Questions related to security of data on the Raspberry Pi. Also includes questions on using it in a security system (e.g. as a firewall).
Questions tagged [security]
181 questions
7
votes
3 answers
Boot to Login Screen Raspberry
Currently the raspbian os we installed is not booting up with a login screen.
How can I boot it up to a login screen so that we can enter a username & password and so that it doesn't go directly to desktop?
CCK
- 181
- 2
- 3
- 8
5
votes
2 answers
How best to extend the PI with hardware decryption/encryption, TPM/HSM?
I am looking for a way to perform symmetric and/or asymmetric encryption on a separate chip (HSM) which can securely store encryption keys (write them to secure memory, perform encryption/decryption with them, but not ever be able to read them…
Smack Jack
- 51
- 1
- 5
5
votes
8 answers
Default login in Raspberry is not working, how to go back to config screen?
I disabled the auto-login on our Raspberry and on raspi-config changed it to boot to console instead of booting straight to desktop, now its asking us to login first before booting up to the desktop (which is what we want) now the problem is the…
CCK
- 181
- 2
- 3
- 8
3
votes
2 answers
how to make sure that some code is working on a rpi?
Is it possible to use some (signing) service from the rpi itself that would allow us to make sure of 2 things?
Code is running on a raspberry
Code is running on a certain raspberry box and not another (using the serial number and stuff).
I know…
eftshift0
- 750
- 1
- 7
- 12
2
votes
1 answer
What is the purpose of auto-login? Is it safe/secure?
Please excuse my ignorance. I have searched and I haven't found anything that addresses my question.
What is the purpose of auto-login and is it safe to enable?
I am using my Pi 3B to host a very light-weight RESTful API which I intend to expose…
tinonetic
- 133
- 4
2
votes
4 answers
Network Security Toolkit on a Raspberry Pi
I am planning on putting either the NST (http://www.networksecuritytoolkit.org/nst/index.html) on my Pi or just downloading a lot of similar tools and then using my Pi as a security device to monitor all the traffic on my network. Has anyone done…
clifgray
- 721
- 2
- 7
- 8
2
votes
1 answer
Detached Raspberry for secure key generation
I need to generate secure encryption keys but don't want to spend a lot of money on a dedicated Hardware Security Module. Would an air-gapped Raspberry with Raspbian be good for the job? Does it create true random numbers or would I need a true…
Gert-Jan
- 123
- 2
2
votes
1 answer
Can I use auditd on a Raspberry Pi?
auditd is a kernel demon that can snoop on users using your server. Can it be used on a Raspberry Pi?
leeand00
- 704
- 2
- 9
- 23
1
vote
1 answer
Strange things in my logs
So, I actually have set up my Raspberry Pi as a public web server. I have the port forwarding set up and my FTP and SSH can be accessed by me remotely.
Now I was looking around in my logs yesterday and found some alarming things in the auth.log…
0cean_
- 45
- 3
1
vote
3 answers
Securing the PI against an attacker with physical access
I want to use the PI for a commercial data logging device that reports the data back to a cloud based server via the internet. There will potentially be thousands of PI's that are physically installed at unsecure sites (like people's homes.)
I will…
jrjetski
- 11
- 2
1
vote
1 answer
Can malware persist in the Pi outside of the OS/SD card?
Please let me know if this question is more appropriate for Security.
What kinds of damage can an attacker with physical access to a Pi cause?
In a desktop PC or laptop, an attacker with physical access might be able to hide malware in, say the…
user942937
- 185
- 1
- 11
0
votes
2 answers
what did sudo passwd do
I was trying to change the default password for my raspberry pi and I used sudo passwd instead of just passwd. What did I change when I used sudo passwd?
It didn't even ask me to enter the current password. It just asked me to enter a new password…
Rod
- 117
- 1
- 6
0
votes
1 answer
Jessie standard users
I am trying to figure out if my raspi was meddled with and users where created. What is the list of users created by default on jessie? (Release date: 2017-01-11)
Here is a list from my machine after installing xrdp.
pi@p3:~ $ compgen…
Stowoda
- 446
- 3
- 9
0
votes
1 answer
Securing the Pi for use as a server
I want to use the Raspberry Pi 3 (B) as a web server and need SSH/VNC access. I will use VNC only over SSH, forwarding only port 22. Should I be worried about SSH? I removed user pi and created a new one with sudo privileges.
Is there a root…
user52575
0
votes
1 answer
How to secure my offline Raspberry Pi LAMP server against manipulation and copying?
I have spent a lot of time on researching on this topic but I haven't found any working solution for my problem respectively I'm not clear about some points.
My goal is to distribute a encrypted/copy-protected Raspberry Pi LAMP server (for…
DLLDevStudio
- 91
- 6