* xserver-xorg-input-evdev* xserver-xorg-input-synaptics* xserver-xorg-video-fbdev* openbox obconf menu omxplayer

clean up package dependencies
```
apt-get autoremove
```
update package repositories
```
apt-get update
```
upgrade all packages to newest version
```
apt-get dist-upgrade
```

enable watchdog kernel module

echo "bcm2708_wdog" | sudo tee -a /etc/modules && modprobe bcm2708_wdog

install additional packets

 apt-get install vim-nox dnsmasq htop iftop nmap exim4-daemon-light uptimed dnsutils wget curl ntpdate mc fail2ban logwatch apticron watchdog git locate

add new user
```
adduser benh
```
change console to new user
```
su - benh
```
create ssh config directory
```
mkdir .ssh
```

add public ssh key to authorized_keys

vi .ssh/authorized_keys

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5r9mj5lsBX55o2Cdv/57v5cH4GOJoZyIwC21tAvPEhzHM8AjD4M6HzlVazGS1pPcC/zm1uXUH6OUTmnphuyTDYmW1YS11PAeB5FmntSwgBQjgorJeEcGsK1Bw9qHCN9kddu2PS6By90+ihydCBMetCC4uAXCxtyClSGGjKT2QRpg+iXpYWSPIeAyEVEvtQPxfrgQz0+ZyXPJD1rcmT1Gs++Xume9w7hw3Aon07ZExJDVH/VF3Ro6P/91+WdvlIxBFgIBSVzr3OTLfM4OzKdnl2XpbKhZsjiRahpat3eNaB99tqfPxyH9Ai/W7lv1crBLBeY4ftu14n0ep6qLiVs//Q== benh@tux

restrict access rights of authorized_keys
```
chmod go-r .ssh/authorized_keys
```
set system default editor to vim-nox
```
update-alternatives --config editor
```
add new user to system group 'sudo'
```
usermod -a -G sudo benh
```
remove default user 'pi' from 'sudo' group
```
deluser pi sudo
```
disable sudo rights of pi
```
visudo
```
```
#pi ALL=(ALL) NOPASSWD: ALL
```

enable history search with „page up“/„page down“

vi /etc/inputrc

# alternate mappings for "page up" and "page down" to search the history
    "\e[5~": history-search-backward
    "\e[6~": history-search-forward

replace bashrc „/etc/ssh/bashrc“
```
vi .bashrc
```

configure hosts file

vi /etc/hosts

comment the hostname→localhost line
```
#127.0.1.1       obadja.b9h.de
```

add a line with hostname→ip

10.{x}.0.200    obadja.b9h.de obadja.localnet obadja

add ssh login notification script „/etc/ssh/sshrc“
```
vi /etc/sshrc
```

redirect root mails to operator

echo -e "root: operator\noperator: [email protected]" >> /etc/aliases && newaliases

send cron notifications by mail
```
vi /etc/crontab
```
```
MAILTO=operator
```

add cronjob to scan for unwanted .sshrc files in home directories

vi /etc/crontab

#scan for unwanted sshrc-files and delete them
*/5 *   * * *   root    find /home -type f -name ".sshrc" -maxdepth 1 -print -exec rm {} \;

send notification after system start

vi /etc/rc.local

#send mail notification
echo -e "`hostname --fqdn`\n`date`\nsystem is running" | mail -s"`hostname --fqdn` - system is running" operator

set correct mailname

vi /etc/mailname

b9h.de #remove the hostname

hardening proc filesystem (hide foreign processes from normal users)

vi /etc/fstab

proc                    /proc                   proc    defaults,hidepid=2        0 0