I don't expose my RPi to the public internet (because my Ubuntu server is doing that and I can use it as a gateway to my RPi).
On Ubuntu I got UFW installed as part of the basic software. It's definitely the easiest way to fiddle with the kernel ip tables.
sudo apt-get update
sudo-apt-get install ufw
sudo ufw allow ssh
sudo ufw enablehttps://help.ubuntu.com/community/UFW
has lots of docs for it.
But beware, as soon as an SSH port is open you machine will be attacked from thousands of addresses all the time (changing to port 22222 doesn't work, security by obscurity isn't security). You'll also get a lot of unwelcome visitors hitting port 80 (search engines that don't read robots.txt are the worst, they suck bandwidth and cpu when they hit your webserver).
Here's my most recent unwelcome SSH visitor
- Code: Select all
Oct 18 14:52:47 the-doctor sshd: Failed password for root from 220.127.116.11 port 52850 ssh2
So you a) need to check for security fixes for sshd every single day b) you need to ensure that the root user has a password that isn't simple ("1234" or "password" or "root") or a dictionary word. http://xkcd.com/936/
Here's my the latest website hacker
- Code: Select all
error.log:[Fri Oct 18 01:03:01 2013] [error] [client 18.104.22.168] Invalid URI in request GET <title>phpMyAdmin HTTP/1.1
error.log:[Fri Oct 18 01:03:02 2013] [error] [client 22.214.171.124] File does not exist: /srv/www/homelinux/public-internet/phpmyadmin
They get blocked with a tool called fail2ban (which should work on an RPi since it's written in python).
To test what's open from your machine to the Public Internet head over to http://www.yougetsignal.com/tools/open-ports/
Hardware hacker on ZX80 and Microtan65
Mainframe database software support specialist since 1994.
Linux hacker since 1995.
RPi owner since 2012.
Tip of the day:Learn to touch type, it will save you 17 whole months of your life.